24 matches found
CVE-2017-1000480
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...
Code injection
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...
74cms at the front Desk The type parameter template engine injection vulnerability
This is a service end template injection vulnerabilities. Application/Home/Controller/MController.class.php apply'Mobile' redirectbuildmobileurl; $type = I'get. type','android','trim'; $androiddownloadurl = C'qscmsandroiddownload'? C'qscmsandroiddownload':"; $iosdownloadurl = C'qscmsiosdownload'?...
Cross-Site Scripting Vulnerability in Hitachi Web Server Status Information Display Function
Overview A cross-site scripting vulnerability has been found with the Status Information Display function of Hitachi Web Server. Impact An attacker could execute a cross-site scripting attack by sending a request that contains malicious scripts. The vulnerability does not affect the products if t...