150 matches found
CVE-2018-10073
joyplus-cms 1.6.0 has XSS in manager/adminvod.php via the keyword parameter...
Design/Logic Flaw
joyplus-cms 1.6.0 has XSS in manager/adminvod.php via the keyword parameter...
CVE-2018-10073
joyplus-cms 1.6.0 has XSS in manager/adminvod.php via the keyword parameter...
CVE-2018-10073
joyplus-cms 1.6.0 has XSS in manager/adminvod.php via the keyword parameter...
CVE-2018-10073
The CVE-2018-10073 entry applies to joyplus-cms 1.6.0, where a cross-site scripting vulnerability exists in manager/admin_vod.php via the keyword parameter. Root cause is improper handling of the keyword input leading to XSS. Documents state the affected software and vulnerable parameter but do n...
Joyplus CMS Information Disclosure Vulnerability
Joyplus CMS is an efficient video movie website management system built with PHPmysql, independently developed by Zhi Jing Technology, which has been used as a backend management system for free products Joyplus Video, and after continuous improvement, it now has a complete functional system and...
CVE-2018-10028
joyplus-cms 1.6.0 allows remote attackers to obtain sensitive information via a direct request to the install/ or log/ URI...
Information disclosure
joyplus-cms 1.6.0 allows remote attackers to obtain sensitive information via a direct request to the install/ or log/ URI...
CVE-2018-10028
joyplus-cms 1.6.0 allows remote attackers to obtain sensitive information via a direct request to the install/ or log/ URI...
CVE-2018-10028
joyplus-cms 1.6.0 allows remote attackers to obtain sensitive information via a direct request to the install/ or log/ URI...
CVE-2018-10028
Affected software: Joyplus CMS 1.6.0. Vulnerability: Information disclosure via direct requests to the install/ or log/ URIs, enabling remote attackers to obtain sensitive information. Root cause / notes: Documented across multiple sources (NVD, Red Hat, CNVD) with identical description; no expli...
joyplus-cms cross-site scripting vulnerability
joyplus-cms joy video is an open source video backend management system based on PHP and MySQL. The system has a video resource acquisition , user feedback management , automatic address resolution and message push management and other functions . A cross-site scripting vulnerability exists in...
CVE-2018-8767
joyplus-cms 1.6.0 has XSS in manager/adminajax.php?action=save&tab=prevodtype via the tname parameter...
CVE-2018-8767
joyplus-cms 1.6.0 has XSS in manager/adminajax.php?action=save&tab=prevodtype via the tname parameter...
Design/Logic Flaw
joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/adminvod.php?action=add...
CVE-2018-8766
joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/adminvod.php?action=add...
Design/Logic Flaw
joyplus-cms 1.6.0 has XSS in manager/adminajax.php?action=save&tab=prevodtype via the tname parameter...
CVE-2018-8766
joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/adminvod.php?action=add...
CVE-2018-8766
joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary File Upload issue in manager/editor/upload.php, related to manager/adminvod.php?action=add...
CVE-2018-8767
joyplus-cms 1.6.0 has XSS in manager/adminajax.php?action=save&tab=prevodtype via the tname parameter...