GHSA-XJ9J-GJXG-7JVQ REDAXO CMS is vulnerable to RCE attack through its template management component

A Remote Code Execution RCE vulnerability in the template management component in REDAXO CMS 5.20.0 allows remote authenticated administrators to execute arbitrary operating system commands by injecting PHP code into an active template. The payload is executed when visitors access frontend pages...

LogicalDOC Community Edition 代码注入漏洞

LogicalDOC Community Edition is a documentation system from the Italian company LogicalDOC. A code injection vulnerability exists in LogicalDOC Community Edition 9.2.1 and earlier versions, which arises from incorrect manipulation of the parameters First Name/Last Name/Company/Address/Phone/Mobil...

WordPress Forge – Front-End Page Builder plugin <= 1.4.6 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

CSRF to Stored Cross Site Scripting XSS vulnerability discovered by Abdi Pranata Patchstack Alliance in WordPress Plugin Forge – Front-End Page Builder versions = 1.4.6...

CVE-2024-50810

hopetree izone lts c011b48 contains a Cross Site Scripting XSS vulnerability in the article comment function. In \apps\comment\views.py, AddCommintView does not securely filter user input and renders it directly to the frontend page through templates...

CVE-2024-50810

hopetree izone lts c011b48 contains a Cross Site Scripting XSS vulnerability in the article comment function. In \apps\comment\views.py, AddCommintView does not securely filter user input and renders it directly to the frontend page through templates...

Popup Anything < 2.1.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in a frontend page, leading to a Reflected Cross-Site Scripting PoC On a post/page where the paocdetails display="keyxxx" shortcode is embed, append the following payload: ?xxx=11111%3Cscript%3Ealert/XSS/%3C/script%3E...

Malicious code in frontend-page (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7b48e387b26f8929aeda3684e157dabf48eba36853154dcde122a0e843d5a43e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3227 Malicious code in frontend-page (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7b48e387b26f8929aeda3684e157dabf48eba36853154dcde122a0e843d5a43e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

jQuery Reply to Comment <= 1.31 - CSRF to Stored Cross-Site Scripting

The plugin does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue. PoC Put the following payload in the 'Quote String' or 'Reply String' setting...

SQL Injection Vulnerability in Shield Spirit Commodity Promotion System Frontend re***.php Page

Shield Spirit commodity promotion system can be applied to multiple types of public number, personal or business subscription number and service number can be used, easy to docking all kinds of public number, through the WeChat public number of the relevant interfaces configured to come into effe...

SQL injection vulnerability in the frontend Ti***_ne***.aspx page of Qixing Trouble Repair System

Qixing Fault Reporting System is a platform based on ASP.NET language to help organizations to report faults. A SQL injection vulnerability exists in the frontend Tine.aspx page of the Qixing Fault Reporting System, which can be exploited by attackers to obtain sensitive information from the...

XSS vulnerability in Weiphp 5.0 frontend Au***.php page

WeiPHP is an open source WeChat public platform development framework, can easily build a personal WeChat public account operation platform. An XSS vulnerability exists in the Weiphp 5.0 frontend Au.php page, which can be exploited by attackers to obtain an administrator cookie...

SQL Injection Vulnerability in Heybbs Frontend us***.php Page

Heybbs micro-community is a front-end based on bootstrap + jq + css, back-end php + mysql development of micro-community program. Heybbs front us.php page SQL injection vulnerability, an attacker can use the vulnerability to obtain database sensitive information...

74cms 4.2.26 SQL Injection Vulnerability in Frontend Co***.php Page

Knight Talent System 74cms is a PHP + MYSQL based on the core development of a set of free + open source professional recruitment system. 74cms 4.2.26 SQL injection vulnerability exists in the frontend Co.php page. An attacker can exploit the vulnerability to obtain sensitive information from the...

XSS vulnerability in Popojicms frontend co***.php page

PopojiCMS is an open source content management system CMS based on the Popoji framework. Popojicms front co.php page has an XSS vulnerability that can be exploited by attackers to inject arbitrary Web script or HTML...

SQL injection vulnerability in yiqicms frontend pr***.php file

Yiqicms is a SEO-based marketing enterprise website system, using PHP+Mysql open source building system. There is a SQL injection vulnerability in the front pr.php file of yiqicms. Attackers can use this vulnerability to obtain sensitive information...

SemCms foreign trade website management system (PHP version) front co***.php page has xss vulnerability

SemCms is a set of open source foreign trade enterprise website management system, mainly used for foreign trade enterprises, compatible with IE, Firefox, google, 360 and other mainstream browsers. SemCms foreign trade website management system PHP version front co.php page there are xss...

WMCMS V4.250.513 SQL Injection Vulnerability in Frontend pa***.php Page

WMCMS is based on PHP + MYSQL as the core development, free + open source professional Chinese labeling system. WMCMS V4.250.513 SQL injection vulnerability exists in the front pa.php page, which can be exploited by attackers to obtain sensitive database information...

Ctcms frontend cs***.php page has SQL injection vulnerability

Ctcms is a fast website building system that runs on PHP+MYSQL environment. A SQL injection vulnerability exists in the Ctcms frontend cs.php page. An attacker can exploit the vulnerability to obtain sensitive database information...

WMCMS V4.250.513 SQL Injection Vulnerability in Frontend ca***.php Page

WMCMS is based on PHP + MYSQL as the core development, free + open source professional Chinese labeling system. WMCMS V4.250.513 SQL injection vulnerability exists in the front ca.php page, which can be exploited by attackers to obtain sensitive database information...