Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 application.js.php in scripts/ or 2 admin.php, 3 copymove.php, 4 functions.php, 5 header.php, or 6...

CVE-2013-5951

Multiple cross-site scripting XSS vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 application.js.php in scripts/ or 2 admin.php, 3 copymove.php, 4 functions.php, 5 header.php, or 6...

CVE-2012-6430

Cross-site scripting XSS vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140...

Cross site scripting

Cross-site scripting XSS vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140...

CVE-2012-6430

Cross-site scripting XSS vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140...

CVE-2012-6430

Cross-site scripting XSS vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140...

CVE-2012-6430

The CVE-2012-6430 entry describes a Cross-Site Scripting (XSS) vulnerability in OpenSolution Quick.Cms 5.0 and Quick.Cart 6.0 (and possibly earlier) where unsafely processed data in PATH_INFO to admin.php allows remote attackers to execute arbitrary scripts. The issue originates from insufficient...

Debian: Security Advisory (DSA-2882-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross site scripting

Cross-site scripting XSS vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users with permissions to create categories to inject arbitrary web script or HTML via the cat parameter in an adminnewcategory action to admin.php...

CVE-2013-3728

CVE-2013-3728 affects Kasseler CMS prior to 2 r1232. The connected sources document three vulnerabilities in Kasseler CMS: stored XSS via the cat parameter in admin.php (admin_new_category action), general XSS, and CSRF allowing SQL execution. Specifically, remote authenticated users with categor...

OpenSupports Remote Shell Upload Vulnerability

Sites powered by OpenSupports suffer from a remote shell upload vulnerability. Exploit Title: Open Support Arbitrary Remote File Upload Vulnerabilities Google Dork: allintext: "Power by OpenSupports © 2009 - 2014. All Rights reserved" Date: 02,March 02,2014 Exploit Author: Slotleet Vendor Homepag...

Singapore 0.9.9b / 0.9.10 Cross Site Scripting

Author: TUNISIAN CYBER + Exploit Title: singapore v0.9.9b/0.9.10 admin.php POST Cross Site Scripting Vulnerability + Date: 05-02-2014 + Category: WebApp + Google Dork: : + Tested on: KaliLinux + Vendor: http://sourceforge.net/projects/singapore/ + Friendly Sites: na3il.com,th3-creative.com...

Cross site scripting

Cross-site scripting XSS vulnerability in fs-admin/wpf-add-forum.php in the ForumPress WP Forum Server plugin before 1.7.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the groupid parameter in an addforum action to wp-admin/admin.php...

CVE-2012-6625

CVE-2012-6625 affects the ForumPress WP Forum Server plugin for WordPress, specifically the fs-admin/fs-admin.php component. The vulnerability is a SQL injection via the groupid parameter in an editgroup action, exploitable remotely and leading to arbitrary SQL execution. It applies to plugin ver...

CVE-2013-6797

CVE-2013-6797 is a CSRF vulnerability in the WordPress plugin Blue Wrench Video Widget (bluewrench-video-widget.php) prior to version 2.0.0 . The issue allows remote attackers to hijack an administrator’s session by crafting requests that embed arbitrary URLs via the bw_url parameter on the bw-vi...

CVE-2013-5977

Cross-site request forgery CSRF vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that 1 create or modify products or conduct cross-site scripting XSS attacks via the 2...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that 1 create or modify products or conduct cross-site scripting XSS attacks via the 2...

destoon b2b system all version SQL injection vulnerability analyses reference exp-vulnerability warning-the black bar safety net

在 include/global.func.php in stripsql function to pass the incoming value for the filter, but we can bypass this limit, to achieve the full version of the injected function stripsql$string $search =...

destoon full version SQL injection vulnerability-vulnerability warning-the black bar safety net

在 include/global.func.php in stripsql function to pass the incoming value for the filter, but we can bypass this limit, to achieve the full version of the injected function stripsql$string $search =...

CVE-2013-4626

Cross-site scripting XSS vulnerability in the BackWPup plugin before 3.0.13 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php...