5084 matches found
CVE-2021-29029
Bitweaver 3.1.0 is affected by a cross-site scripting (XSS) vulnerability that allows remote attackers to inject JavaScript through the /users/edit_personal_page.php URI. Root cause is unrelated input handling in that page, per multiple CVE references. Impact is variable depending on context but ...
CVE-2021-29029
A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/editpersonalpage.php URI...
CVE-2021-29027
CVE-2021-29027 describes a cross-site scripting (XSS) vulnerability in Bitweaver v3.1.0 , where an attacker can inject JavaScript via the /users/index.php URI. The connected documents confirm Bitweaver 3.1.0 is affected and show no explicit details on the root cause, exploit conditions, or availa...
CVE-2021-29027
A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/index.php URI...
CVE-2021-29026
CVE-2021-29026 is a reported cross-site scripting (XSS) vulnerability in Bitweaver 3.1.0, exploitable via the /users/admin/permissions.php URI. The affected component is Bitweaver’s web application, with the underlying issue described as an XSS flaw that allows remote attackers to inject JavaScri...
CVE-2021-29025
A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/myimages.php URI...
DynPG Cross-Site Scripting Vulnerability (CNVD-2021-22968)
DynPG is a free open source software for managing web content and modules while focusing on business process automation. A cross-site scripting vulnerability exists in DynPG 4.9.2. A remote attacker can exploit this vulnerability by injecting JavaScript via the "query" parameter...
DynPG Cross-Site Scripting Vulnerability (CNVD-2021-22966)
DynPG is a free open source software for managing web content and modules while focusing on business process automation. A cross-site scripting vulnerability exists in DynPG 4.9.2. A remote attacker can exploit this vulnerability by injecting JavaScript via the "limit" parameter...
DynPG Cross-Site Scripting Vulnerability (CNVD-2021-22965)
DynPG is a free open source software for managing web content and modules while focusing on business process automation. A cross-site scripting vulnerability exists in DynPG 4.9.2. A remote attacker can exploit this vulnerability by injecting JavaScript via the "refID" parameter...
DynPG Cross-Site Scripting Vulnerability (CNVD-2021-22964)
DynPG is a free open source software for managing web content and modules while focusing on business process automation. A cross-site scripting vulnerability exists in DynPG 4.9.2. A remote attacker can exploit this vulnerability by injecting JavaScript via the "valueID" parameter...
DynPG Cross-Site Scripting Vulnerability
DynPG is a free open source software for managing web content and modules while focusing on business process automation. A cross-site scripting vulnerability exists in DynPG 4.9.2. A remote attacker can exploit this vulnerability by injecting JavaScript via the "page" parameter...
Clansphere cross-site scripting vulnerability (CNVD-2021-22962)
ClanSphere is a modular Web-CMS. A cross-site scripting vulnerability exists in Clansphere 2011.4. The vulnerability can be exploited to inject JavaScript via the "language" parameter...
Plone 跨站脚本漏洞
Plone is an open source content management system CMS built on the Zope application server. A cross-site scripting vulnerability exists in Plone version 5.2.3, which stems from the form.widgets.sitetitle parameter not effectively filtering user input, and can be exploited by an attacker to inject...
Bitweaver 跨站脚本漏洞
Bitweaver is a free, open source web application framework and content management system. A cross-site scripting vulnerability exists in Bitweaver 3.1.0. A remote attacker can exploit this vulnerability to inject JavaScript via the /users/admin/usersimport.php URI...
Bitweaver 跨站脚本漏洞
Bitweaver is a free, open source web application framework and content management system. A cross-site scripting vulnerability exists in Bitweaver 3.1.0. A remote attacker can exploit this vulnerability to inject JavaScript via the /users/admin/index.php URI...
Bitweaver 跨站脚本漏洞
Bitweaver is a free, open source web application framework and content management system. A cross-site scripting vulnerability exists in Bitweaver 3.1.0. A remote attacker can exploit this vulnerability to inject JavaScript via the /users/myimages.php URI...
Bitweaver 跨站脚本漏洞
Bitweaver is a free, open source web application framework and content management system. A cross-site scripting vulnerability exists in Bitweaver 3.1.0. A remote attacker can exploit this vulnerability to inject JavaScript via the /users/admin/useractivity.php URI...
Bitweaver 跨站脚本漏洞
Bitweaver is a free, open source web application framework and content management system. A cross-site scripting vulnerability exists in Bitweaver 3.1.0. A remote attacker can exploit this vulnerability to inject JavaScript via the /users/preferences.php URI...
DynPG Cross-Site Scripting Vulnerability (CNVD-2021-22967)
DynPG is a free open source software for managing web content and modules while focusing on business process automation. A cross-site scripting vulnerability exists in DynPG 4.9.2. A remote attacker can exploit this vulnerability to inject JavaScript via a URI in /index.php...
Clansphere Cross-Site Scripting Vulnerability
ClanSphere is a modular Web-CMS. A cross-site scripting vulnerability exists in Clansphere 2011.4. The vulnerability can be exploited to inject JavaScript via the "module" parameter...