CVE-2017-9548

admin.php in BigTree through 4.2.18 has a Cross-site Scripting XSS vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is scheduled for future publication aka a...

Design/Logic Flaw

admin.php in BigTree through 4.2.18 allows remote authenticated users to cause a denial of service inability to save revisions via XSS sequences in a revision name...

CVE-2017-9547

admin.php in BigTree through 4.2.18 has a Cross-site Scripting XSS vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication aka ...

CVE-2017-9546

CVE-2017-9546 concerns BigTree CMS prior to 4.2.19 (BigTree 4.2.18 and earlier). The vulnerability exists in admin.php and allows remote authenticated users to trigger a denial of service by supplying crafted XSS sequences in a revision name, causing an inability to save revisions. Connected sour...

CVE-2017-9546

admin.php in BigTree through 4.2.18 allows remote authenticated users to cause a denial of service inability to save revisions via XSS sequences in a revision name...

CVE-2017-9548

admin.php in BigTree through 4.2.18 has a Cross-site Scripting XSS vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is scheduled for future publication aka a...

CVE-2017-9548

Summary: CVE-2017-9548 affects BigTree CMS up to version 4.2.18 (BigTree). The vulnerability is a cross-site scripting (XSS) flaw in admin.php that allows remote authenticated users to inject arbitrary script or HTML by using the Home Template Edit Page action and setting the Navigation Title for...

CVE-2017-9452

CVE-2017-9452 describes a cross-site scripting (XSS) vulnerability in the Piwigo web photo gallery. The issue is in the admin.php handler where the parameter page can be manipulated to inject arbitrary script or HTML. Affected software: Piwigo 2.9.0 and earlier. Impact: remote attackers could exe...

FineCMS Cross-Site Scripting Vulnerability (CNVD-2017-10156)

FineCMS is a content management system CMS developed using MVC architecture and PDO database interface. A cross-site scripting vulnerability exists in the sitename parameter in the admin.php script of FineCMS 2017-05-28 and earlier versions. An attacker can exploit this vulnerability to inject...

Cross site scripting

andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php...

CVE-2017-9251

andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php...

CVE-2017-9251

andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php...

CVE-2017-9251

FineCMS prior to 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter of admin.php. The vulnerability is confirmed across multiple sources; the root cause is unsanitized input reflected in the sitename field. Impact is XSS (arbitrary script/HTML execution) in affected pages. Expl...

Piwigo cross-site scripting vulnerability (CNVD-2017-08783 )

Piwigo is a web-based photo album software from the Piwigo team. The software supports photo publishing, management, multiple browsing options categories, tags, time and more. A cross-site scripting vulnerability exists in the admin.php file in Piwigo 2.9.0 and earlier versions. A remote attacker...

Wordpress Plugin Single Personal Message SQL Injection Vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . A SQL injection vulnerability exists in the message parameter of the admin.php page of the Wordpress plugin Sing...

groentenonline.nl XSS vulnerability

Vulnerable URL: http://www.groentenonline.nl/admin.php?error=%22%22/%3E%3Cimg%20src=x%20onerror=prompt/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 02.09.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / No...

CVE-2003-0589

CVE-2003-0589 affects Digi-ads 1.1 where admin.php allows remote authentication bypass by sending a cookie with the username set to the administrator’s name. The root cause is an improper condition in admin.php that does not require a correct password, enabling an attacker to gain admin access vi...

CVE-2003-0589

admin.php in Digi-ads 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password...

Simple Blog PHP 2.0 - SQL Injection

Simple Blog PHP 2.0 - SQL Injection ===================================================== Simple Blog PHP 2.0 - SQL Injection ===================================================== Vendor Homepage: http://simpleblogphp.com/ Date: 13 Oct 2016 Demo Link : http://simpleblogphp.com/blog/admin.php...

Simple Blog PHP 2.0 - SQL Injection

===================================================== Simple Blog PHP 2.0 - SQL Injection ===================================================== Vendor Homepage: http://simpleblogphp.com/ Date: 13 Oct 2016 Demo Link : http://simpleblogphp.com/blog/admin.php Version : 2.0 Platform : WebApp - PHP...