CVE-2026-28355

Canarytokens help track activity and actions on a network. Versions prior to sha-7ff0e12 have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can inser...

📄 Gibbon 14.0.01 Frame Injection

Frame injection vulnerabilities exist in Gibbon version 14.0.01. These vulnerabilities allow remote attackers to inject arbitrary HTML frames into the application. This issue is older research added to the archive. Gibbon v14.0.01 - Frame Injection Vulnerabilities Advisory ID: RO-18-012 Severity:...

CVE-2024-22569

Stored Cross-Site Scripting XSS vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&isinstalldb=0...

POSCMS Security Breach

POSCMS is a content management system. A security vulnerability exists in POSCMS version v4.6.2. An attacker can exploit the vulnerability by executing arbitrary code via a specially crafted payload to /index.php?c=install&m=index&step=2&isinstalldb=0...

CVE-2023-44043

A reflected cross-site scripting XSS vulnerability in /install/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website title parameter...

CVE-2023-41601

Multiple cross-site scripting XSS vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters...

PT-2022-25596 · Unknown · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP & CRM versions =15.0.3 Description: The issue allows malicious code to be inserted into the database and then executed by eval. By default, any administrator can be added to the installation page of dolibarr, and if successfully...

bugs cross-site scripting vulnerability (CNVD-2021-83572)

Bugs is a branch of the open source Tinyissue defect tracking system by Alexandre Plennevaux, a personal developer in Belgium. bugs 1.8 and earlier versions of install/index.php are vulnerable to cross-site scripting, which can be exploited by remote attackers to inject arbitrary Web script or HT...

CVE-2021-40924

Cross-site scripting XSS vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the firstname parameter...

CVE-2019-17610

HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter...

CVE-2019-7660

An issue was discovered in PHPMyWind 5.5. The username parameter of the /install/index.php page has a stored Cross-site Scripting XSS vulnerability, as demonstrated by admin/login.php...

CVE-2018-20448

Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI...

CVE-2018-20448

Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI...

Monstra CMS 3.0.4 Cross Site Scripting

Exploit Title: Stored XSS at Monstra CMS 3.0.4 Install Page Date: 20.05.2018 Exploit Author: Ismail Tasdelen Vendor Homepage: http://monstra.org/ Software Link: Monstra CMS Version: Monstra CMS 3.0.4 Tested on: Windows 10 / Debian - XAMMP Web Server PoC : https://www.youtube.com/watch?v=AQweKapFz...

Cosmo Arbitrary PHP Code Execution Vulnerability

Cosmo is a set of CMS Content Management System built on AngularJS and PHP. A security vulnerability exists in Cosmo version 1.0.0Beta6. The vulnerability can be exploited to execute arbitrary PHP code via the Database Prefix field in the Database Info screen on the localhost/Cosmo/install.php li...

OIC Exponent CMS Remote Code Execution Vulnerability (CNVD-2017-01760)

Exponent CMS is an open source content management system based on PHP, MySQL and Exponent Framework. A remote code execution vulnerability exists in the /install/index.php page of Exponent CMS, which can be exploited by an attacker to execute arbitrary code in an affected application environment....

Jaws 0.8.8 - Multiple Local File Inclusion Vulnerabilities

No description provided by source. Jaws 0.8.8 Local File Inclusion POST /upgrade/index.php language=../../../../../../../../../../../../etc/passwd%00 POST /install/index.php language=../../../../../../../../../../../../etc/passwd%00 Also vulnerable: Introductioncomplete uselog Author notified: Ja...

Golabi CMS 1.0.1 - Session Poisoning

-------------------------------------------------------------------------------- \ \ / \ | | / \ /\ \ \ \ /| | \ /|| / / | /| /\ / \ / / / // / /// / -------------------------------------------------------------------------------- wWw.CrazyAngel.iR - info-AT-CrazyAngel.iR...