CVE-2022-1457

Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the...

CVE-2022-1457

Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the...

Cross site scripting

Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the...

CVE-2022-1457

CVE-2022-1457 corresponds to a stored XSS vulnerability in the FacturaScripts project neorazorx/facturascripts, affecting the title parameter on EditUser and EditProducto pages prior to 2022.04. The issue allows an attacker to inject scripts that can exfiltrate data or compromise user sessions, w...

CVE-2022-1457 Store XSS in title parameter executing at EditUser Page & EditProducto page in neorazorx/facturascripts

Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the...

FacturaScripts 跨站脚本漏洞

FacturaScripts is an open source ERP software from the individual developer Carlos Garcia in Spain. A cross-site scripting vulnerability exists in NeoRazorX FacturaScripts versions prior to 2022.04, which stems from a lack of filtering and escaping of the title parameter executed on the EditUser...

CVE-2020-36033

SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the id parameter to edituser.php...

CVE-2020-36033

SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the id parameter to edituser.php...

CVE-2020-20474

White Shark System WSS 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the defaulttaskedituser.php files failing to filter the csatouser parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information...

White Shark System SQL注入漏洞

White Shark System WSS is a browser-based collaboration platform that integrates Project Management, Task Management, Work Management and Work Log Management. Project Management", "Task Management", "Work Management" and "Work Log Management". A SQL injection vulnerability exists in White Shark...

Cross site request forgery (csrf)

An issue was discovered in index.php in baijiacms V4 v41420170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser...

CVE-2018-10503

An issue was discovered in index.php in baijiacms V4 v41420170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser...

CVE-2017-16935

Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/servercomm/messages.xml, as demonstrated by changing the admin password by obtaining account detail...

Exponent CMS 2.3.5 Cross Site Scripting

CVE-2015-8667 - Exponent CMS 2.3.5 Multiple Cross Site Scripting Vulnerabilities Product : Exponent CMS CVE : CVE-2015-8667 Author : Sachin Wagh Affected Version : Exponent CMS 2.3.5 Fixed Version: Exponent CMS 2.3.7 ============================================================================...

Multiple Cross-Site Scripting Vulnerabilities in Exponent CMS

OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from the American OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. A cross-site scripting...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO, the 2 src parameter in a none action to index.php, or the 3 "First...

2daybiz Template Monster Clone (edituser.php) Change Pass Exploit

No description provided by source. title Template Monster Clone Change Password /title /head head /head body bgcolor=000000 pfont size=6 color=FF0000a href=http://www.2daybiz.com/ font color=FF00002daybiz/font/a Template Monster Clone /font/p TABLE border=0 width=780 align=center TR TDTABLE...

AlkalinePHP <= 0.77.35 (adduser.php) Arbitrary Add-Admin Vuln

No description provided by source. --==+================================================================================+==-- --==+ AlkalinePHP = 0.77.35 adduser.php Arbitrary Add-Admin +==-- --==+================================================================================+==-- Discovered By:...

CVE-2010-5285

Cross-site request forgery CSRF vulnerability in admin.php in Collabtive 0.6.5 allows remote attackers to hijack the authentication of administrators for requests that add administrative users via the edituser action...

CVE-2012-0987

Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x before 1.2.7 Final and 1.3.x before 1.3.1 Final allows remote authenticated users to include and execute arbitrary local files via a .. dot dot in the icmsConfigPluginssanitizerplugins parameter...