23 matches found
EUVD-2021-23936
Malware in sbrugna...
EUVD-2021-23935
Malware in sbrugna...
EUVD-2021-23934
Malware in sbrugna...
CVE-2021-37366
CTparental before 4.45.03 is vulnerable to cross-site request forgery CSRF in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users...
CVE-2021-37365
CTparental before 4.45.03 is vulnerable to cross-site scripting XSS in the CTparental admin panel. In blcategireshelp.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into th...
CVE-2021-37367
CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file "blcategorieshelp.php" is vulnerable to directory traversal, an attacker can create a file that contains scripts and run arbitrary commands...
CVE-2021-37366
CTparental before 4.45.03 is vulnerable to cross-site request forgery CSRF in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users...
CVE-2021-37367
CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file "blcategorieshelp.php" is vulnerable to directory traversal, an attacker can create a file that contains scripts and run arbitrary commands...
CVE-2021-37367
CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file "blcategorieshelp.php" is vulnerable to directory traversal, an attacker can create a file that contains scripts and run arbitrary commands...
CVE-2021-37366
CTparental before 4.45.03 is vulnerable to cross-site request forgery CSRF in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users...
CVE-2021-37365
CTparental before 4.45.03 is vulnerable to cross-site scripting XSS in the CTparental admin panel. In blcategireshelp.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into th...
CVE-2021-37365
CTparental before 4.45.03 is vulnerable to cross-site scripting XSS in the CTparental admin panel. In blcategireshelp.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into th...
Cross site scripting
CTparental before 4.45.03 is vulnerable to cross-site scripting XSS in the CTparental admin panel. In blcategireshelp.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into th...
Cross site request forgery (csrf)
CTparental before 4.45.03 is vulnerable to cross-site request forgery CSRF in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users...
Directory traversal
CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file "blcategorieshelp.php" is vulnerable to directory traversal, an attacker can create a file that contains scripts and run arbitrary commands...
CVE-2021-37365
CTparental before 4.45.03 is vulnerable to cross-site scripting XSS in the CTparental admin panel. In blcategireshelp.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into th...
CVE-2021-37365
CTparental before 4.45.03 is affected by a stored XSS in the admin panel. The vulnerability arises from bl_categires_help.php, where the categories variable is populated with the raw content of the query string parameter cat without sanitization or encoding, allowing attackers to inject script in...
CVE-2021-37366
CVE-2021-37366 affects CTparental prior to version 4.45.03. The vulnerability is a cross-site request forgery (CSRF) in the CTparental admin panel, which—when combined with an XSS vector—could trick an administrator into clicking a link that cancels filtering for all standard users. The available...
CVE-2021-37366
CTparental before 4.45.03 is vulnerable to cross-site request forgery CSRF in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users...
CVE-2021-37367
CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file "blcategorieshelp.php" is vulnerable to directory traversal, an attacker can create a file that contains scripts and run arbitrary commands...