Cross-site Scripting (XSS)

craftcms/cms is vulnerable to cross-site scripting. The vulnerability exists because the fldTabHtml and fldFieldSelectorsHtml functions of Cp.php does not properly encode the tab and groupName parameters, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting (XSS)

craftcms/cms is vulnerable to cross-site scripting. The vulnerability exists because the fldTabHtml and fldFieldSelectorsHtml functions of Cp.php does not properly encode the tab and groupName parameters, allowing an attacker to inject and execute malicious javascript...

Craft CMS Cross site Scripting vulnerability

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting XSS via src/helpers/Cp.php...

GHSA-WXVF-839F-JQMH Craft CMS Cross site Scripting vulnerability

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting XSS via src/helpers/Cp.php...

CVE-2022-37248

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting XSS via src/helpers/Cp.php...

CVE-2022-37248

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting XSS via src/helpers/Cp.php...

Cross site scripting

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting XSS via src/helpers/Cp.php...

CVE-2022-37248

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting XSS via src/helpers/Cp.php...

pkusd.org XSS vulnerability

Vulnerable URL: http://www.pkusd.org/main/cp.php?"'--!confirmOPENBUGBOUNTY...

Comsenz SupeSite CMS 'cp.php' Cross-Site Scripting Vulnerability

Comsenz SupeSite CMS is a content management system CMS of China Comsenz Comsenz. A cross-site scripting vulnerability exists in Comsenz SupeSite CMS, which arises from the program's failure to adequately filter user-submitted input. When a user browses the affected site, their browser will execu...

Supesite 前台注入 #3 (Delete)

简要描述： Delete 如果ucenter和supesite在一个裤的话 可以尝试把uckey注入出来 然后…… 详细说明： 在cp.php中 $ac = empty$GET'ac' ? 'profile' : trim$GET'ac'; ifinarray$ac, array'index', 'news', 'profile', 'credit', 'models' includeonceSROOT.'./source/cp'.$ac.'.php'; 包含进来 在source/cpnews.php中 ifempty$itemid //这里让$itemid 不为空...

Supesite 前台二次注入一枚

简要描述： 二次猪肉。 详细说明： 在cp.php中 $ac = empty$GET'ac' ? 'profile' : trim$GET'ac'; ifinarray$ac, array'index', 'news', 'profile', 'credit', 'models' includeonceSROOT.'./source/cp'.$ac.'.php'; 包含文件进来 在source/cpnews.php中 $newsarr = array'subject' = $POST'subject', 'catid' = $POST'catid', 'type' =...

Vikingboard Viking board 0.1.2 cp.php debug Variable Information Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/25060/info Vikingboard is prone to multiple information-disclosure weaknesses because attackers may disclose sensitive information that may be used in other attacks on the system. Vikingboard 0.1.2 is vulnerable; other...

opcms content management system Oday-vulnerability warning-the black bar safety net

漏洞 文件 cp.php file exists code execution vulnerability. http://127.0.0.1/cp.php?opc=phpinfo Background get the shell methods on the site information provided there, click on the email modified! Insert the following code ‘?& gt;/...

CVE-2007-6237

cp.php in DeluxeBB 1.09 fails to verify that the membercookie matches the authenticated member during profile updates, enabling remote authenticated users to change e-mails for arbitrary accounts via a modified membercookie parameter (a different vector than CVE-2006-4078). This can be leveraged ...

DeluxeBB CP.PHP安全绕过漏洞

DeluxeBB是一款基于PHP的WEB应用程序。 DeluxeBB不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞更改管理员信息。 问题是由于'cp.php'脚本对用户提交的WEB参数缺少过滤，当更新自身的档案时，DeluxeBB执行如下有问题代码： $db-unbufferedquery"UPDATE ".$prefix."users SET email='$xemail', msn='$xmsn', icq='$xicq', ... WHERE username='$membercookie'"; 因此可更改cookie "membercookie"，如更改远程用户的EMAI...

Vikingboard 0.1.2 - cp.php Cross-Site Scripting

Vikingboard 0.1.2 - cp.php Cross-Site Scripting source: https://www.securityfocus.com/bid/25056/info Vikingboard is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to steal...

Vikingboard 0.1.2 - 'cp.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/25056/info Vikingboard is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to steal cookie-based authentication credentials and to launch oth...

Vikingboard 0.1.2 - cp.php Information Disclosure

Vikingboard 0.1.2 - cp.php Information Disclosure source: https://www.securityfocus.com/bid/25060/info Vikingboard is prone to multiple information-disclosure weaknesses because attackers may disclose sensitive information that may be used in other attacks on the system. Vikingboard 0.1.2 is...

Vikingboard 0.1.2 - 'cp.php' Information Disclosure

source: https://www.securityfocus.com/bid/25060/info Vikingboard is prone to multiple information-disclosure weaknesses because attackers may disclose sensitive information that may be used in other attacks on the system. Vikingboard 0.1.2 is vulnerable; other versions may also be affected...