3 matches found
Cross site scripting
admin.php in BigTree through 4.2.18 has a Cross-site Scripting XSS vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Page action and entering the Navigation Title of a page that is scheduled for future publication aka a...
MKPortal 1.2.1 - '/modules/blog/index.php' Home Template Textarea SQL Injection
source: https://www.securityfocus.com/bid/33300/info MKPortal is prone to multiple security vulnerabilities, including SQL-injection, HTML-injection, cross-site scripting, arbitrary-file-upload, and insecure-temporary-file-creation vulnerabilities. Attackers can exploit these issues to execute...
MKPortal 1.2.1 - modulesblogindex.php Home Template Textarea SQL Injection
MKPortal 1.2.1 - modulesblogindex.php Home Template Textarea SQL Injection source: https://www.securityfocus.com/bid/33300/info MKPortal is prone to multiple security vulnerabilities, including SQL-injection, HTML-injection, cross-site scripting, arbitrary-file-upload, and...