1599 matches found
CVE-2018-18191
CVE-2018-18191 describes a Cross‑Site Request Forgery (CSRF) vulnerability in Dayrui FineCms 5.4, specifically in /admin.php?c=member&m=edit&uid=1, which allows remote attackers to change the administrator’s password. The connected documents confirm the affected product/version and the vulnerable...
CVE-2018-18082
XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI...
Cross site scripting
XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI...
CVE-2018-18069
processforms in the WPML aka sitepress-multilingual-cms plugin through 3.6.3 for WordPress has XSS via any localefilename parameter such as localefilenameen in an authenticated theme-localization.php request to wp-admin/admin.php...
CVE-2018-17826
HisiPHP 1.0.8 is vulnerable to CSRF via admin.php/admin/user/adduser.html, enabling an attacker to create an administrator account. This account can then leverage app/common/model/AdminAnnex.php to add .php to the allowed file-upload types list (.jpg, .png, .gif, .jpeg, .ico), facilitating arbitr...
CVE-2018-16729
Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages-manage under admin.php?action=files...
CVE-2018-16729
Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages-manage under admin.php?action=files...
CVE-2018-16729
Pluck CMS 4.7.7 is vulnerable to cross-site scripting via an SVG file containing Javascript in a SCRIPT element, uploaded through pages->manage under admin.php?action=files. The flaw is caused by how SVGs are handled, enabling XSS. Exploitation details are not provided in the documents; no pat...
CVE-2018-16729
Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages-manage under admin.php?action=files...
bloggen.be XSS vulnerability
Open Bug Bounty ID: OBB-674630 Description| Value ---|--- Affected Website:| bloggen.be Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Cross site request forgery (csrf)
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftpsave...
CVE-2018-16732
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftpsave...
CVE-2018-16449
CVE-2018-16449 affects OneThink 1.1.141212, enabling cross-site request forgery (CSRF) to perform admin actions: adding a page (admin.php?s=/Channel/add.html), adding a blog (admin.php?s=/Article/update.html), and changing audit state (admin.php?s=/Article/setStatus/status/1.html). The connected ...
CVE-2018-16337
An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save...
CVE-2018-16338
An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic...
CVE-2018-16331
admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password...
Cross site request forgery (csrf)
admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password...
CVE-2018-16331
admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password...
CVE-2018-16331
The CVE-2018-16331 entry concerns DamiCMS v6.0.0 where the admin.php?s=/Admin/doedit endpoint is vulnerable to CSRF, enabling an attacker to change the administrator password. The related connected records confirm: (1) affected software and version (DamiCMS 6.0.0), (2) the vulnerability type (CSR...
Design/Logic Flaw
In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add...