PT-2024-27340 · Unknown +1 · Suluformbundle +1

Name of the Vulnerable Software and Affected Versions: SuluFormBundle versions prior to 2.5.3 Description: The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. The TokenController get parameter formName is not sanitized in the returned input field, which leads to XSS...

OpenEMR 路径遍历漏洞

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A local file inclusion vulnerability exists in versions of OpenEMR prior to 7.0.0,...

SQL Injection Vulnerability in Panmicro OA Office System

Panavision OA Office System is a coordination office software. Panmicro OA Office System suffers from a SQL injection vulnerability and a lack of filtering of the formName parameter, which can be exploited by an attacker to obtain sensitive information from a website database...

Directory traversal

Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. dot dot in the formname parameter to 1 contrib/acog/printform.php; or 2 loadform.php, 3 viewform.php, or 4 trendform.php in interface/patientfile/encounter...

CVE-2012-0991

Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. dot dot in the formname parameter to 1 contrib/acog/printform.php; or 2 loadform.php, 3 viewform.php, or 4 trendform.php in interface/patientfile/encounter...

CVE-2012-0791

Multiple cross-site scripting XSS vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 composeCache, 2 rtemode, or 3 filename parameters to the compose page; 4 formname parameter to the...