CVE-2021-47967

PHP Timeclock 1.04 contains multiple cross-site scripting vulnerabilities that allow unauthenticated attackers to inject arbitrary JavaScript by manipulating URL paths and POST parameters. Attackers can append malicious payloads to login.php, timeclock.php, audit.php, and timerpt.php endpoints, o...

PHP Timeclock 1.04 - (Multiple) Cross Site Scripting Vulnerability

Exploit Title: PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting XSS Exploit Author: Tyler Butler Vendor Homepage: http://timeclock.sourceforge.net Software Link: https://sourceforge.net/projects/timeclock/files/PHP%20Timeclock/PHP%20Timeclock%201.04/ Version: 1.04 Tested on: PHP 4.4.9/5.3.3...

ShopBuilder module\adv\admin\adv. php, etc. 5 SQL injection

ShopBuilder description ShopBuilder is designed for large and medium-sized enterprises to develop the professional-level e-Commerce Mall system, powerful, safe and convenient, can carry tens of millions of views, make the enterprise low-cost to quickly build an online Mall, turn on the e-Commerce...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in iTop aka IT Operations Portal 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted company name, 2 a crafted database server name, 3 a crafted CSV file, 4 a crafted copy-and-paste action, 5 the...