1599 matches found
CVE-2024-48708
Collabtive 3.1 is vulnerable to Cross-Site Scripting XSS via the name parameter in a file tasklist.php under action = add/edit and in b file admin.php under action = adduser/edituser...
CVE-2024-48708
Collabtive 3.1 is vulnerable to Cross-Site Scripting XSS via the name parameter in a file tasklist.php under action = add/edit and in b file admin.php under action = adduser/edituser...
CVE-2024-46240
CVE-2024-46240 affects Collabtive 3.1. The vulnerability is a Cross-site Scripting (XSS) flaw in admin.php, exploitable via the name parameter under action=system and the company/contact parameters under action=addcust. Root cause: XSS in these input points. The connected sources confirm Collabti...
CVE-2024-48707
Collabtive 3.1 is vulnerable to Cross-site scripting XSS via the name parameter under a action=add or action=edit within managemilestone.php file and b action=addpro within admin.php file...
CVE-2024-48707
CVE-2024-48707 affects Collabtive 3.1. The vulnerability is an XSS in the web UI triggered by the name parameter in two endpoints: (a) managemilestone.php when action=add or action=edit, and (b) admin.php when action=addpro. The underlying cause is unsanitized/unvalidated input in these parameter...
CVE-2024-46240
Collabtive 3.1 is vulnerable to Cross-site scripting XSS via the name parameter under action=system and the company/contact parameters under action=addcust within admin.php file...
CVE-2024-9083
SourceCodester Employee Management System 1.0 is affected. The vulnerability lies in /Admin/add-admin.php where improper handling of the txtfullname parameter enables cross-site scripting. It can be triggered remotely and the exploit has been disclosed publicly. There are no patch/version details...
CVE-2024-9083 SourceCodester Employee Management System add-admin.php cross site scripting
A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file /Admin/add-admin.php. The manipulation of the argument txtfullname leads to cross site scripting. It is possible to initiate the attack remotely. The...
CVE-2024-8523 lmxcms SQL Command Execution Module admin.php formatData code injection
A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may ...
CVE-2024-8523 lmxcms SQL Command Execution Module admin.php formatData code injection
A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may ...
Microweber Cross Site Scripting (XSS) vulnerability
Microweber 2.0.16 was discovered to contain a Cross Site Scripting XSS vulnerability via userfiles\modules\settings\admin.php...
GHSA-H4XF-WX99-JMV4 Microweber Cross Site Scripting (XSS) vulnerability
Microweber 2.0.16 was discovered to contain a Cross Site Scripting XSS vulnerability via userfiles\modules\settings\admin.php...
CVE-2024-41381
microweber 2.0.16 was discovered to contain a Cross Site Scripting XSS vulnerability via userfiles\modules\settings\admin.php...
CVE-2024-41381
CVE-2024-41381 affects microweber 2.0.16. The vulnerability is a Cross-Site Scripting (XSS) in the file userfiles/modules/settings/admin.php, arising from insufficient input filtering/escaping. Evidence across multiple sources (NVD/Red Hat/CNVD/Veracode/GHSA/OSV) describes an XSS risk targeting a...
SimpCMS Cross-Site Scripting Vulnerability
SimpCMS is an easy-to-use CMS based on PureEdit. A cross-site scripting vulnerability exists in SimpCMS version 0.1, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary web script or HTML via a...
CVE-2024-39248
A cross-site scripting XSS vulnerability in SimpCMS v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field at /admin.php...
CVE-2024-39248
A cross-site scripting XSS vulnerability in SimpCMS v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field at /admin.php...
CVE-2024-39248
SimpCMS v0.1 is affected by an XSS in the Title field at /admin.php. Root cause cited across sources is lack of proper filtering/escaping of user input, enabling arbitrary web script or HTML execution. Impacted functionality is the admin input for the Title, with the potential for full script exe...
CVE-2024-6215
The CVE-2024-6215 entry concerns SourceCodester Food Ordering Management System (up to 1.0). A vulnerability affects the view-ticket-admin.php file where manipulating the id parameter leads to SQL injection. The issue is described as remote-exploitable with a publicly disclosed exploit. Multiple ...
CVE-2024-6215 SourceCodester Food Ordering Management System view-ticket-admin.php sql injection
A vulnerability was found in SourceCodester Food Ordering Management System up to 1.0. It has been rated as critical. This issue affects some unknown processing of the file view-ticket-admin.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...