blog.seniorennet.nl XSS vulnerability

Open Bug Bounty ID: OBB-648249 Description| Value ---|--- Affected Website:| blog.seniorennet.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-14069

SRCMS V2.3.1 contains a CSRF flaw that allows an attacker to add a user account via admin.php?m=Admin&c=member&a=add. The affected component is the user-management functionality; the root cause is a CSRF vulnerability in the request handling for adding members. Impact statements in the sources in...

CVE-2018-13031

DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account...

CVE-2018-13031

DamiCMS CVE-2018-13031 affects versions 6.0.0 and 6.1.0 . The vulnerability is a Cross-Site Request Forgery (CSRF) on the endpoint admin.php?s=/Admin/doadd, allowing an attacker to add an administrator account. The root cause is insufficient CSRF protection on that admin action; the impact is the...

DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin)

DAMICMS 6.0.0 - Cross-Site Request Forgery Add Admin history.pushState'', '', '/'...

Design/Logic Flaw

An XSS issue was discovered in Sandoba CP:Shop v2016.1. The vulnerability is located in the admin.php file of the ./cpshop/ module. Remote attackers are able to inject their own script codes to the client-side requested vulnerable web-application parameters. The attack vector of the vulnerability...

CVE-2018-13001

An XSS issue was discovered in Sandoba CP:Shop v2016.1. The vulnerability is located in the admin.php file of the ./cpshop/ module. Remote attackers are able to inject their own script codes to the client-side requested vulnerable web-application parameters. The attack vector of the vulnerability...

CVE-2018-13001

An XSS issue was discovered in Sandoba CP:Shop v2016.1. The vulnerability is located in the admin.php file of the ./cpshop/ module. Remote attackers are able to inject their own script codes to the client-side requested vulnerable web-application parameters. The attack vector of the vulnerability...

CVE-2018-13001

Sandoba CP:Shop v2016.1 contains a cross-site scripting (XSS) vulnerability in the cpshop/admin.php module. The CVE describes a non-persistent XSS that can be triggered via GET parameters (path, search, rename, or dir) and injected into client-side code. Connected sources corroborate the issue ac...

CVE-2018-12603

Cross-site request forgery CSRF vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114...

CVE-2018-12114

Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts...

CVE-2018-12114

CVE-2018-12114 affects MacCMS 10. A CSRF vulnerability allows an attacker to add administrator user accounts via the request targeting admin.php/admin/admin/info.html. The issue is demonstrated in public references and exploit entries, including an explicit POST form example used to create a new ...

Cross site request forgery (csrf)

An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker via spear phishing/social engineering, the attacker can change the plugin settings. The function...

CVE-2018-11018

PbootCMS v1.0.7 contains a Cross‑Site Request Forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php that enables remote attackers to add administrator accounts via admin.php/role/add.html. Affected software: PbootCMS 1.0.7. Root cause: CSRF in role management workflow al...

Code injection

PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php...

CVE-2018-10133

PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php...

CVE-2018-10132

PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter...

CVE-2018-10132

CVE-2018-10132 affects PbootCMS v0.9.8. The vulnerability is described as a cross‑site request forgery (CSRF) in admin.php/Message/mod/id/19.html?backurl=/index.php that can cause PHP code injection in the recontent parameter. Connected sources consistently reference the same description. No conc...

Sandoba CP:Shop CMS 2016.1 Cross Site Scripting

Document Title: =============== Sandoba CP:Shop CMS v2016.1 - Multiple Cross Site Scripting Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2122 Release Date: ============= 2018-03-02 Vulnerability Laboratory ID VL-ID:...

Design/Logic Flaw

The management panel in Piwigo 2.9.3 has stored XSS via the virtualname parameter in a /admin.php?page=catlist request, a different issue than CVE-2017-9836. CSRF exploitation, related to CVE-2017-10681, may be possible...