CVE-2020-37053

Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques,...

CVE-2020-37053 Navigate CMS 2.8.7 - ''sidx' SQL Injection

Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques,...

CVE-2020-37053

Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques,...

RLE NOVA PlanManager Cross-Site Script Vulnerability

RLE NOVA PlanManager is a planning and scheduling management software developed by the Spanish company RLE NOVA. RLE NOVA PlanManager has a cross-site scripting vulnerability, which stems from improper cleaning of the comment and brand parameters in the index.php file. This vulnerability may lead...

EUVD-2020-18402

Malware in sbrugna...

PT-2025-29838 · Emlog · Emlog

Name of the Vulnerable Software and Affected Versions: Emlog versions through 2.5.17 Description: Emlog is a website building system. A cross-site scripting XSS issue exists in versions up to and including 2.5.17, allowing remote attackers to inject arbitrary web script or HTML via the comment an...

CVE-2024-5415 Cross-Site Scripting (XSS) vulnerability on PhpMyBackupPro

A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/backup.php, 'comments' and 'db' parameters. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to...

PT-2024-36073

Name of the Vulnerable Software and Affected Versions: PhpMyBackupPro version 2.3 Description: A vulnerability has been discovered that could allow an attacker to execute XSS through the "/phpmybackuppro/backup.php" API endpoint, using the comments and db parameters. This could allow an attacker ...

PhpMyBackupPro 跨站脚本漏洞

PhpMyBackupPro is a very easy to use, free web-based MySQL backup application from the Chris Younger project. A cross-site scripting vulnerability exists in PhpMyBackupPro version 2.3, which stems from a cross-site scripting vulnerability in the comments, db parameter in /phpmybackuppro/backup.ph...

Cross-Site Scripting (XSS)

webmention.js is vulnerable to Cross-Site Scripting XSS attacks. The vulnerability is due to improper sanitization of the comments parameter in the formatComments function, allowing an attacker to inject and execute malicious JavaScript in a victim's browser...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the comliferaysitemysiteswebportletMySitesPortletcomments parameter in membership request administration pages. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker...

Textpattern CMS 跨站脚本漏洞

Textpattern Cms is a Php-based content management system from the Textpattern team. A security vulnerability in the Comments parameter in Textpattern CMS versions prior to 4.8.4 allows an attacker to execute arbitrary code via a specially crafted load entered in the URL field...

CVE-2021-29044

Cross-site scripting XSS vulnerability in the Site module's membership request administration pages in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary w...

UBUNTU-CVE-2018-16808

An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note...

PT-2006-6739 · Unknown · Activenews Manager

Name of the Vulnerable Software and Affected Versions: ActiveNews Manager affected versions not specified Description: The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary SQL commands. The vulnerabilities can be exploited...

CVE-2006-3211

The CVE-2006-3211 issue affects cjGuestbook versions 1.3 and earlier, located in sign.php. It is a cross-site scripting (XSS) vulnerability that lets remote attackers inject JavaScript by using a javascript: URI in an img BBCode tag within the comments parameter. Impact is partial integrity compr...

PT-2006-4106 · Unknown · Cjguestbook

Name of the Vulnerable Software and Affected Versions: cjGuestbook versions 1.3 and earlier Description: The issue concerns a cross-site scripting XSS vulnerability. It allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter...

CVE-2006-1842

Cross-site scripting XSS vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the 1 NAME and 2 COMMENTS parameters...