Lucene search
+L

52 matches found

Prion
Prion
added 2019/09/30 3:15 p.m.13 views

Cross site scripting

Ilch 2.1.22 allows stored XSS via the title, text, or email id to the Jobs Tab...

3.5CVSS4.8AI score0.00677EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/09/30 2:4 p.m.16 views

CVE-2019-17046

Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page...

7.5AI score0.0442EPSS
Exploits1References1
CVE
CVE
added 2019/09/30 2:4 p.m.100 views

CVE-2019-17046

CVE-2019-17046 affects Ilch 2.1.22. The vulnerability arises because PHP is listed under “Allowed files” on the index.php/admin/media/settings/index page, enabling remote code execution. The issue is documented across multiple feeds (NVD, Red Hat, CNVD, osv.dev, CVE listings) as a remote code exe...

9CVSS7.4AI score0.0442EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/09/30 2:4 p.m.91 views

CVE-2019-17045

The CVE-2019-17045 entry concerns Ilch CMS 2.1.22 with a stored XSS in the Jobs Tab, exploitable via the title, text, or email id fields. Root cause cited by CNVD-2019-42862 is lack of proper validation of client-side data. Consequences include execution of client-side code in authenticated conte...

4.8CVSS4.8AI score0.00677EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/09/30 2:4 p.m.17 views

CVE-2019-17045

Ilch 2.1.22 allows stored XSS via the title, text, or email id to the Jobs Tab...

4.9AI score0.00677EPSS
Exploits1References1
CNVD
CNVD
added 2015/02/28 12:0 a.m.4 views

Ilch CMS Cross-Site Request Forgery Vulnerability

Ilch CMS is a Content Management System CMS developed by the Ilch team in Germany, which eliminates the need for users to understand programming languages, modules, design, etc. by providing a simple and scalable base system. A cross-site request forgery vulnerability exists in Ilch CMS. A remote...

6.8CVSS6.9AI score0.00641EPSS
Exploits1References1
NVD
NVD
added 2015/02/25 10:59 p.m.24 views

CVE-2015-2083

Cross-site request forgery CSRF vulnerability in Ilch CMS allows remote attackers to hijack the authentication of administrators for requests that add a value to a profile field via a profilefields request to admin.php...

6.8CVSS7AI score0.00641EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2015/02/25 10:59 p.m.3 views

CVE-2015-2083

Cross-site request forgery CSRF vulnerability in Ilch CMS allows remote attackers to hijack the authentication of administrators for requests that add a value to a profile field via a profilefields request to admin.php...

6.8CVSS5.6AI score0.00641EPSS
Exploits1References3
Prion
Prion
added 2015/02/25 10:59 p.m.11 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Ilch CMS allows remote attackers to hijack the authentication of administrators for requests that add a value to a profile field via a profilefields request to admin.php...

6.8CVSS7.6AI score0.00641EPSS
Exploits1References2
Cvelist
Cvelist
added 2015/02/25 10:0 p.m.26 views

CVE-2015-2083

Cross-site request forgery CSRF vulnerability in Ilch CMS allows remote attackers to hijack the authentication of administrators for requests that add a value to a profile field via a profilefields request to admin.php...

7AI score0.00641EPSS
Exploits1References2
CVE
CVE
added 2015/02/25 10:0 p.m.42 views

CVE-2015-2083

CVE-2015-2083 describes a Cross-site Request Forgery (CSRF) in Ilch CMS. An attacker can exploit requests to admin.php with a profilefields action to add a value to a profile field, potentially hijacking an administrator’s session/authentication. The vulnerability is documented across multiple so...

6.8CVSS7.2AI score0.00641EPSS
Exploits1References2Affected Software1
Packet Storm
Packet Storm
added 2015/02/18 12:0 a.m.32 views

Ilch CMS Cross Site Request Forgery

Affected software: Ilch cms Type of vulnerability: csrf URL: http://www.ilch.de/ Discovered by: Provensec Website: http://www.provensec.com Description: Ilch cms profile field csrf Proof of concept http://demo.opensourcecms.com/ilch/admin.php?profilefields online demo Above field was vulnerable t...

0.6AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.29 views

ilchClan 1.0.5 (regist.php) SQL Injection Vulnerabiility

No description provided by source. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- / \ \ \ \ | | | / / / // |/ | ' \ \ \ // / | | | | | | / / / |||| || \ \ Security Flaw in ilch clan 1.0.5 a,b,c,d,e,f! in regist.php /...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

Ilch CMS 2.0 - Persistent XSS Vulnerability

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

Ilch CMS 1.1 'HTTP_X_FORWARDED_FOR' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/33665/info Ilch CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.177 views

Cross-Site Scripting (XSS) in Ilch CMS

Advisory ID: HTB23203 Product: Ilch CMS Vendor: http://ilch.de Vulnerable Versions: 2.0 and probably prior Tested Version: 2.0 Advisory Publication: February 12, 2014 without technical details Vendor Notification: February 12, 2014 Public Disclosure: March 5, 2014 Vulnerability Type: Cross-Site...

4.3CVSS6.5AI score0.03295EPSS
Exploits6
NVD
NVD
added 2014/03/09 1:16 p.m.35 views

CVE-2014-1944

Cross-site scripting XSS vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to index.php/guestbook/index/newentry...

4.3CVSS5.6AI score0.03295EPSS
Exploits6References5
Prion
Prion
added 2014/03/09 1:16 p.m.25 views

Cross site scripting

Cross-site scripting XSS vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to index.php/guestbook/index/newentry...

4.3CVSS6.1AI score0.03295EPSS
Exploits6References5Affected Software1
Cvelist
Cvelist
added 2014/03/07 8:0 p.m.35 views

CVE-2014-1944

Cross-site scripting XSS vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to index.php/guestbook/index/newentry...

5.6AI score0.03295EPSS
Exploits6References5
CVE
CVE
added 2014/03/07 8:0 p.m.64 views

CVE-2014-1944

CVE-2014-1944 describes a Cross-Site Scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier. The issue arises from insufficient sanitisation of the HTTP POST parameter text sent to /index.php/guestbook/index/newentry, allowing a remote unauthenticated user to inject arbitrary HTML/script that ...

4.3CVSS5.6AI score0.03295EPSS
Exploits6References5Affected Software1
Rows per page
Query Builder