CVE-2019-16197

CVE-2019-16197 affects Dolibarr 10.0.1, where the value of the HTTP User-Agent header is echoed into the HTML page in htdocs/societe/card.php, causing a reflected XSS. The vulnerability stems from copying header text between HTML tags, allowing potentially injected scripts to execute in the conte...

CVE-2019-16197

In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS...

Cross-site Scripting (XSS)

dolibarr/dolibarr is vulnerable to cross-site scripting XSS. The GETPOST functions in htdocs/product/stats/card.php for example for id parameter are not properly validated, allowing an attacker to inject an arbitrary script which will send a specifically crafted link to the user to steal users'...

CVE-2019-1010016

Dolibarr 6.0.4 is affected by: Cross Site Scripting XSS. The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker...

CVE-2019-1010016

Dolibarr 6.0.4 is affected by: Cross Site Scripting XSS. The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker...

Cross site scripting

Dolibarr 6.0.4 is affected by: Cross Site Scripting XSS. The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker...

CVE-2019-1010016

Dolibarr 6.0.4 is affected by: Cross Site Scripting XSS. The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker...

CVE-2019-1010016

CVE-2019-1010016 affects Dolibarr 6.0.4 with a Cross-Site Scripting (XSS) vulnerability in the file htdocs/product/stats/card.php. The attack requires a victim to click a specially crafted link sent by the attacker, which can lead to cookie stealing. The provided documents confirm the vulnerable ...

CVE-2019-1010016

Dolibarr 6.0.4 is affected by: Cross Site Scripting XSS. The impact is: Cookie stealing. The component is: htdocs/product/stats/card.php. The attack vector is: Victim must click a specially crafted link sent by the attacker...

Eventum Cross-Site Scripting Vulnerability (CNVD-2019-22273)

Eventum is a defect tracking system. The system is used to track inbound technical support, organizational tasks, bugs, etc. A cross-site scripting vulnerability exists in the htdocs/switch.php file in Eventum version 3.5.0, which stems from a lack of proper validation of client-side data in the...

Eventum Cross-Site Scripting Vulnerability (CNVD-2019-39381)

Eventum is a defect tracking system. The system is used to track inbound technical support, organizational tasks, bugs, etc. A cross-site scripting vulnerability exists in the /htdocs/list.php file in Eventum version 3.5.0. The vulnerability stems from the WEB application failing to properly...

CVE-2018-12628

An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges...

CVE-2018-12623

An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the currentpage parameter...

Open redirect

An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Open Redirect via the currentpage parameter...

CVE-2018-12621

CVE-2018-12621 affects Eventum 3.5.0 with an Open Redirect in /htdocs/switch.php via the current_page parameter. The issue enables redirection to arbitrary URLs. No explicit remediation or patch version is provided in the connected documents; details about exploit availability or mitigations are ...

CVE-2018-12621

An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Open Redirect via the currentpage parameter...

CVE-2018-13983

ImpressCMS 1.3.10 is affected by an XSS vulnerability triggered via PATH_INFO to htdocs/install/index.php, htdocs/install/page_langselect.php, or htdocs/install/page_modcheck.php. The root cause is unvalidated PATH_INFO leading to cross-site scripting, enabling arbitrary HTML/JS execution in a us...

Cross site scripting

XSS vulnerability in htdocs/webinc/js/advparentctrlmap.php in D-Link DIR-868L DIR868LA1FW112b04 and previous versions, DIR-865L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and previous versions allows remote attackers to read a cookie via a crafted...

CVE-2018-6529

XSS vulnerability in htdocs/webinc/js/bscsmsinbox.php in D-Link DIR-868L DIR868LA1FW112b04 and previous versions, DIR-865L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn...

CVE-2018-6528

CVE-2018-6528 refers to an XSS flaw in D-Link DIR-860L/865L/868L routers (bsc_sms_send.php) that allows a remote attacker to read cookies via a crafted receiver parameter to soap.cgi. Root cause: improper input validation in htdocs/webinc/body/bsc_sms_send.php. Affected firmware versions include ...