44 matches found
CVE-2024-4300
Summary of CVE-2024-4300 (FS-EZViewer(Web)) Affected software: E‑WEBInformationCo. FS‑EZViewer(Web). What is vulnerable: exposed sensitive information through the service; the page source reveals the database configuration file path without authentication, enabling access to credentials and datab...
CVE-2024-4300 E-WEBInformationCo. FS-EZViewer(Web) - Sensitive Data Exposure
E-WEBInformationCo. FS-EZViewerWeb exposes sensitive information in the service. A remote attacker can obtain the database configuration file path through the webpage source code without login. Accessing this path allows attacker to obtain the database credential with the highest privilege and...
CVE-2023-43875
Multiple Cross-Site Scripting XSS vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail...
Subrion CMS Cross-Site Scripting Vulnerability
Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into websites and supports a variety of extensions plugins and more. A security vulnerability exists in Subrion CMS version v.4.2.1, which stems from a cross-site scripting XSS vulnerabili...
CVE-2023-41601
Multiple cross-site scripting XSS vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters...
CVE-2023-41601
Multiple cross-site scripting XSS vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters...
PT-2023-27994 · Csz Cms · Csz Cms
Name of the Vulnerable Software and Affected Versions: CSZ CMS version 1.3.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters in the install/index.php file. This enables the...
CSZ CMS Cross-Site Scripting Vulnerability
CSZ CMS is a PHP-based open source content management system CMS. A security vulnerability exists in CSZ CMS v1.3.0, which stems from multiple cross-site scripting XSS vulnerabilities in install/index.php that allow attackers to execute arbitrary web script or HTML with a crafted payload via the...
SUSE CVE-2020-18670
Cross Site Scripting XSS vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php...
CVE-2020-18670
Cross Site Scripting XSS vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php...
CVE-2020-18670
Cross Site Scripting XSS vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php...
CVE-2020-18670
Cross Site Scripting XSS vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php...
Cross site scripting
Cross Site Scripting XSS vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php...
CVE-2020-18670
Cross Site Scripting XSS vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php...
UBUNTU-CVE-2020-18670
Cross Site Scripting XSS vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php...
CVE-2020-18670
Cross Site Scripting XSS vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php...
CVE-2020-18670
CVE-2020-18670 affects Roundcube Webmail with stored XSS in /installer/test.php via database host/user input. Publicly documented impact is XSS vulnerability in Roundcube 1.3.x/LTS releases, with openSUSE advisories noting a fix by upgrading to Roundcube 1.3.16 (security update openSUSE-SU-2021:1...
CVE-2020-18670
Cross Site Scripting XSS vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php...
tinyissue and Pixeline Bugs Code Injection Vulnerabilities
tinyissue is a defect tracking system. pixeline Bugs is a branch of tinyissue. A code injection vulnerability exists in the install/config-setup.php file in tinyissue version 1.3.1 and pixeline Bugs version 1.3.2c and earlier, which can be exploited to execute arbitrary PHP code with the...
CVE-2019-9002
An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config-setup.php allows remote attackers to execute arbitrary PHP code via the databasehost parameter if the installer remains present in its original directory after installation is completed...