36 matches found
Design/Logic Flaw
joyplus-cms 1.6.0 has XSS via the manager/adminajax.php cansearchdevice array parameter...
CVE-2018-14388
joyplus-cms 1.6.0 has XSS via the manager/adminajax.php cansearchdevice array parameter...
CVE-2018-14389
joyplus-cms 1.6.0 has SQL Injection via the manager/adminajax.php val parameter...
Sql injection
joyplus-cms 1.6.0 has SQL Injection via the manager/adminajax.php val parameter...
CVE-2018-14388
joyplus-cms 1.6.0 has XSS via the manager/adminajax.php cansearchdevice array parameter...
CVE-2018-14389
joyplus-cms 1.6.0 has SQL Injection via the manager/adminajax.php val parameter...
CVE-2018-14388
Joyplus-cms 1.6.0 is vulnerable to cross-site scripting (XSS) via the can_search_device parameter sent to manager/admin_ajax.php. The root cause is unsanitized user input in that parameter, allowing arbitrary script execution in a user’s browser. Multiple sources (NVD, Red Hat, CNVD, CNVD, PRION,...
CVE-2018-10096
joyplus-cms 1.6.0 has XSS via the devicename parameter in a manager/adminajax.php?action=save flag=add request...
Cross site request forgery (csrf)
joyplus-cms 1.6.0 has XSS via the devicename parameter in a manager/adminajax.php?action=save flag=add request...
CVE-2018-10096
joyplus-cms 1.6.0 has XSS via the devicename parameter in a manager/adminajax.php?action=save flag=add request...
CVE-2018-10096
Joyplus-cms 1.6.0 is affected by a cross-site scripting (XSS) vulnerability exploitable through the device_name parameter in manager/admin_ajax.php?action=save flag=add. The root cause is likely inadequate input sanitization of device_name, allowing injected scripts to be reflected in the applica...
Design/Logic Flaw
joyplus-cms 1.6.0 has XSS in manager/adminajax.php?action=save&tab=prevodtype via the tname parameter...
CVE-2018-8767
Joyplus-cms 1.6.0 is affected by a cross-site scripting (XSS) vulnerability in manager/admin_ajax.php?action=save&tab={pre}vod_type, exploitable via the t_name parameter. Root cause: insufficient input sanitization that allows injected script/HTML. Impact: can inject arbitrary scripts into the vi...
CVE-2018-8717
CVE-2018-8717 affects joyplus-cms 1.6.0 and is a cross-site request forgery (CSRF) vulnerability. The issue is demonstrated by a CSRF request to manager/admin_ajax.php?action=save&tab={pre}manager that can result in adding an administrator account. The connected sources confirm the vulnerability ...
SQL Injection Vulnerability in Ocean CMS v_name Parameter
Ocean CMS is an open source website builder. A SQL injection vulnerability exists in the adminajax.php page of Ocean CMS 6.46 utf-8 official version. The lack of filtering of the 'vname' parameter allows an attacker to exploit the vulnerability to obtain sensitive database information...
WordPress WPLMS 1.8.4.1 Privilege Escalation Vulnerability
WordPress WPLMS theme version 1.8.4.1 suffers from a privilege escalation vulnerability. ------------------------------------------------------------------------------ WordPress WPLMS Theme Previlege Escalation ------------------------------------------------------------------------------ - Autho...