Bypass check length at Add Folder feature lead to XSS in module=evvtgendoc

Description I found Stored XSS on https://demo.corebos.com/index.php?action=index&module=evvtgendoc after I was Add Folder Proof of Concept Step 1: Go to Documents function https://demo.corebos.com/index.php?action=index&module=Documents , click Add Folder. Step 2: Intercept request by Burpsuite...

CVE-2018-15633

Cross-site scripting XSS issue in "document" module in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via crafted attachment filenames...

File upload vulnerability in aitecms

AIT Content Management System aitecms is a customer information management system developed by php + MySQL the original dream core. aitecms there is a file upload vulnerability, the vulnerability is due to publish document module to upload pictures did not do the validation, the attacker can use...

SA-CONTRIB-2014-102 - Document - Cross Site Scripting

Document module is a basic Document Management System for Drupal. Cross Site Scripting XSS The module wasn't sanitizing user input sufficiently in a few use cases. This vulnerability is mitigated by the the fact that a user must have permissions to add or edit documents to be able to exploit the...

BrowserCRM 5.100.1 - contact_id SQL Injection

BrowserCRM 5.100.1 - contactid SQL Injection source: https://www.securityfocus.com/bid/51060/info Browser CRM is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these...