Navidrome has XSS via comment from song metadata

Summary An XSS vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. An attacker's maliciously crafted song has to be added to Navidrome to exploit the vulnerability. Details The frontend is using React. In...

CVE-2020-36870

Various Ruijie Gateway EG and NBR models firmware versions 11.16B9P1 11.94B12P1 contain a code execution vulnerability in the EWEB management system that can be abused via front-end functionality. Attackers can exploit front-end code when features such as guest authentication, local server...

EUVD-2020-23115

Malware in sbrugna...

CVE-2024-45612

Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page front end. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrade should disable canonical tags in the root...

WordPress Page Builder Sandwich plugin <= 5.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Savphill Patchstack Alliance in WordPress Plugin Page Builder Sandwich – Front-End Page Builder versions = 5.1.0...

CVE-2024-3774

aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values...

Sql injection

There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.phpviewUser...

SQL Injection Vulnerability in SemCms Frontend

SemCms is an open source foreign trade enterprise website management system, mainly used for foreign trade enterprises. SemCms front-end SQL injection vulnerability , attackers can use the vulnerability to obtain database sensitive information...

Unauthorized access vulnerability in songcms front-end

SongCMS is a PHP MySQL, ASP Access/SQL Server based development, enterprise-oriented, multi-language support, free, open source CMS to help business users to quickly build and deploy enterprise-level portals. An unauthorized access vulnerability exists in the front-end page of SongCMS. An attacke...

SQL Injection Vulnerability in the Front-end of the Intelligent Graphical Management System for Office Premises of New ChengSoft Technology Co.

The new ChengSoft intelligent graphic management system for office buildings adopts universal functional design, is a suitable for ministries and commissions, provinces, cities, districts and counties organ affairs management departments as well as large-scale enterprises, scientific research...

SQL Injection Vulnerability in the Front-end of Nanjing Benan's Hidden Trouble Investigation and Management Information System for Work Safety Accidents

Nanjing Benan Instrumentation Systems Co., Ltd. is committed to the design and development of hardware and software products in the field of safety production. SQL injection vulnerability exists in the front-end of Nanjing Benan's information system for investigating and managing hidden productio...

Shop7z Online Shopping System Fashion Edition Frontend Sh***.asp File SQL Injection Vulnerability

Shop7z online shopping system is to support Alipay, WeChat payment and a variety of commonly used interfaces, computer and cell phone version and APP seamless combination of data as a whole. Shop7z online shopping system fashion version of the front Sh.asp file SQL injection vulnerability...

DOM-type cross-site scripting vulnerabilities in the front-end of Xingyunhai CMS (XYHcms)

Xing Yunhai CMS XYHcms is a completely open source CMS content management system. Xing Yunhai CMS XYHcms front-end DOM-type cross-site scripting vulnerabilities. Attackers can use the vulnerability to insert js code in the packet to obtain user cookies and other information...

Cloud EC e-commerce system SQL injection vulnerability in the foreground

Cloud EC e-commerce system hereinafter referred to as Cloud EC is a set of PHP + MYSQL-based open source e-commerce system software developed independently by Cloud MYSQL e-commerce Co. Cloud EC e-commerce system SQL injection vulnerability exists in the frontend. Attackers can use the...

Stored Cross-Site Scripting Vulnerability in DuxCms Frontend

DuxCms is a web content management based on HMVC rules and developed in PHP for SMEs, companies, news, individuals and other related industries. DuxCms frontend has a stored cross-site scripting vulnerability. Attackers can insert malicious js code in the front page to get user cookies and other...

BlueTech Enterprise Website Management System (PHP version) front-end arbitrary file download vulnerability

BlueTech Enterprise Website Management System PHP version is developed with PHP+MYSQL technology and MVC mode. Support pseudo-static function, can generate google and baidu map, support custom url, keywords and description, in line with SEO standards. BlueTech enterprise website management system...

ShopsN 2.0 official version of the front-end enterprise_group method SQL injection vulnerability

ShopsN Mall system is a product of Shanghai Yiso Network Technology Co., Ltd, an enterprise-class commercial standard full-featured allow free commercial use of the open source online store full network system. ShopsN 2.0 official version of the foreground enterprisegroup method SQL injection...

WeiPHP v4.0 beta SQL Injection Vulnerability in Frontend UserTagController.class.php Page

WeiPHP is an open source WeChat public platform development framework, can easily build a personal WeChat public account operation platform. WeiPHP v4.0 beta SQL injection vulnerability exists in the front-end UserTagController.class.php page. The vulnerability is due to the front page of the edi...