45 matches found
CVE-2023-50760
Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/updateprofilepic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application...
PT-2024-13967 · Unknown · Online Notice Board System
Name of the Vulnerable Software and Affected Versions: Online Notice Board System version 1.0 Description: The issue is related to an Insecure File Upload vulnerability. This vulnerability is located in the f parameter of the "user/update profile pic.php" page, allowing an authenticated attacker ...
CVE-2022-48111
A cross-site scripting XSS vulnerability in the checklogin function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter...
CVE-2022-48111
A cross-site scripting XSS vulnerability in the checklogin function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter...
PT-2023-15575 · Sipe S.R.L · Wi400
Name of the Vulnerable Software and Affected Versions: SIPE s.r.l WI400 versions 8 through 11 Description: A cross-site scripting XSS issue in the check login function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter. This enables the...
SUSE CVE-2010-3906
Cross-site scripting XSS vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 f and 2 fp parameters...
Ambit Technologies Itech Movie Portal Script 安全漏洞
Ambit Technologies Itech Movie Portal Script is a Movie Portal Script from Ambit Technologies, USA. A security vulnerability exists in Ambit Technologies Itech Movie Portal Script version 7.36, which stems from some unknown functionality in movie.php, where manipulation of the parameter f can lea...
Border Loading Bar <= 1.0.1 - Reflected Cross-Site Scripting
The plugin is vulnerable to Reflected Cross-Site Scripting via the f and t parameter found in the /titan-framework/iframe-googlefont-preview.php file which allows attackers to inject arbitrary web scripts...
VulnCheck KEV: CVE-2005-2847
img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter...
S-CMS e-commerce system aj***.php page L_f*** parameter has SQL injection vulnerability
S-CMS e-commerce system is an e-commerce software. S-CMS e-commerce system aj.php page Lf parameter exists SQL injection vulnerability, an attacker can use the vulnerability to obtain database sensitive information...
DedeCMS Cross-Site Scripting Vulnerability (CNVD-2019-01728)
DedeCMS is a PHP-based web content management system CMS. A cross-site scripting vulnerability exists in the /member/uploadsselect.php file in DedeCMS version 5.7 SP2, which can be exploited by a remote attacker with the help of the 'f' or 'keyword' parameter to A remote attacker can use the 'f' ...
CVE-2018-17832
XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter...
CVE-2018-17832
WUZHICMS 2.0 is affected by a Cross-Site Scripting (XSS) vulnerability in index.php, exploitable via the v and f GET parameters. The issue is described as XSS in the WUZHICMS 2.0 web application, with PoC references showing injected content via index.php?v= and index.php?f=. No explicit root-caus...
CVE-2018-13123
onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to read arbitrary files via the i and f parameters, as demonstrated by ?i=etc/&f=passwd&p=rawview for the /etc/passwd file...
MediaWiki cross-site scripting vulnerability (CNVD-2015-05871)
MediaWiki is a free and free web-based Wiki engine developed and maintained by the Wikimedia Foundation and MediaWiki volunteers, which can be used to deploy in-house knowledge management and content management systems. A cross-site scripting vulnerability exists in MediaWiki's thumb.php script. ...
DEBIAN-CVE-2015-6730
Cross-site scripting XSS vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to "ForeignAPI images."...
CVE-2015-6730
Cross-site scripting XSS vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to "ForeignAPI images."...
UBUNTU-CVE-2015-6730
Cross-site scripting XSS vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to "ForeignAPI images."...
CVE-2015-6730
Cross-site scripting XSS vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to "ForeignAPI images."...
DEBIAN-CVE-2010-3906
Cross-site scripting XSS vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 f and 2 fp parameters...