42 matches found
CVE-2018-15562
CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or oggettiRicerca parameter to index.php...
Code injection
CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or oggettiRicerca parameter to index.php...
CVE-2018-15562
CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or oggettiRicerca parameter to index.php...
CVE-2018-15562
CMS ISWEB 3.5.3 is affected by a Cross-Site Scripting (XSS) vulnerability in index.php, exploitable via the parameters ordineRis, sezioneRicerca, or oggettiRicerca. The issue allows injection of arbitrary scripts/HTML, enabling remote attackers to run client-side code. Documented exploitation was...
CMS ISWEB 3.5.3 Cross Site Scripting
CMS ISWEB 3.5.3 XSS Reflected CVE CVE-2018-15562 Parameter vuln: ordineRis, sezioneRicerca oggettiRicerca PoC Prints: https://i.imgur.com/5YpESoC.png Vendor of Product http://www.isweb.it Attack Type Remote Attack Vectors Payload:" URL:...
CMS ISWEB 3.5.3 - Directory Traversal Vulnerability
Exploit for php platform in category web applications Exploit Title: CMS ISWEB 3.5.3 - Directory Traversal Exploit Author: Thiago "thxsena" Sena Vendor Homepage: http://www.isweb.it Version: 3.5.3 Tested on: Linux CVE : N/A PoC: CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file...
CMS ISWEB 3.5.3 - Directory Traversal
CMS ISWEB 3.5.3 - Directory Traversal Exploit Title: CMS ISWEB 3.5.3 - Directory Traversal Date: 2018-08-01 Exploit Author: Thiago "thxsena" Sena Vendor Homepage: http://www.isweb.it Version: 3.5.3 Tested on: Linux CVE : N/A PoC: CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file...
CMS ISWEB 3.5.3 Directory Traversal
Exploit Title: CMS ISWEB 3.5.3 - Directory Traversal Date: 2018-08-01 Exploit Author: Thiago "thxsena" Sena Vendor Homepage: http://www.isweb.it Version: 3.5.3 Tested on: Linux CVE : N/A PoC: CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by...
CMS ISWEB 3.5.3 - Directory Traversal
Exploit Title: CMS ISWEB 3.5.3 - Directory Traversal Date: 2018-08-01 Exploit Author: Thiago "thxsena" Sena Vendor Homepage: http://www.isweb.it Version: 3.5.3 Tested on: Linux CVE : N/A PoC: CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file download, as demonstrated by...
isweb cms 3.0 (sql/xss) Multiple Vulnerabilities
No description provided by source. ■ IsWeb CMS v 3.0 $qL/XsS Multiple vulnerabilities --------------------------------------- AuToR: XaDoS SecurityCode Team Contact M&: xados at hotmail dot it B§g: Blind $ql inJection SIte vuln: http://www.cmsisweb.it --------------------------------------- ■ Bli...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in index.php in CMS ISWEB 3.0 allow remote attackers to inject arbitrary web script or HTML via 1 the strcerca parameter aka the input field for the cerca action or 2 the idoggetto parameter. NOTE: some of these details are obtained from third par...
Sql injection
SQL injection vulnerability in index.php in CMS ISWEB 3.0 allows remote attackers to execute arbitrary SQL commands via the idsezione parameter...
CVE-2008-5934
SQL injection vulnerability in index.php in CMS ISWEB 3.0 allows remote attackers to execute arbitrary SQL commands via the idsezione parameter...
CVE-2008-5933
The CVE-2008-5933 entry documents multiple cross-site scripting (XSS) flaws in CMS ISWEB 3.0, specifically in index.php where the strcerca and id_oggetto parameters can be used to inject arbitrary web script or HTML. The vulnerability arises from unsafely handling these inputs, enabling an attack...
CVE-2008-5934
CVE-2008-5934 describes a SQL injection vulnerability in the CMS ISWEB 3.0, specifically in the file index.php, where the parameter id_sezione can be manipulated to cause arbitrary SQL commands to be executed by an attacker. The vulnerability is exploitable remotely and can affect the confidentia...
CVE-2008-5934
SQL injection vulnerability in index.php in CMS ISWEB 3.0 allows remote attackers to execute arbitrary SQL commands via the idsezione parameter...
CVE-2008-5933
Multiple cross-site scripting XSS vulnerabilities in index.php in CMS ISWEB 3.0 allow remote attackers to inject arbitrary web script or HTML via 1 the strcerca parameter aka the input field for the cerca action or 2 the idoggetto parameter. NOTE: some of these details are obtained from third par...
IsWeb CMS 3.0 (SQL/XSS) Multiple Remote Vulnerabilities
No description provided by source. ■ IsWeb CMS v 3.0 $qL/XsS Multiple vulnerabilities --------------------------------------- AuToR: XaDoS SecurityCode Team Contact M&: xados at hotmail dot it B§g: Blind $ql inJection SIte vuln: http://www.cmsisweb.it --------------------------------------- ■ Bli...
IsWeb CMS 3.0 SQL Injection / XSS
■ IsWeb CMS v 3.0 $qL/XsS Multiple vulnerabilities --------------------------------------- AuToR: XaDoS SecurityCode Team Contact M&: xados at hotmail dot it B§g: Blind $ql inJection SIte vuln: http://www.cmsisweb.it --------------------------------------- DeM0: |:...
IsWeb CMS 3.0 (SQL/XSS) Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ======================================================= IsWeb CMS 3.0 SQL/XSS Multiple Remote Vulnerabilities ======================================================= ¦ IsWeb CMS v 3.0 $qL/XsS Multiple vulnerabilities...