33 matches found
CVE-2022-23899
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java...
CVE-2022-23898
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml...
MingSoft Mcms SQL注入漏洞
MingSoft Mcms is China's MingFei MingSoft company's a complete open source J2ee system . A security vulnerability exists in MingSoft Mcms v5.2.5 that allows an attacker to perform a SQL injection attack via the search.do parameter in the file /web/MCmsAction.java. No details of the vulnerability...
CVE-2021-46063
MCMS v5.2.5 was discovered to contain a Server Side Template Injection SSTI vulnerability via the Template Management module...
MingSoft MCMS 代码问题漏洞
MingSoft MCMS is a complete open source J2ee system from China's MingSoft. A code issue vulnerability exists in MingSoft MCMS, which stems from a file upload vulnerability in MCMS version =5.2.5. An attacker can exploit this vulnerability to execute arbitrary code remotely...
Fortinet FortiPortal 代码问题漏洞
Fortinet FortiPortal is a hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs.Fortinet FortiPortal is vulnerable in versions 6.0.0 to 6.0.4, 5.3 .0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2...
Ruby on Rails Cross-Site Request Forgery Vulnerability (CNVD-2020-32423)
Ruby on Rails is a set of Rails team based on the Ruby language open source Web application framework. A cross-site request forgery vulnerability exists in Ruby on Rails versions prior to 5.2.5 and 6.0.4, which stems from a WEB application that does not adequately validate that a request is comin...
CVE-2019-17651
An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack XSS by injecting malicious JavaScript code into...
PT-2019-15858 · Alfresco · Alfresco Enterprise
Name of the Vulnerable Software and Affected Versions: Alfresco Enterprise versions prior to 5.2.5 Description: The issue allows for stored XSS via an uploaded HTML document. This means an attacker can upload a malicious HTML file to the system, which can then execute scripts on the user's browse...
Acrolinx Server for Windows Path Traversal Vulnerability
Acrolinx Server for Windows is a Windows-based intelligent language analysis server from Acrolinx Germany. A path traversal vulnerability exists in versions of Acrolinx Server for Windows based platforms prior to 5.2.5. No details of the vulnerability are available at this time...
Shopware content management system backend module cross-site scripting vulnerability
Shopware is the German Shopware company's open source e-commerce software. content management system backend modules is one of the content system backend module. A cross-site scripting vulnerability exists in the customer and order section of the content management system backend module in Shopwa...
wireshark: TN5250 infinite loop (wnpa-sec-2014-23)
The dissectwritestructuredfield function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service infinite loop via a crafted packet...
php htmlentities/htmlspecialchars multibyte sequences
The 1 htmlentities and 2 htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465...