50 matches found
CVE-2018-18062
The CVE-2018-18062 entry concerns tecrail Responsive FileManager 9.8.1, specifically a vulnerability in dialog.php that enables reflected XSS. An attacker can craft a URL to cause the hosting site's context to execute arbitrary script/HTML in a victim’s browser, potentially stealing cookie-based ...
CVE-2018-18061
Summary (CVE-2018-18061): Tecral/Responsive FileManager 9.8.1 exposes an authentication bypass in its dialog.php, allowing remote attackers to access the file-management interface and perform file upload, edit, and delete actions. Concrete PoC references show that a secretkey parameter can bypass...
CVE-2017-7627
The "Smart related articles" extension 1.1 for Joomla! does not prevent direct requests to dialog.php there is a missing JEXEC check...
Type confusion
The "Smart related articles" extension 1.1 for Joomla! has XSS in dialog.php nart,type in GET Method...
CVE-2017-7627
The "Smart related articles" extension 1.1 for Joomla! does not prevent direct requests to dialog.php there is a missing JEXEC check...
CVE-2017-7626
The "Smart related articles" extension 1.1 for Joomla! has XSS in dialog.php nart,type in GET Method...
Sql injection
The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php attacker must use searchcats variable in POST method to exploit this vulnerability...
CVE-2017-7628
The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php attacker must use searchcats variable in POST method to exploit this vulnerability...
CVE-2017-7626
The "Smart related articles" extension 1.1 for Joomla! has XSS in dialog.php nart,type in GET Method...
CVE-2017-7628
The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php attacker must use searchcats variable in POST method to exploit this vulnerability...
CVE-2017-7627
The "Smart related articles" extension 1.1 for Joomla! does not prevent direct requests to dialog.php there is a missing JEXEC check...
XCart 5.2.6 Cross Site Scripting
Security Advisory - Curesec Research Team 1. Introduction Affected Product: XCart 5.2.6 Fixed in: 5.2.7 Fixed Version Link: https://www.x-cart.com/xc5kit Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 08/13/2015 Disclosed to public: 11/04/20...
CVE-2014-9582
CVE-2014-9582 affects Codiad 2.4.3 in components/filemanager/dialog.php, where the short_name parameter in a rename action enables cross-site scripting (XSS). This allows remote attackers to inject arbitrary web script or HTML. The issue is explicitly noted as originally mis-mapped to CVE-2014-11...
GroupDocs Viewer 1.4.1 - grpdocs-dialog.php Multiple Parameter XSS
The GroupDocs.Viewer for Cloud WordPress plugin was affected by a grpdocs-dialog.php Multiple Parameter XSS security vulnerability...
GroupDocs Document Annotation 1.3.8 - grpdocs-dialog.php Multiple Parameter XSS
The GroupDocs.Annotation for Cloud WordPress plugin was affected by a grpdocs-dialog.php Multiple Parameter XSS security vulnerability...
WordPress GroupDocs Document Annotation Plugin <= 1.3.8 - XSS
This plugin is prone to a cross site scripting vulnerability in options.php and grpdocs-dialog.php. Solution Update the plugin...
WordPress GroupDocs Viewer Plugin <= 1.4.1 - Cross Site Scripting
This plugin is prone to a cross site scripting vulnerability in options.php and grpdocs-dialog.php. Solution Update the plugin...
WordPress GroupDocs Viewer Plugin <= 1.4.1 - Cross Site Scripting
This plugin is prone to a cross site scripting vulnerability in options.php and grpdocs-dialog.php. Solution Update the plugin...
WordPress GroupDocs Signature Plugin <= 1.2.0 - Cross Site Scripting
This plugin is prone to a cross site scripting vulnerability in grpdocs-dialog.php and options.php. Solution Update the plugin...
CONTENTCustomizer 3.1 Dialog.PHP Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26291/info CONTENTCustomizer is prone to an information-disclosure vulnerability. An attacker can exploit this issue to access sensitive information that may lead to further attacks. CONTENTCustomizer 3.1mp is vulnerable;...