CVE-2020-23719

Cross site scripting XSS vulnerability in application/controllers/AdminController.php in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the bbsmeta parameter...

CVE-2023-45958

Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the backuppagination parameter at /controller/AdminController.php. This vulnerability allows attackers to execute arbitrary JavaScript in the web browser of a user via a crafted payload...

CVE-2023-45958

Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the backuppagination parameter at /controller/AdminController.php. This vulnerability allows attackers to execute arbitrary JavaScript in the web browser of a user via a crafted payload...

zibbs cross-site scripting vulnerability

zibbs is a php light forum system developed on bootstrap. zibbs version 1.0 has a cross-site scripting vulnerability in application/controllers/AdminController.php. An attacker can exploit this vulnerability to execute arbitrary code via the bbsmeta parameter...

CVE-2020-23719

Cross site scripting XSS vulnerability in application/controllers/AdminController.php in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the bbsmeta parameter...

Cross site scripting

Cross site scripting XSS vulnerability in application/controllers/AdminController.php in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the bbsmeta parameter...

CVE-2020-23719

Cross site scripting XSS vulnerability in application/controllers/AdminController.php in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the bbsmeta parameter...

CVE-2020-23719

CVE-2020-23719 affects xujinliang zibbs 1.0, with an XSS vulnerability in application/controllers/AdminController.php. The bbsmeta parameter can be manipulated to execute arbitrary code. CVSS data included in the record indicate a high/severe impact: CVSS v3.1 base score 9.6 (CRITICAL), NETWORK a...

CVE-2018-19748

app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded note that base64 encoding, instead of URL encoding, is very rare in a...

CVE-2018-19748

app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded note that base64 encoding, instead of URL encoding, is very rare in a...

Cross site request forgery (csrf)

An issue was discovered in YXcms 1.4.7. Cross-site request forgery CSRF vulnerability in protected/apps/admin/controller/adminController.php allows remote attackers to delete administrator accounts via index.php?r=admin/admin/admindel...

CVE-2018-11004

An issue was discovered in SDcms v1.5. Cross-site request forgery CSRF vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote attackers to add administrator accounts via m=admin&c=admin&a=add...

CVE-2018-11004

An issue was discovered in SDcms v1.5. Cross-site request forgery CSRF vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote attackers to add administrator accounts via m=admin&c=admin&a=add...