CVE-2017-11679

Cross-Site Request Forgery CSRF exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action...

CVE-2017-11678

Hashtopus has a reported SQL injection vulnerability (CVE-2017-11678) affecting version 1.5g. The issue allows an attacker who is authenticated remotely to execute arbitrary SQL commands via the format parameter in admin.php, potentially impacting data confidentiality, integrity, and availability...

CVE-2017-11679

CVE-2017-11679 describes a CSRF in Hashtopus 1.5g where an attacker can trigger actions via the password parameter to admin.php in an a=config action. The connected records confirm the vulnerability exists in Hashtopus 1.5g and identify the vulnerable parameter and endpoint, but they do not provi...

CVE-2017-11677

Hashtopus 1.5g is affected by a Cross-Site Scripting (XSS) vulnerability that can be triggered by a crafted query string sent to admin.php, enabling the injection of arbitrary web script or HTML. The root cause is an input handling flaw in the web interface that processes the query string without...

Sql injection

SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php...

CVE-2017-9418

SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php...

Design/Logic Flaw

admin.php in BigTree through 4.2.18 allows remote authenticated users to cause a denial of service inability to save revisions via XSS sequences in a revision name...

CVE-2017-9548

admin.php in BigTree through 4.2.18 has a Cross-site Scripting XSS vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is scheduled for future publication aka a...

CVE-2017-9547

admin.php in BigTree through 4.2.18 has a Cross-site Scripting XSS vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page that is scheduled for future publication aka ...

CVE-2017-9546

admin.php in BigTree through 4.2.18 allows remote authenticated users to cause a denial of service inability to save revisions via XSS sequences in a revision name...

CVE-2017-9546

CVE-2017-9546 concerns BigTree CMS prior to 4.2.19 (BigTree 4.2.18 and earlier). The vulnerability exists in admin.php and allows remote authenticated users to trigger a denial of service by supplying crafted XSS sequences in a revision name, causing an inability to save revisions. Connected sour...

CVE-2017-9548

Summary: CVE-2017-9548 affects BigTree CMS up to version 4.2.18 (BigTree). The vulnerability is a cross-site scripting (XSS) flaw in admin.php that allows remote authenticated users to inject arbitrary script or HTML by using the Home Template Edit Page action and setting the Navigation Title for...

CVE-2017-9548

admin.php in BigTree through 4.2.18 has a Cross-site Scripting XSS vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is scheduled for future publication aka a...

CVE-2017-9452

CVE-2017-9452 describes a cross-site scripting (XSS) vulnerability in the Piwigo web photo gallery. The issue is in the admin.php handler where the parameter page can be manipulated to inject arbitrary script or HTML. Affected software: Piwigo 2.9.0 and earlier. Impact: remote attackers could exe...

FineCMS Cross-Site Scripting Vulnerability (CNVD-2017-10156)

FineCMS is a content management system CMS developed using MVC architecture and PDO database interface. A cross-site scripting vulnerability exists in the sitename parameter in the admin.php script of FineCMS 2017-05-28 and earlier versions. An attacker can exploit this vulnerability to inject...

Cross site scripting

andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php...

CVE-2017-9251

andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php...

CVE-2017-9251

andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php...

CVE-2017-9251

FineCMS prior to 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter of admin.php. The vulnerability is confirmed across multiple sources; the root cause is unsanitized input reflected in the sitename field. Impact is XSS (arbitrary script/HTML execution) in affected pages. Expl...

Piwigo cross-site scripting vulnerability (CNVD-2017-08783 )

Piwigo is a web-based photo album software from the Piwigo team. The software supports photo publishing, management, multiple browsing options categories, tags, time and more. A cross-site scripting vulnerability exists in the admin.php file in Piwigo 2.9.0 and earlier versions. A remote attacker...