CVE-2009-0534

CVE-2009-0534 refers to a SQL injection vulnerability in FlexCMS. The affected component is the application’s handling of the catId parameter, which can be manipulated by an attacker to execute arbitrary SQL commands remotely. This vulnerability is documented across multiple sources (NVD entry an...

FlexCMS (catId) Remote SQL Injection Vulnerability

No description provided by source. AUTHOR: MisterRichard FlexCMS Remote SQL Injection Discovered by MisterRichard. Developer site: http://www.flexcms.dk/ Developer has not been notified. Live demo: Injection:...

FlexCMS 2.5 - catId SQL Injection

FlexCMS 2.5 - catId SQL Injection AUTHOR: MisterRichard FlexCMS Remote SQL Injection Discovered by MisterRichard. Developer site: http://www.flexcms.dk/ Developer has not been notified. Live demo: Injection:...

FlexCMS 2.5 - 'catId' SQL Injection

AUTHOR: MisterRichard FlexCMS Remote SQL Injection Discovered by MisterRichard. Developer site: http://www.flexcms.dk/ Developer has not been notified. Live demo: Injection: www.target.com/flx/webshop/?catId=145%20union%20all%20select%201,2,3,concatusername,char58,password+from+users--...

FlexCMS SQL Injection

AUTHOR: MisterRichard FlexCMS Remote SQL Injection Discovered by MisterRichard. Developer site: http://www.flexcms.dk/ Developer has not been notified. Live demo: Injection: www.target.com/flx/webshop/?catId=145%20union%20all%20select%201,2,3,concatusername,char58,password+from+users--...

Flex CMS (catId) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================== FlexCMS catId Remote SQL Injection Vulnerability ================================================== AUTHOR: MisterRichard FlexCMS Remote SQL Injection Discovered by MisterRichard. Develope...

CVE-2008-3715

Cross-site scripting XSS vulnerability in inc-core-admin-editor-previouscolorsjs.php in the FlexCMS 2.5 and earlier, when registerglobals is enabled, allows remote attackers to inject arbitrary web script or HTML via the PreviousColorsString parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in inc-core-admin-editor-previouscolorsjs.php in the FlexCMS 2.5 and earlier, when registerglobals is enabled, allows remote attackers to inject arbitrary web script or HTML via the PreviousColorsString parameter...

CVE-2008-3715

Cross-site scripting XSS vulnerability in inc-core-admin-editor-previouscolorsjs.php in the FlexCMS 2.5 and earlier, when registerglobals is enabled, allows remote attackers to inject arbitrary web script or HTML via the PreviousColorsString parameter...

FlexCMS <= 2.5 Cross Site Scripting Vulnerability

---------------------------------------------------------------- Script : FlexCMS = 2.5 Type : Cross Site Scripting Vulnerability Alert : Low ---------------------------------------------------------------- Download From : http://www.flexcms.com/...

flexcms-xss.txt

---------------------------------------------------------------- Script : FlexCMS alertdocument.cookie Attacker can hijack admin cookie with this vulnerability .... Solution for patch : filter PreviousColorsString variable with htmlspecialchars function...

FlexCMS 2.5 - inc-core-admin-editor-previouscolorsjs.php Cross-Site Scripting

FlexCMS 2.5 - inc-core-admin-editor-previouscolorsjs.php Cross-Site Scripting source: https://www.securityfocus.com/bid/30709/info FlexCMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue t...

FlexCMS 2.5 - 'inc-core-admin-editor-previouscolorsjs.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/30709/info FlexCMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...