PT-2023-28789 · Evolution · Evolution

Name of the Vulnerable Software and Affected Versions: evolution version 3.2.3 Description: A cross-site scripting XSS issue allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword, and cmspasswordconfim parameters. This enabl...

Evolution CMS Cross-Site Scripting Vulnerability

Evolution CMS is an open source PHP-based content management system CMS. A security vulnerability exists in Evolution CMS version v.3.2.3, which stems from a cross-site scripting XSS vulnerability in several parameters such as cmsadmin, cmsadminmail, and others...

CVE-2023-43340

Cross-site scripting XSS vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters...

UsualToolCMS Arbitrary File Deletion Vulnerability

UsualToolCMS UTCMS is an enterprise web content management system CMS based on PHP and MySQL. An arbitrary file deletion vulnerability exists in the cmsadmin\asqlback.php file in UTCMS version 8.0, which can be exploited by remote attackers to delete arbitrary files with the help of the 'backname...