28 matches found
Cross site scripting
A stored cross-site scripting XSS vulnerability in the Global Variables feature /index.php?module=globalvars/vars of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create"...
CVE-2018-19904
Persistent XSS exists in XSLT CMS via the create/?action=items.edit&type=Page "body" field...
Cross site scripting
Persistent XSS exists in XSLT CMS via the create/?action=items.edit&type=Page title field...
CVE-2018-19904
Persistent XSS exists in XSLT CMS via the create/?action=items.edit&type=Page "body" field...
CVE-2018-19903
Persistent XSS exists in XSLT CMS via the create/?action=items.edit&type=Page title field...
CVE-2018-19904
Persistent XSS exists in XSLT CMS via the create/?action=items.edit&type=Page "body" field...
CVE-2018-19904
CVE-2018-19904 corresponds to a Persistent XSS in XSLT CMS, exploitable via the create/?action=items.edit&type=Page endpoint in the body field. The vulnerability is documented across multiple sources (NVD entry and related advisories) and is described as XSS affecting the body field, with PoC ind...
CVE-2012-1198
baseagmain.php in Basic Analysis and Security Engine BASE 1.4.5 allows remote attackers to execute arbitrary code by uploading contents of the file with an executable extension via a create action, then accessing it via a view action...