1593 matches found
CVE-2018-16729
Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages-manage under admin.php?action=files...
CVE-2018-16729
Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages-manage under admin.php?action=files...
CVE-2018-16729
Pluck CMS 4.7.7 is vulnerable to cross-site scripting via an SVG file containing Javascript in a SCRIPT element, uploaded through pages->manage under admin.php?action=files. The flaw is caused by how SVGs are handled, enabling XSS. Exploitation details are not provided in the documents; no pat...
bloggen.be XSS vulnerability
Open Bug Bounty ID: OBB-674630 Description| Value ---|--- Affected Website:| bloggen.be Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Cross site request forgery (csrf)
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftpsave...
CVE-2018-16732
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftpsave...
CVE-2018-16449
CVE-2018-16449 affects OneThink 1.1.141212, enabling cross-site request forgery (CSRF) to perform admin actions: adding a page (admin.php?s=/Channel/add.html), adding a blog (admin.php?s=/Article/update.html), and changing audit state (admin.php?s=/Article/setStatus/status/1.html). The connected ...
CVE-2018-16338
An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic...
CVE-2018-16337
An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save...
Cross site request forgery (csrf)
admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password...
CVE-2018-16331
admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password...
CVE-2018-16331
The CVE-2018-16331 entry concerns DamiCMS v6.0.0 where the admin.php?s=/Admin/doedit endpoint is vulnerable to CSRF, enabling an attacker to change the administrator password. The related connected records confirm: (1) affected software and version (DamiCMS 6.0.0), (2) the vulnerability type (CSR...
CVE-2018-16331
admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password...
Design/Logic Flaw
In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add...
CVE-2018-16315
CVE-2018-16315 affects waimai Super Cms 20150505 with a CSRF weakness that allows an attacker to alter configuration through admin.php?m=Config&a=add. The CNVD/CVE records describe remote exploitation that enables configuration changes via crafted requests; NVD notes CSRF vector affecting configu...
CVE-2018-16237
An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI...
CVE-2018-16238
An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html file...
Directory traversal
An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI...
CVE-2018-16237
An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI...
Design/Logic Flaw
An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html file...