16 matches found
CVE-2019-25454
phpMoAdmin 1.1.5 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the collection parameter. Attackers can send GET requests to moadmin.php with script payloads in the collection parameter during collection...
CVE-2019-25454
phpMoAdmin 1.1.5 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the collection parameter. Attackers can send GET requests to moadmin.php with script payloads in the collection parameter during collection...
CVE-2019-25454
phpMoAdmin 1.1.5 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the collection parameter. Attackers can send GET requests to moadmin.php with script payloads in the collection parameter during collection...
CVE-2019-25454 phpMoAdmin 1.1.5 Stored Cross-Site Scripting via collection Parameter
phpMoAdmin 1.1.5 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the collection parameter. Attackers can send GET requests to moadmin.php with script payloads in the collection parameter during collection...
CVE-2019-25454
CVE-2019-25454 affects phpMoAdmin 1.1.5. The vulnerability is a stored cross-site scripting (XSS) in the collection parameter of moadmin.php, allowing unauthenticated attackers to inject and store script payloads that execute in users’ browsers when the affected page is viewed. The root cause is ...
CVE-2019-25454 phpMoAdmin 1.1.5 Stored Cross-Site Scripting via collection Parameter
phpMoAdmin 1.1.5 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the collection parameter. Attackers can send GET requests to moadmin.php with script payloads in the collection parameter during collection...
phpMoAdmin 跨站脚本漏洞
phpMoAdmin is a MongoDB database management tool developed by Valentin Hilbig. Version 1.1.5 of phpMoAdmin contains a cross-site scripting vulnerability, which stems from improper cleaning of collection parameters. This vulnerability may lead to storage-based cross-site scripting attacks...
PT-2026-21322
phpMoAdmin 1.1.5 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the collection parameter. Attackers can send GET requests to moadmin.php with script payloads in the collection parameter during collection...
CVE-2023-53938
RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute...
CVE-2023-53938
RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute...
CVE-2023-53938
RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute...
CVE-2023-53938 RockMongo 1.1.7 Stored Cross-Site Scripting Vulnerability via Multiple Parameters
RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute...
CVE-2023-53938 RockMongo 1.1.7 Stored Cross-Site Scripting Vulnerability via Multiple Parameters
RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute...
CVE-2023-53938
RockMongo 1.1.7 contains a stored cross-site scripting vulnerability exploitable via multiple unencoded input parameters (database, collection, login). The root cause is input parameters not being encoded before rendering, enabling attackers to inject arbitrary JavaScript into a victim’s browser....
PT-2024-36064 · Unknown · Clipbucket-V5
Name of the Vulnerable Software and Affected Versions: ClipBucket-v5 versions 5.5.1 Revision 199 and below Description: The issue exists in the upload/upload.php file where user-supplied input via the collection get parameter is directly provided to the unserialize function, allowing an adversary...
PT-2024-36063
Name of the Vulnerable Software and Affected Versions: ClipBucket-v5 versions 2.0 through 5.5.1 Revision 199 Description: ClipBucket V5 provides open source video hosting with PHP. The issue exists in the upload/photo upload.php file, specifically within the decode key function. This function...