3 matches found
CVE-2018-8767
joyplus-cms 1.6.0 has XSS in manager/adminajax.php?action=save&tab=prevodtype via the tname parameter...
CVE-2018-8767
joyplus-cms 1.6.0 has XSS in manager/adminajax.php?action=save&tab=prevodtype via the tname parameter...
CVE-2018-8767
Joyplus-cms 1.6.0 is affected by a cross-site scripting (XSS) vulnerability in manager/admin_ajax.php?action=save&tab={pre}vod_type, exploitable via the t_name parameter. Root cause: insufficient input sanitization that allows injected script/HTML. Impact: can inject arbitrary scripts into the vi...