ImpressCMS Cross-Site Scripting Vulnerability (CNVD-2023-59104)

ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums and photo albums. A cross-site scripting vulnerability exists in ImpressCMS v1.4.5 and earlier versions, which stems from the lack of effective filtering and escaping of...

GHSA-667R-P4GG-7M2Q ImpressCMS Cross-site Scripting vulnerability

A cross-site scripting XSS vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smilecode parameter of the component /editprofile.php...

CVE-2023-37785

A cross-site scripting XSS vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smilecode parameter of the component /editprofile.php...

CVE-2023-37785

A cross-site scripting XSS vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smilecode parameter of the component /editprofile.php...

Cross site scripting

A cross-site scripting XSS vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smilecode parameter of the component /editprofile.php...

CVE-2023-37785

A cross-site scripting XSS vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smilecode parameter of the component /editprofile.php...

Smartshop 1 - Cross-Site Request Forgery

Exploit Title: Smartshop 1 - Cross site request forgery Date: 2018-06-02 Exploit Author: L0RD or [email protected] Software Link: https://github.com/smakosh/Smartshop/archive/master.zip Vendor Homepage: https://www.behance.net/gallery/49080415/Smartshop-Free-e-commerce-website Version...

Smartshop 1 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: Smartshop 1 - Cross site request forgery Exploit Author: L0RD or email protected Software Link: https://github.com/smakosh/Smartshop/archive/master.zip Vendor Homepage:...

Smartshop 1 Cross Site Request Forgery

Exploit Title: Smartshop 1 - Cross site request forgery Date: 2018-06-02 Exploit Author: L0RD or [email protected] Software Link: https://github.com/smakosh/Smartshop/archive/master.zip Vendor Homepage: https://www.behance.net/gallery/49080415/Smartshop-Free-e-commerce-website Version...

GForge < 4.6b2 (skill_delete) Remote SQL Injection Vulnerability

No description provided by source. Sql Injection Vulnerability In GForge Portcullis Security Advisory 07-014 Vulnerable System: All current versions till 4.6b2 Vulnerability Title: Sql Injection Vulnerability Discovery and Development: Portcullis Security Testing Services. Credit for Discovery:...

iScripts EasyCreate CMS v2.0 - Multiple Web Vulnerabilites

Title: ====== iScripts EasyCreate CMS v2.0 - Multiple Web Vulnerabilites Date: ===== 2012-06-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=588 VL-ID: ===== 588 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: =============...

Viscacha 0.8.1 XSS / SQL Injection / Path Disclosure

================================== Vulnerability ID: HTB22921 Reference: http://www.htbridge.ch/advisory/sqlinjectioninviscacha.html Product: Viscacha Vendor: MaMo Net http://www.viscacha.org Vulnerable Version: 0.8.1 Vendor Notification: 24 March 2011 Vulnerability Type: SQL Injection Risk level...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in editprofile.php in Viscacha 0.8 Gold allow remote authenticated users to inject arbitrary web script or HTML via the 1 skype, 2 yahoo, 3 aol, 4 msn, or 5 jabber parameter in a profile2 action. NOTE: some of these details are obtained from third...

CVE-2009-4567

Viscacha 0.8 Gold is affected by multiple XSS vulnerabilities in editprofile.php (profile2 action). Specifically, the parameters (1) skype, (2) yahoo, (3) aol, (4) msn, and (5) jabber can be abused to inject arbitrary web script/HTML. The issue is exploitable by remote authenticated users, but th...

CVE-2006-4881

Multiple cross-site scripting XSS vulnerabilities in David Bennett PHP-Post PHPp 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the replyuser parameter in a pm.php; 2 the txtjumpto parameter in b dropdown.php; the 3 txterror and 4 txttemplatenotexist parameter...

CVE-2006-3983

PHP remote file inclusion vulnerability in editprofile.php in phpReactor 1.27pl1 allows remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter...

CVE-2006-3983

CVE-2006-3983 : In php(Reactor) 1.27pl1, the editprofile.php component contains a remote file inclusion issue that allows remote attackers to execute arbitrary PHP code by supplying a URL in the pathtohomedir parameter. The connected documents confirm the vulnerability and the injection vector bu...

CVE-2006-3983

PHP remote file inclusion vulnerability in editprofile.php in phpReactor 1.27pl1 allows remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter...

PhpReactor 1.2.7pl1 (pathtohomedir) Remote Inclusion Vulnerability

Exploit for unknown platform in category web applications ================================================================== PhpReactor 1.2.7pl1 pathtohomedir Remote Inclusion Vulnerability ================================================================== phpreactor 1.2.7 pl 1 pathtohomedir...

PhpReactor 1.2.7pl1 - pathtohomedir Remote File Inclusion

PhpReactor 1.2.7pl1 - pathtohomedir Remote File Inclusion www.system-defacers.org Found By CeNGiZ-HaN [email protected] phpreactor 1.2.7 pl 1 pathtohomedir inclusion vulnerability Vulnerable Code in editprofile.php //INCLUDE DB FUNCTIONS if!defined"REACTORINCDB"...