4 matches found
CVE-2022-35945
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Information associated to registration key are not properly escaped in registration key configuration...
WonderCMS ADMIN LOGIN URL Parameter Cross-Site Scripting Vulnerability
WonderCMS is an open source PHP-based content management system CMS. A cross-site scripting vulnerability exists in WonderCMS v3.4.3, which stems from the lack of effective filtering and escaping of user-supplied data in the ADMIN LOGIN URL parameter of the Settings section, which can be exploite...
Cups Easy 跨站脚本漏洞
Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the issuanceno parameter on the /cupseasylive/stockissuanceprint.php page. An attacker...
blogspot.com窃取cookie漏洞
blogspot.com站点为Google的博客.因对过滤不严,造成漏洞。支持html,然后可以在其中插入类似如下内容.获取cookie blogspot 暂无 a onblur="javascript:alertdocument.cookie" href="http://bp3.blogger.com/er6f39OjAgE/RssqA2y7uNI/AAAAAAAAABk/BbeITZK9BAg/s1600-h/5af1scd.jpg"img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer;&qu...