Cross-Site Scripting (XSS)

mailman is vulnerable to cross-site scripting XSS. A listowner is able to inject and execute arbitrary Javascripts in a user's browser via the listinfo pages...

mailman: Cross-site scripting vulnerability allows malicious listowners to inject scripts into listinfo pages

A cross-site scripting vulnerability XSS has been discovered in mailman due to the hostname field not being properly validated. A malicious list owner could use this flaw to create a specially crafted list and inject client-side scripts...

Security update for mailman (moderate)

This update for mailman fixes the following issues: Security issue fixed: - CVE-2018-13796: Fix a content spoofing vulnerability with invalid list name messages inside the web UI boo1101288. Bug fixes: - update to 2.1.29: Fixed the listinfo and admin overview pages that were broken - update to...

PHPCMS V9 index.php 跨站脚本漏洞

漏洞文件：phpcms/modules/message/templates/index.php 漏洞代码： 176行: $replyinfos= $this-messagedb-listinfo$where,$order = 'messageid ASC',$page, $pages = '10'; 191行: $replyinfos= $this-messagedb-listinfo$where,$order = 'messageid ASC',$page, $pages = '10'; 漏洞代码： 将176行和191行都替换为成: $replyinfos...

Phpcms 2008 space.api.php SQL注入漏洞

Phpcms 是国内领先的网站内容管理系统，同时也是一个开源的PHP开发框架。 在文件api/space.api.php中： $arrcontent = $content-listinfo"userid='$userid'", $order, 1, 10; //第7行 Listinfo函数在文件include/admin/ content.class.php中： function listinfo$where = '', $order = 'listorder DESC,contentid DESC', $page = 1, $pagesize = 50 //第169行 if$where...