10 matches found
EUVD-2020-11172
Malware in sbrugna...
CVE-2020-19266
A stored cross-site scripting XSS vulnerability in the index.php/Dswjcms/Site/articleList component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML...
CVE-2020-19267
An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows attackers to execute arbitrary code via uploading a crafted PHP file...
CVE-2020-19265
A stored cross-site scripting XSS vulnerability in the index.php/Dswjcms/Basis/links component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML...
CVE-2020-19266
A stored cross-site scripting XSS vulnerability in the index.php/Dswjcms/Site/articleList component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the index.php/Dswjcms/Basis/links component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML...
Cross site request forgery (csrf)
A cross-site request forgery CSRF in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenticated attackers to arbitrarily add administrator users...
CVE-2020-19268
CVE-2020-19268: CSRF in Dswjcms 1.6.4 (endpoint index.php/Dswjcms/User/tfAdd) allows authenticated attackers to arbitrarily add administrator users. Root cause: insufficient parameter validation/CSRF protection on tfAdd. Impact: unauthorized privilege escalation to admin. Exploitation details are...
CVE-2020-19266
A stored cross-site scripting XSS vulnerability in the index.php/Dswjcms/Site/articleList component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML...
CVE-2020-19265
The provided documents confirm a stored cross-site scripting (XSS) vulnerability in Dswjcms 1.6.4, specifically in the index.php/Dswjcms/Basis/links component. The root cause is lack of proper validation/escaping of input parameters in that component, enabling attackers to store and execute arbit...