27 matches found
CVE-2024-30855
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /src/dede/makehtmllistaction.php...
CVE-2024-30855
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /src/dede/makehtmllistaction.php...
CVE-2024-30855
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /src/dede/makehtmllistaction.php...
CVE-2024-30855
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /src/dede/makehtmllistaction.php...
CVE-2024-30855
DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /src/dede/makehtmllistaction.php...
PT-2025-53785
Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7 Description The software contains a Cross-Site Request Forgery CSRF issue. The vulnerability is located in the /src/dede/makehtml list action.php endpoint. A malicious actor can potentially cause a user to perform unintende...
CVE-2024-30855
DedeCMS v5.7 is identified as affected by a Cross-Site Request Forgery (CSRF) vulnerability in the endpoint /src/dede/makehtml_list_action.php. The CVE record notes a high-severity issue (CVSS v3.1: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) with user interaction required, indicating potential impact t...
CVE-2024-33371
Cross Site Scripting vulnerability in DedeCMS v.5.7.113 allows a remote attacker to execute arbitrary code via the typeid parameter in the makehtmllistaction.php component...
Debian DLA-2348-1 : php-horde-core security update
In Horde Groupware, there has been an XSS vulnerability in two components via the Color field in a Create Task List action. For Debian 9 stretch, this problem has been fixed in version 2.27.6+debian1-2+deb9u1. We recommend that you upgrade your php-horde-core packages. For the detailed security...
CVE-2012-1114
A Cross-Site Scripting XSS vulnerability exists in LDAP Account Manager LAM Pro 3.6 in the filter parameter to cmd.php in an export and exporterid action. and the filteruid parameter to list.php...
CVE-2019-15818
The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for WordPress has no requirement for authentication for action=bulk301export or action=bulk301clearlist...
CVE-2017-16907
In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...
CVE-2017-16907
In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...
CVE-2014-100010
Cross-site scripting XSS vulnerability in ClanSphere 2011.4 allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php...
CVE-2014-100010
Cross-site scripting XSS vulnerability in ClanSphere 2011.4 allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php...
CVE-2014-4165
Cross-site scripting XSS vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin...
UBUNTU-CVE-2014-4165
Cross-site scripting XSS vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin...
Cross site scripting
Cross-site scripting XSS vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin...
CVE-2014-4165
CVE-2014-4165 is an XSS in ntop's web interface: lack of filtering in the title parameter of links to rrdPlugin allows remote attackers to inject script/HTML. Affected component is ntop’s web UI (plugins/rrdPlugin). Impact is XSS for users viewing the interface. Remediation: updated ntop packages...
CVE-2011-1667
SQL injection vulnerability in index.php in Anzeigenmarkt 2011 allows remote attackers to execute arbitrary SQL commands via the q parameter in a list action...