6 matches found
Msvod 10 Cross Site Request Forgery
Exploit Title: Msvod v10 has a CSRF vulnerability to change user information Date: 2019-04-14 Exploit Author: ax8 Vendor Homepage: https://github.com/Li-Siyuan Software Link: https://www.msvodx.com/ Version: v10 CVE : CVE-2019-11375 Msvod v10 has a CSRF vulnerability to change user information vi...
Msvod 10 - Cross-Site Request Forgery (Change User Information) Exploit
Exploit for php platform in category web applications Exploit Title: Msvod v10 has a CSRF vulnerability to change user information Exploit Author: ax8 Vendor Homepage: https://github.com/Li-Siyuan Software Link: https://www.msvodx.com/ Version: v10 CVE : CVE-2019-11375 Msvod v10 has a CSRF...
CVE-2019-11375
CVE-2019-11375 affects Msvod v10 and describes a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to change user information via the URI /admin/member/edit.html. The Red Hat, ENISA EUVD, Exploit-DB, PacketStorm, and related entries corroborate the core issue: a CSRF flaw en...
CVE-2019-9660
Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html "catname" parameter...
CVE-2018-8078
YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adver/edit.html...
CVE-2018-8078
CVE-2018-8078 affects YzmCMS 3.7, where a Stored XSS vulnerability exists in the title parameter of advertisement/adver/edit.html. The root cause is unescaped user input in the title field, enabling arbitrary script/HTML injection. Documented impact is XSS with low to medium severity depending on...