pgAdmin 安全漏洞

pgAdmin is an open source administration and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin version 8.5 and prior versions that originated from a vulnerability that allows an attacker who knows the username and password of a legitimate...

Shopizer Cross-Site Scripting Vulnerability (CNVD-2022-70092)

Shopizer is a Java-based e-commerce solution from the Shopizer team. 2.0 to 2.17.0 versions of Shopizer are vulnerable to a cross-site scripting vulnerability in which the file name under the "Manage Files" tab lacks validation filters for user-supplied and output data. An attacker could use this...

CVE-2022-23060

A Stored Cross Site Scripting XSS vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user attacker can inject malicious JavaScript in the filename under the “Manage files” tab...

CVE-2022-23060

A Stored Cross Site Scripting XSS vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user attacker can inject malicious JavaScript in the filename under the “Manage files” tab...

Cross site scripting

A Stored Cross Site Scripting XSS vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user attacker can inject malicious JavaScript in the filename under the “Manage files” tab...

CVE-2022-23060 Shopizer - Stored XSS in Manage Files

A Stored Cross Site Scripting XSS vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user attacker can inject malicious JavaScript in the filename under the “Manage files” tab...

Shopizer 跨站脚本漏洞

Shopizer is a Java-based e-commerce solution from the Shopizer team. 2.0 to 2.17.0 versions of Shopizer are vulnerable to a cross-site scripting vulnerability in which the file name under the "Manage Files" tab lacks validation filters for user-supplied and output data. An attacker could use this...

Pluck CMS 4.7.13 - File Upload Remote Code Execution (Authenticated)

Exploit Title: Pluck CMS 4.7.13 - File Upload Remote Code Execution Authenticated Date: 25.05.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck/releases/tag/4.7.13 Version: 4.7.13 Tested on Xubuntu 20.0...

Enigma NMS 65.0.0 - Cross-Site Request Forgery

-------------------------------------------------------------------- Exploit Title: Enigma NMS Cross-Site Request Forgery CSRF Date: 21 July 2019 Author: Mark Cross @xerubus | mogozobo.com Vendor: NETSAS Pty Ltd Vendor Homepage: https://www.netsas.com.au/ Software Link:...

CVE-2016-10731

ProjectSend formerly cFTP r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selectedclients, clients.php with the request parameter status, process-zip-download.php with the...