63 matches found
CVE-2019-11428
I, Librarian 4.10 has XSS via the export.php exportfiles parameter...
CVE-2019-7334
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export export.php because proper filtration is omitted...
EUVD-2020-2843
Malware in sbrugna...
EUVD-2019-3103
Malware in sbrugna...
EUVD-2020-18382
Malware in sbrugna...
EUVD-2009-0539
Malware in sbrugna...
EUVD-2025-5126
Malicious code in bioql PyPI...
CVE-2012-10025
The WordPress plugin Advanced Custom Fields ACF version 3.5.1 and below contains a remote file inclusion RFI vulnerability in core/actions/export.php. When the PHP configuration directive allowurlinclude is enabled default: Off, an unauthenticated attacker can exploit the acfabspath POST paramete...
CVE-2024-13905 OneStore Sites <= 0.1.1 - Unauthenticated Blind Server-Side Request Forgery
The OneStore Sites plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.1.1 via the class-export.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and...
GHSA-GGWW-Q2GV-M3G4 Dolibarr ERP and CRM contain XSS Vulnerability
Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS...
CVE-2021-38145
An issue was discovered in Form Tools through 3.0.20. SQL Injection can occur via the exportgroupid field when a low-privileged user client tries to export a form with data, e.g., manipulation of modules/exportmanager/export.php?exportgroupid=1&exportgroup1results=all&exporttypeid=1...
EyesOfNetwork eonweb Remote Command Execution Vulnerability
eonweb is the web interface for EyesOfNetwork. A remote command execution vulnerability exists in EyesOfNetwork eonweb version 5.3-11 and earlier. An attacker can exploit this vulnerability to execute commands via shell metacharacters in the nagiospath parameter of lilac/export.php...
CVE-2021-33525
EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution by authenticated users via shell metacharacters in the nagiospath parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl" substring for the shell...
ZoneMinder < 1.34.21 Multiple XSS Vulnerabilities
ZoneMinder is prone to multiple cross-site scripting XSS vulnerabilities via the connkey parameter to download.php or export.php. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2020-52938)
ZoneMinder is a free and open source CCTV software application for Linux environments that supports IP, USB and analog cameras. A cross-site scripting vulnerability exists in ZoneMinder version 1.34.21. The vulnerability can be exploited to conduct cross-site scripting attacks via the connkey...
CVE-2020-25729
ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php...
CVE-2020-25729
ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php...
Design/Logic Flaw
ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php...
CVE-2020-25729
ZoneMinder prior to 1.34.21 is affected by a cross-site scripting (XSS) vulnerability via the connkey parameter in download.php or export.php. The issue is documented across multiple sources (NVD, RH, CNVD, OSV, etc.) with the same description, indicating the vulnerability stems from unsanitized ...
CVE-2020-25729
ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php...