12 matches found
CVE-2018-19923
An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. There is member/memberemail.php?action=edit CSRF...
EUVD-2018-11595
Malware in sbrugna...
CVE-2019-8289
Vulnerability in Online Store v1.0, stored XSS in admin/userview.php adidasmemberemail variable...
Gitlab -- Gitlab
Gitlab reports: Stored XSS in Mermaid when viewing Markdown files Stored XSS in default branch name Perform Git actions with an impersonation token even if impersonation is disabled Tag and branch name confusion allows Developer to access protected CI variables New subscriptions generate OAuth...
CVE-2019-8289
Vulnerability in Online Store v1.0, stored XSS in admin/userview.php adidasmemberemail variable...
CVE-2019-8290
Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sentregister.php allowing special characters to be included and an XSS payload to be injected...
CVE-2019-8289
Vulnerability in Online Store v1.0, stored XSS in admin/userview.php adidasmemberemail variable...
Sales & Company Management System Cross-Site Scripting Vulnerability
Sales & Company Management System SCMS is a sales and company management system. The system includes features such as customer management, product management and tax management. A cross-site scripting vulnerability exists in the memberemail.php file in SCMS 2018-06-06 and prior versions, which ca...
Sales & Company Management System Cross-Site Request Forgery Vulnerability
Sales & Company Management System SCMS is a sales and company management system. The system includes features such as customer management, product management and tax management. A cross-site request forgery vulnerability exists in the member/memberemail.php?action=edit URI in SCMS 2018-06-06 and...
CVE-2018-19923
An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. There is member/memberemail.php?action=edit CSRF...
GitLab -- multiple vulnerabilities
GitLab reports: User without access to private Wiki can see it on the project page Matthias Burtscher reported that it was possible for a user to see a private Wiki on the project page without having the corresponding permission. E-mail address disclosure through member search fields Hugo Geoffro...
PHPmotion <= 2.1 CSRF Vulnerability
No description provided by source. PHPmotion = 2.1 CSRF vulnerability Author: Ausome1 Email: [email protected] Website: http://www.enigmagroup.org Description: Change a member's password and/or email...