2 matches found
CentOS Web Panel Cross-Site Scripting Vulnerability (CNVD-2019-12907)
CentOS Web Panel CWP is a free web hosting control panel. A cross-site scripting vulnerability exists in the email field in CWP versions 0.9.8.793 Free and 0.9.8.753 Pro, which stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit this...
vBulletin Email Field XSS
According to its banner, the version of vBulletin installed on the remote host does not properly sanitize user-supplied-input to the email field in the 'profile.php' script. Using a specially crafted email address in his profile, an authenticated attacker can leverage this issue to inject arbitra...