CVE-2018-2446

Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information server name, hence leading to an information disclosure...

Information disclosure

Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information server name, hence leading to an information disclosure...

CVE-2018-2446

Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information server name, hence leading to an information disclosure...

Grav CMS system/src/Grav/Common/Twig/Twig.php file cross-site scripting vulnerability

Grav CMS is a scalable CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. A cross-site scripting vulnerability exists in the system/src/Grav/Common/Twig/Twig.php file in Grav CMS version 1.3.0. A remote attacker can inject...

Cross site scripting

Cross-site scripting XSS vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin/tools...

CVE-2018-5233

Cross-site scripting XSS vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin/tools...

CVE-2018-5233

Grav CMS

CVE-2018-5233

Cross-site scripting XSS vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin/tools...

CVE-2017-16514

Multiple persistent stored Cross-Site-Scripting XSS vulnerabilities in the files /wb/admin/admintools/tool.php Droplet Description and /install/index.php Site Title in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in t...

CVE-2017-1000213

WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=usersearch...

CVE-2017-1000213

WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=usersearch...

Cross site scripting

A cross-site scripting XSS vulnerability in the MantisBT Move Attachments page moveattachmentspage.php, part of admin tools allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection CSP settings allows it. This is fixed in 1.3.9, 2.1.3, an...

CVE-2017-7241

A cross-site scripting XSS vulnerability in the MantisBT Move Attachments page moveattachmentspage.php, part of admin tools allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection CSP settings allows it. This is fixed in 1.3.9, 2.1.3, an...

CVE-2017-7241

CVE-2017-7241 is an XSS vulnerability in MantisBT, triggered via the move_attachments_page.php in the admin tools. The issue allows injection of arbitrary code through a crafted 'type' parameter, contingent on CSP settings. It is mitigated by upgrading mantisbt/mantisbt to 1.3.9, 2.1.3, or 2.2.3 ...

Kaltura server cross-site scripting vulnerability

Kaltura is an open source online video platform. kaltura server is one of the servers. A cross-site scripting vulnerability exists in the Kaltura server Lynx-12.11.0 version, which stems from the program failing to adequately filter user submissions to 'adminconsole/web/tools/SimpleJWPlayer.php',...

ipa security update

CentOS Errata and Security Advisory CESA-2016:1797 An update for ipa is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 dataCategorytitle parameter to admin/categories/add, 2 dataFieldtitle parameter to admin/fields/ajaxfields/, 3 name property in a basicInfo JSON object to...

CVE-2014-9243

Multiple cross-site scripting XSS vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to wb/admin/admintools/tool.php or 2 sectionid parameter to editmodulefiles.php, 3 news/addpost.php, 4 news/modifygroup.php, 5...

CVE-2014-9243

Multiple cross-site scripting XSS vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to wb/admin/admintools/tool.php or 2 sectionid parameter to editmodulefiles.php, 3 news/addpost.php, 4 news/modifygroup.php, 5...

web_admin_tools /yb/yb.php 代码执行漏洞

No description provided by source...