18 matches found
CVE-2020-10425
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-glossary.php by adding a question mark ? followed by the payload...
CVE-2020-10405
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/edit-glossary.php by adding a question mark ? followed by the payload...
CVE-2020-10394
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-glossary.php by adding a question mark ? followed by the payload...
Cross site scripting
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-glossary.php by adding a question mark ? followed by the payload...
Cross site scripting
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-glossary.php by adding a question mark ? followed by the payload...
Cross site request forgery (csrf)
CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request...
CVE-2020-10481
CVE-2020-10481 affects Chadha PHPKB Standard Multi-Language 9. The vulnerability is a CSRF weakness in the endpoint admin/add-glossary.php that allows an attacker to add a new glossary term via a crafted request. Documented CVSS v3.1 base score is 4.3 (Medium) with network attack vector, low atta...
CVE-2020-10476
Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...
CVE-2020-10476
CVE-2020-10476 is a reflected cross-site scripting vulnerability in Chadha PHPKB Standard Multi-Language 9. The flaw resides in admin/manage-glossary.php, where an unsanitized GET parameter sort can inject arbitrary web script or HTML. Red Hat and CNVD entries corroborate the same issue. Impact i...
CVE-2020-10466
CVE-2020-10466 affects Chadha PHPKB Standard Multi-Language 9. It is a reflected XSS in admin/edit-glossary.php triggered via the GET parameter p, allowing injection of arbitrary script/HTML. No exploit details are provided in the documents. A related PTSecurity advisory (PT-2020-12136) suggests ...
CVE-2020-10425
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-glossary.php by adding a question mark ? followed by the payload...
CVE-2020-10405
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/edit-glossary.php by adding a question mark ? followed by the payload...
sealifebase.ca XSS vulnerability
Open Bug Bounty ID: OBB-555847 Description| Value ---|--- Affected Website:| sealifebase.ca Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
fishbase.ca XSS vulnerability
Vulnerable URL: http://www.fishbase.ca/Glossary/Glossary.php?q=%22%3E%3Cscript%3Ealert%28%27XSSPOSED%27%29%3C%2Fscript%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 4468499...
CVE-2004-1980
Directory traversal vulnerability in glossary.php in PROPS 0.6.1 allows remote attackers to view arbitrary files via a .. dot dot in 1 module or 2 format variables...
Props 0.6.1 XSS and Remote File Viewing Vulnerability
Title: Props 0.6.1 XSS and Remote File Viewing Vulnerability. Software: Props 0.6.1 Vendor: http://props.sourceforge.net/ Platform: PHP4 and MySQL Description: PROPS is an open, extensible Internet publishing system designed specifically for periodicals such as newspapers and magazines who want t...
CVE-2004-0302
Directory traversal vulnerability in OWLS 1.0 allows remote attackers to read arbitrary files via a .. dot dot in the 1 file parameter in index.php, 2 editfile in glossary.php, or 3 editfile in newmultiplechoice.php...
CVE-2004-0302
CVE-2004-0302 describes a directory traversal vulnerability in OWLS 1.0, where remote attackers could read arbitrary files by manipulating the .. (dot dot) in parameters of index.php (file), glossary.php (editfile), or newmultiplechoice.php (editfile). The issue is documented across multiple sour...