138 matches found
CVE-2022-38527
UCMS v1.6.0 was discovered to contain a cross-site scripting XSS vulnerability via the Import function under the Site Management page...
CVE-2022-38527
UCMS v1.6.0 was discovered to contain a cross-site scripting XSS vulnerability via the Import function under the Site Management page...
Cross site scripting
UCMS v1.6.0 was discovered to contain a cross-site scripting XSS vulnerability via the Import function under the Site Management page...
CVE-2022-38527
UCMS v1.6.0 was discovered to contain a cross-site scripting XSS vulnerability via the Import function under the Site Management page...
CVE-2022-38527
UCMS v1.6.0 was discovered to contain a cross-site scripting XSS vulnerability via the Import function under the Site Management page...
CVE-2022-38527
CVE-2022-38527 : UCMS v1.6.0 contains a cross-site scripting (XSS) vulnerability via the Import function in the Site Management page. The provided sources consistently identify UCMS 1.6.0 and the Import function as the vulnerable vector, with the root cause described as an XSS flaw and no public ...
PT-2022-24436 · Ucms · Ucms
Name of the Vulnerable Software and Affected Versions: UCMS version 1.6.0 Description: A cross-site scripting XSS issue was found in UCMS via the Import function under the Site Management page. This allows for potential malicious script execution. Recommendations: For UCMS version 1.6.0, consider...
UCMS 跨站脚本漏洞
UCMS is a content management system written in PHP. A security vulnerability exists in UCMS v1.6.0, which originates from the fact that an attacker can implement cross-site scripting via the Import function of its web management interface...
Openscad 缓冲区错误漏洞
Openscad is an Openscad open source for creating solid 3D CAD objects. Openscad has a security vulnerability that stems from the fact that when imported using import, a drawing with certain not necessarily incorrectly formatted! attributes, a DXF-formatted drawing may result in an out-of-bounds...
CVE-2020-23060
Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Export/Import function. This vulnerability allows attackers to escalate local process privileges via a crafted ef2 file...
CVE-2020-23060
Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Export/Import function. This vulnerability allows attackers to escalate local process privileges via a crafted ef2 file...
SuiteCRM Path Traversal Vulnerability (CNVD-2021-88951)
SuiteCRM is a customer relationship management system from the SuiteCRM Suitecrm team. SuiteCRM has a security vulnerability that allows an attacker to include arbitrary files via the filename parameter portion of the Step3 import function...
Cross-Site Request Forgery (CSRF) in erikdubbelboer/phpredisadmin
✍️ Description The Import functionality in the application is vulnerable to CSRF attacks. 🕵️♂️ Proof of Concept history.pushState'', '', '/' 💥 Impact This vulnerability can let an attacker import data to the database without the knowledge/interaction of the user...
WordPress Plugin RSVPMaker 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...
CVE-2021-25838
The Import function in MintHCM RELEASE 3.0.8 allows an attacker to execute a cross-site scripting XSS payload in file-upload...
CVE-2021-25838
MintHCM Release 3.0.8 contains an XSS vulnerability in the Import feature during file-upload. The issue arises from the Import functionality allowing an attacker to inject and execute JavaScript in uploaded content, enabling cross-site scripting. Impact is limited to XSS as described in multiple ...
CVE-2021-25838
The Import function in MintHCM RELEASE 3.0.8 allows an attacker to execute a cross-site scripting XSS payload in file-upload...
OpenMRS Input Validation Error Vulnerability (CNVD-2020-26250)
OpenMRS is an open source electronic medical record system from OpenMRS, Inc. in the United States. OpenMRS suffers from an input validation error vulnerability that stems from the import function of the data exchange module not properly redirecting to the login page. An attacker could exploit th...
WordPress ultimate-faqs plugin input validation error vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ultimate-faqs is a FAQ plugin used in it. An input validation error vulnerability exists in the Functions/EWDUFAQImport.php file in...
CVE-2019-11677
The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity XXE Injection...