63 matches found
CVE-2020-25729
ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php...
CVE-2020-10390
OS Command Injection in export.php vulnerable function called from include/functions-article.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path via admin/save-settings.php...
Command injection
OS Command Injection in export.php vulnerable function called from include/functions-article.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by saving the code to be executed as the wkhtmltopdf path via admin/save-settings.php...
CVE-2020-10390
CVE-2020-10390 affects Chadha PHPKB Standard Multi-Language 9. The OS command injection exists in export.php (called from include/functions-article.php) allowing remote code execution by saving malicious code into the wkhtmltopdf path via admin/save-settings.php. This is documented across multipl...
CVE-2014-8674
Multiple Cross-Site Scripting XSS vulnerabilities exist in Simple Online Planning SOPlanning before 1.33 via the document.cookie in nbmois and mbligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code...
CVE-2019-11428
I, Librarian 4.10 has XSS via the export.php exportfiles parameter...
CVE-2019-11428
I, Librarian 4.10 has XSS via the export.php exportfiles parameter...
PT-2019-12307
Name of the Vulnerable Software and Affected Versions I, Librarian version 4.10 Description The issue is related to a security problem where an attacker can execute malicious scripts. This is achieved through the export files parameter in the "export.php" API endpoint. Recommendations For I,...
CVE-2019-7334
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export export.php because proper filtration is omitted...
UBUNTU-CVE-2019-7334
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export export.php because proper filtration is omitted...
Cross-Site Scripting (XSS)
dolibarr/dolibarr is vulnerable to cross-site scripting XSS. The datatoexport parameter in /exports/export.php is not properly sanitized, which would allow a remote attacker to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions on behalf of the...
CVE-2018-19799
Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS...
Cross site scripting
Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS...
CVE-2018-19799
Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS...
Design/Logic Flaw
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an invalid channelname parameter to /index.php?/manage/channel/addchannel or a direct request to /export.php...
CVE-2018-8056
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an invalid channelname parameter to /index.php?/manage/channel/addchannel or a direct request to /export.php...
CVE-2018-8056
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an invalid channelname parameter to /index.php?/manage/channel/addchannel or a direct request to /export.php...
bqmc.upc.edu XSS vulnerability
Vulnerable URL: http://bqmc.upc.edu/export.php?bib=%22%3Etrolo%3Ci%3Etralala%3Cimg%20src=x%20onerror=prompt/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 29.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown...
boutique.allocadeau.com XSS vulnerability
Open Bug Bounty ID: OBB-191246 Description| Value ---|--- Affected Website:| boutique.allocadeau.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Multiple Vulnerabilities in ZKN Cyber Sentinel
ZKXY Network Sentinel is an Internet security auditing system that integrates behavioral auditing and content auditing, and is deployed as a bypass at the network egress. ZKXN Network Sentry suffers from arbitrary file inclusion and arbitrary command execution vulnerabilities. The vulnerability...