Sql injection

A vulnerability has been found in fanzila WebFinance 0.5 and classified as critical. This vulnerability affects unknown code of the file htdocs/admin/saveContractSignerRole.php. The manipulation of the argument n/v leads to sql injection. The patch is identified as...

CVE-2022-4586 Opencaching Deutschland oc-server3 Cachelist cachelists.tpl cross site scripting

A vulnerability classified as problematic was found in Opencaching Deutschland oc-server3. This vulnerability affects unknown code of the file htdocs/templates2/ocstyle/cachelists.tpl of the component Cachelist Handler. The manipulation of the argument namefilter/byfilter leads to cross site...

Command injection

DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php...

Dolibarr Cross Site Scripting (XSS)

Dolibarr 6.0.4 is affected by: Cross Site Scripting XSS. The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker...

GHSA-97FP-5M87-R9MF Dolibarr Cross Site Scripting (XSS)

Dolibarr 6.0.4 is affected by: Cross Site Scripting XSS. The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker...

GHSA-G32Q-4FHF-CQ72 ImpressCMS XSS

ImpressCMS 1.3.10 has XSS via the PATHINFO to htdocs/install/index.php, htdocs/install/pagelangselect.php, or htdocs/install/pagemodcheck.php...

Review Board Cross-site scripting (XSS) vulnerability in the reviews dropdown

Cross-site scripting XSS vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name...

GHSA-WCJ4-FF9M-5R7G ImpressCMS Path Traversal to Arbitrary File Delete

Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the imagepath parameter in a cancel action...

Dolibarr ERP and CRM contain XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the 1 lastname, 2 firstname, 3 email, 4 job, or 5 signature parameter to htdocs/user/card.php...

Dolibarr ERP and CRM contain XSS Vulnerability

Cross-site scripting XSS vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php...

Dolibarr cross-site scripting (XSS) vulnerability

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the 1 CompanyName, 2 CompanyAddress, 3 CompanyZip, 4 CompanyTown, 5 Fax, 6 EMail, 7 Web, 8 ManagingDirectors, 9 Note, 10 Capital, 11 ProfId1, 12...

Dolibarr ERP and CRM contain XSS Vulnerability

The testsqlandscriptinject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS...

GHSA-QJQ9-WX5J-JRG6 Dolibarr ERP and CRM contain XSS Vulnerability

The testsqlandscriptinject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS...

Design/Logic Flaw

D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi in /htdocs/cgibin, because REMOTEPORT is mishandled. The value of the urn: service/device is checked with the strstr function, which allows an...

Buffer overflow

Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code remote. The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to...

CVE-2017-14948

Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code remote. The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to...

CVE-2017-14948

The CVE-2017-14948 issue affects D-Link DIR-880L (1.08B04) and DIR-895 L/R (1.13b03) due to a buffer overflow in the htdocs/fileaccess.cgi component. A crafted HTTP request where CONTENT_TYPE begins with boundary= and exceeds 256 characters can trigger a buffer overflow, potentially enabling remo...

CVE-2019-16197

In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS...

Cross site scripting

In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS...

UBUNTU-CVE-2019-16197

In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS...