37 matches found
CVE-2024-3463
A vulnerability has been found in SourceCodester Laundry Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /karyawan/edit. The manipulation of the argument karyawan leads to cross site scripting. The attack can be initiated remotely. The...
SourceCodester Laundry Management System 跨站脚本漏洞
Laundry Management System is a laundry management system. A cross-site scripting vulnerability exists in SourceCodester Laundry Management System version 1.0, which stems from a cross-site scripting attack on the karyawan parameter of the /karyawan/edit file...
CVE-2024-2821
A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Affected by this issue is some unknown functionality of the file /src/dede/friendlinkedit.php. The manipulation of the argument id leads to cross-site request forgery. The attack may be launched remotely. The...
CVE-2024-28672
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/mediaedit.php...
CVE-2024-28669
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/freelistedit.php...
Desdev DedeCMS Security Breach
Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has the functions of content publishing, content management, content editing and content retrieval. A security vulnerability exists ...
liuwy-dlsdys zhglxt Cross-Site Scripting Vulnerability
zhglxt is a web application by the Chinese liuwy-dlsdys individual developer. A cross-site scripting vulnerability exists in liuwy-dlsdys zhglxt version 4.7.7, which stems from the parameter notifyTitle in the file /oa/notify/edit that causes cross-site scripting...
CVE-2023-33479
RemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file...
CVE-2023-1569
A vulnerability classified as problematic was found in SourceCodester E-Commerce System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/user/controller.php?action=edit. The manipulation of the argument UNAME with the input alert'1' leads to cross site scripting...
DuxCMS 安全漏洞
DuxCMS is an open source content management system. A security vulnerability exists in DuxCMS version 2.1, which originates from cross-site scripting due to manipulation of the content parameter in an unknown section of its Article Handler component admin.php&r=article/AdminContent/edit file. The...
CVE-2022-40403
Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/featureedit.php...
Pagekit 跨站脚本漏洞
Pagekit is a modular, lightweight CMS Content Management System. A security vulnerability exists in Pagekit CMS v1.0.18. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the Markdown text box under /blog/post/edit...
Online Ordering System SQL注入漏洞
Online Ordering System is a multi-store ordering system that can be used by any small business. an SQL injection vulnerability exists in Online Ordering System version v2.3.2, which originates from /ordering/admin/store/index.php?view=edit&id= Lack of validation of external input SQL statements c...
CVE-2022-30828
Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\photosedit.php...
Directory traversal
Lei Feng TV CMS aka LFCMS 3.8.6 allows Directory Traversal via crafted use of .. in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/web........1.txt.html URI to read the 1.txt file...
CVE-2018-20604
Lei Feng TV CMS aka LFCMS 3.8.6 allows Directory Traversal via crafted use of .. in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/web........1.txt.html URI to read the 1.txt file...
CVE-2014-9362
Cross-site scripting XSS vulnerability in the path-based meta tag editing form in the Meta tags quick module 7.x-2.x before 7.x-2.8 for Drupal allows remote authenticated users with the "Edit path based meta tags" permission to inject arbitrary web script or HTML via vectors related to deleting a...