Cross site scripting

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-group.php by adding a question mark ? followed by the payload...

CVE-2020-10395

The CVE-2020-10395 issue affects Chadha PHPKB Standard Multi-Language 9 and is described as a Reflected Cross-Site Scripting (XSS) vulnerability. The Red Hat entries specify that URIs handled in admin/header.php can trigger XSS in various admin pages (e.g., admin/add-group.php, admin/add-article....

CVE-2020-10395

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-group.php by adding a question mark ? followed by the payload...

CVE-2017-17580

CVE-2017-17580 affects FS Linkedin Clone 1.0 and is a SQL Injection vulnerability exploitable via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter. The issue is evidenced by CVSS metrics (2.0: base score 7.5, PARTIAL impacts; 3.1: base score 9.8, HIGH i...

internationaltableware.com XSS vulnerability

Open Bug Bounty ID: OBB-255985 Description| Value ---|--- Affected Website:| internationaltableware.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS...

phpBugTracker 1.6.0 - Multiple Vulnerabilities

Advisory: Multiple SQLi, stored/reflecting XSS- and CSRF-vulnerabilities in phpBugTracker v.1.6.0 Advisory ID: SROEADV-2015-16 Author: Steffen Rösemann Affected Software: phpBugTracker v.1.6.0 Vendor URL: https://github.com/a-v-k/phpBugTracker Vendor Status: patched CVE-ID: will asked to be...

Sql injection

Multiple SQL injection vulnerabilities in Zoph aka Zoph Organizes Photos 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 action parameter to group.php or 2 user.php or the 3 locationid parameter to photos.php in php/...

PHP-AddressBook 6.2.4 - (group.php) SQL Injection Vulnerability

No description provided by source. Exploit Title : PHP-AddressBook v6.2.4 SQL INJECTION VULNERABILITIES Script : PHP-AddressBook v6.2.4 Language : PHP DESCRIPTION:Simple, web-based address & phone book, contact manager, organizer. Groups, addresses, e-Mails, phone numbers & birthdays. vCards, LDI...

Sql injection

Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the 1 memberid or 2 groupid parameters in a removemember action or 3 id parameter to...

PHP Address Book Multiple Cross Site Scripting Vulnerabilities

This host is running PHP Address Book and is prone to multiple cross site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: secpodphpaddressbookmultxssvuln.nasl 5950 2017-04-13 09:02:06Z teissa $ PHP Address Book Multiple Cross Site Scripting Vulnerabilities Authors: Sooraj KS Copyright:...

CVE-2012-2903

Multiple cross-site scripting XSS vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO to group.php, or the 2 targetlanguage or 3 targetflag parameter to translate.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO to group.php, or the 2 targetlanguage or 3 targetflag parameter to translate.php...

PHP-AddressBook 6.2.4 - group.php SQL Injection

PHP-AddressBook 6.2.4 - group.php SQL Injection Exploit Title : PHP-AddressBook v6.2.4 SQL INJECTION VULNERABILITIES Script : PHP-AddressBook v6.2.4 Language : PHP DESCRIPTION:Simple, web-based address & phone book, contact manager, organizer. Groups, addresses, e-Mails, phone numbers & birthdays...

PHPFinance 'group.php' SQL Injection and HTML Injection Vulnerabilities

PHPFinance is prone to an SQL-injection vulnerability and an HTML- injection vulnerability because it fails to sufficiently sanitize user- supplied input. An attacker may exploit the HTML-injection issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

PHPFinance 'group.php' SQL Injection and HTML Injection Vulnerabilities

PHPFinance is prone to an SQL-injection vulnerability and an HTML- injection vulnerability because it fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

CVE-2006-0313

Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors involving 1 util.php, 2 userpref.php, 3 user.php, 4 uploadfrm.php, 5 title.php, 6 team.php, 7 stats.php, 8 page.php, 9 org.php, 10 member.php...