85 matches found
CVE-2020-18022
Cross Site Scripting XSS in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the "ewebeditor\3.1.1\kindeditor.js" component...
Cross site scripting
Cross Site Scripting XSS in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the "ewebeditor\3.1.1\kindeditor.js" component...
CVE-2020-18022
CVE-2020-18022 affects Qibosoft QiboCMS v7 and earlier via a flaw in the embedded editor component (ewebeditor 3.1.1 / kindeditor.js). The vulnerability allows remote attackers to inject commands through HTTP requests, enabling Cross Site Scripting (XSS) that can lead to arbitrary code execution ...
CVE-2020-18022
Cross Site Scripting XSS in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the "ewebeditor\3.1.1\kindeditor.js" component...
Qibosoft QiboCMS 跨站脚本漏洞
Qibo QiboCMS is a software application of China Qibo Qibo company. A website building CMS. A cross-site scripting vulnerability exists in Qibosoft QiboCMS v7 and earlier versions, which allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary comman...
XSS Vulnerability in eWebEditor Editor of Fuzhou Extreme Software Development Co.
eWebEditor is the browser-based, WYSIWYG online HTML editor. An XSS vulnerability exists in the eWebEditor editor of Fuzhou Extreme Software Development Co. that can be exploited by attackers to compromise confidentiality...
Unauthorized Access Vulnerability in Ewebeditor Editor of Fuzhou Extreme Software Development Co.
Fuzhou Extreme Software Development Co. eWebEditor editor is a browser-based online HTML editor. Fuzhou Extreme Software Development Co. eWebEditor editor has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information...
Authentication Bypass Vulnerability in CFCMS Editor
CFCMS is a self-service website building platform with full Flash as its core. There is an authentication bypass vulnerability in the editor \xmlEditor\eWebEditor\AdminStyle.asp used in CFCMS, which can be exploited by attackers to bypass the authentication and gain server privileges with Getshel...
Arbitrary File Upload Vulnerability in eWebEditor Editor of Fuzhou Extreme Software Development Co.
Fuzhou Extreme Software Development Co. eWebEditor editor is a browser-based online HTML editor. An arbitrary file upload vulnerability exists in the eWebEditor editor of Fuzhou Extreme Software Development Co. Due to logging into the backend via anonymous access or weak account/password...
万户OA默认安装ewebeditor导致文件上传漏洞
No description provided by source...
鸿信办公自动化系统中5.0 版本的ewebeditor默认配置可文件上传漏洞
No description provided by source...
QiboCMS v7 /ewebeditor/ckfinder/plugins/fileeditor/codemirror/contrib/php/js/net.php 后门
/ewebeditor/ckfinder/plugins/fileeditor/codemirror/contrib/php/js/net.php?php errorreporting7; //设定错误讯息回报的等级 obstart; //打开缓冲区,当缓冲区激活时,所有来自PHP程序的非文件头信息均不会发送,而是保存在内部缓冲区。为了输出缓冲区的内容,可以使用obendflush或flush输出缓冲区的内容。 $mtime = explode' ', microtime; $starttime = $mtime1 + $mtime0; @settimelimit0;...
新云cms建站系统存在ewebeditor上传和iis解析漏洞可批量getshell
简要描述: 详细说明: 新云cms建站系统存在ewebeditor上传和iis解析漏洞,可批量getshell. 利用ewebeditor上传漏洞可以新建一个1.asp的文件夹,再配合iis的解析漏洞就可以成功的拿到shell. 可通过谷歌获得大量的漏洞网站,关键字如下: inurl:Showservices.asp?id= inurl:showkbxx.asp?id= None...
eWebEditor 1.x - (WYSIWYG) Remote File Upload
No description provided by source. ============================================================================= Tilte: eWebEditor v1.x WYSIWYG Remote File Upload . ============================================================================= Date....................: 22-05-2010...
eWebeditor ASP Version - Multiple Vulnerabilities
No description provided by source...
eWebeditor Directory Traversal
No description provided by source. Application Info: Name: eWebeditor Version: all version Vulnerability Info: Type: Directory Traversal Risk: Medium Vulnerability: http://site.com/admin/ewebeditor/admin/upload.asp?id=16&dviewmode=&dir =./...
eWebEditor 3.8 /ewebeditor/php/upload.php 文件上传漏洞
No description provided by source...
eWebEditor v3. 8 column directory vulnerability the [asp version]-a vulnerability warning-the black bar safety net
Title: asp eWebEditor v3. 8 column directory vulnerabilitiesother versions to test Vulnerability file: asp/browse. asp Vulnerability generated: | 1 | Sub InitParam ---|--- 2 | sType = the UCaseTrimRequest. QueryString"type" ---|--- 3 | sStyleName = TrimRequest. QueryString"style" ---|--- 4 |...
eWebEditor 数据库发现漏洞
No description provided by source...
eWebEditor 2.1.6 /upload.asp 文件上传漏洞
eWebEditor是一个基于浏览器的在线HTML编辑器,其 1.1.3 2.1.6版本/Upload.asp文件的InitUpload函数处第168行存在sql注入,这里并没有对请求中的参数style进行过滤。...