e107_admin/comment.php file cross-site scripting vulnerability

e107 is an open source, free and PHP and MySQL based Content Management System CMS from the e107 team. A cross-site scripting vulnerability exists in the e107admin/comment.php file in e107 v2.1.9. The vulnerability stems from the WEB application lacking proper validation of client-side data. An...

CVE-2018-17423

An issue was discovered in e107 v2.1.9. There is a XSS attack on e107admin/comment.php...

CVE-2018-17423

An issue was discovered in e107 v2.1.9. There is a XSS attack on e107admin/comment.php...

Design/Logic Flaw

An issue was discovered in e107 v2.1.9. There is a XSS attack on e107admin/comment.php...

CVE-2018-17423

CVE-2018-17423 affects e107 v2.1.9 with a cross-site scripting (XSS) vulnerability in e107_admin/comment.php due to improper validation of client-side data. Documents from NVD, Red Hat, CNVD, OSV, OpenVAS and others corroborate the XSS flaw; exploitation details or fixes are not provided in the a...

CVE-2018-17423

An issue was discovered in e107 v2.1.9. There is a XSS attack on e107admin/comment.php...

CVE-2019-9787

WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS...

yiqicms Cross-Site Scripting Vulnerability

yiqicms is a content management system CMS for marketing enterprise websites. A cross-site scripting vulnerability exists in the comment.php file in yiqicms 2016-11-20 and earlier versions, which stems from the program only applying a length restriction to $msgtitle, which can be exploited by a...

CVE-2018-17077

An issue was discovered in yiqicms through 2016-11-20. There is stored XSS in comment.php because a length limit can be bypassed...

Cross site scripting

An issue was discovered in yiqicms through 2016-11-20. There is stored XSS in comment.php because a length limit can be bypassed...

CVE-2018-17077

An issue was discovered in yiqicms through 2016-11-20. There is stored XSS in comment.php because a length limit can be bypassed...

CVE-2018-17077

CVE-2018-17077 affects yiqicms (pre-2016-11-20) with a stored cross-site scripting (XSS) vulnerability in the file comment.php caused by a bypassable length restriction on the message title. The CNVD/NVD records describe that an attacker can inject arbitrary script or HTML, leveraging the bypasse...

CVE-2015-7324

Multiple cross-site scripting XSS vulnerabilities in helpers/comment.php in the StackIdeas Komento comkomento component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 img or 2 url tag of a new comment...

APPCMS comment.php文件SQL注入

AppCMS 官网：http://www.appcms.cc/ 审计版本：2.0.101 下载连接：http://www.appcms.cc/download/appcms2.0.101.zip AppCMS comment.php SQL Injection 0x00 前言 一开始是在cnvd（）上看到有人提交这个漏洞没有详情，去官网下载源码本地审计没有审计出来；一次偶然的机会看到@Thinking分享的文章，才知道服务器端获取的“HTTPCLIENTIP”值是http头中“CLIENT-IP”字段的值是可伪造的！看到这个就恍然大悟了 0x01 分析...

iWebShop open source mall system comment.php check parameter has SQL injection vulnerability

iWebShop is an open source WEB e-commerce B2B2C platform self-supporting + merchants stationed station-building system based on PHP language + MYSQL database development, using the MVC architecture Yii framework thinking design pattern carefully designed a product. iWebShop open source mall syste...

Header Injection

anchorcms/anchor-cms is vulnerable to header injection attacks. Using CLRF, attackers can inject headers into anchors/models/comment.php...

Serendipity Open Redirect Vulnerability

Serendipity is a PHP-based blogging system developed by Serendipity team. The system supports the creation of online journals, blogs, web pages and more. An open redirection vulnerability exists in comment.php in Serendipity in versions 2.0.5 and earlier, which allows remote attackers to redirect...

CVE-2017-5474

Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header...

CVE-2017-5475

comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments...

CVE-2017-5474

Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header...