6 matches found
Spitfire CMS 1.0.475 PHP Object Injection
Spitfire CMS 1.0.475 cmsbackupvalues PHP Object Injection Vendor: Claus Muus Product web page: http://spitfire.clausmuus.de Affected version: 1.0.475 Summary: Spitfire is a system to manage the content of webpages. Desc: The application is prone to a PHP Object Injection vulnerability due to the...
Spitfire CMS 1.0.475 PHP Object Injection Vulnerability
Spitfire CMS version 1.0.475 is prone to a PHP object injection vulnerability due to the unsafe use of unserialize function. A potential attacker, authenticated, could exploit this vulnerability by sending specially crafted requests to the web application containing malicious serialized input...
Spitfire CMS 1.0.475 (cms_backup_values) PHP Object Injection
Summary Spitfire is a system to manage the content of webpages. Description The application is prone to a PHP Object Injection vulnerability due to the unsafe use of unserialize function. A potential attacker, authenticated, could exploit this vulnerability by sending specially crafted requests t...
Spitfire 1.0.336 Cross Site Scripting
============================================================ Vulnerability ID: HTB22482 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinspitfire.html Product: Spitfire Vendor: Claus Muus http://spitfire.clausmuus.de/ Vulnerable Version: 1.0.336 and Probably Prior Versions Vendor...
Claus Muus Spitfire 1.0.336 - Multiple Cross-Site Scripting Vulnerabilities
Claus Muus Spitfire 1.0.336 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/41885/info Claus Muus Spitfire is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may...
Claus Muus Spitfire 1.0.336 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/41885/info Claus Muus Spitfire is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an...