CVE-2023-3015

A vulnerability has been found in yiwent Vip Video Analysis 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file data/title.php. The manipulation of the argument titurl leads to server-side request forgery. The attack can be launched remotely. The...

PT-2023-22558 · Unknown · Yiwent Vip Video Analysis

Name of the Vulnerable Software and Affected Versions: yiwent Vip Video Analysis version 1.0 Description: A critical issue has been found in the software, affecting an unknown functionality of the file data/title.php. The manipulation of the titurl argument leads to server-side request forgery...

Cross-site Scripting (XSS)

bootstrap is vulnerable to Cross-site Scripting XSS. The attack exists because it does not escape the data-template, data-content and data-title options for tooltip/popover plugins, allowing to inject malicious script through it...

CVE-2018-19919

Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php datatitle parameter, as demonstrated by a crafted onload attribute of an SVG element...

Design/Logic Flaw

Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php datatitle parameter, as demonstrated by a crafted onload attribute of an SVG element...

CVE-2015-1040

Multiple cross-site scripting XSS vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the 1 lrealname field in the editProfile form to index.php/home/profile; the 2 datatitle or 3 datadescription field in the...