14 matches found
EUVD-2019-2150
Malware in sbrugna...
EUVD-2009-1658
Malware in sbrugna...
CVE-2019-10107
CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences - My Account" section...
CMS Made Simple <= 2.2.12 Multiple Reflected XSS Vulnerabilities
CMS Made Simple is prone to multiple reflected cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2019-10107
CMS Made Simple version 2.2.10 contains a Cross‑Site Scripting (XSS) vulnerability in the myaccount.php “Email Address” field, reachable through My Preferences → My Account. The issue is documented across multiple sources (e.g., NVD CVE-2019-10107 and Red Hat/CNVD entries) as an XSS in CMSMS 2.2....
CVE-2018-20464
The CVE-2018-20464 entry affects CMS Made Simple 2.2.8 in the admin/myaccount.php module, with a reflected XSS vulnerability triggered when a user mailbox format is incorrect and the response echoes the previously entered email address. This is documented across multiple sources in the connected ...
CVE-2018-20464
There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. This vulnerability is triggered upon an attempt to modify a user's mailbox with the wrong format. The response contains the user's previously entered email address...
CVE-2009-3755
Multiple cross-site scripting XSS vulnerabilities in phpBMS 0.96 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 index.php and 2 modules\base\myaccount.php; and the PATHINFO to 3 modulesview.php, 4 tabledefsoptions.php, and 5 adminsettings.php in...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in phpBMS 0.96 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 index.php and 2 modules\base\myaccount.php; and the PATHINFO to 3 modulesview.php, 4 tabledefsoptions.php, and 5 adminsettings.php in...
CVE-2009-1665
myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to remove arbitrary user accounts via a modified userid parameter without specifying any additional fields...
CVE-2009-1663
The CVE-2009-1663 detail describes an unrestricted file upload in Easy Scripts Answer and Question Script (myaccount.php). An attacker can upload a file with an executable extension to the uploads/[username] directory and access it directly to execute arbitrary code remotely. No remediation, patc...
CVE-2009-1665
myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to remove arbitrary user accounts via a modified userid parameter without specifying any additional fields...
Sql injection
Multiple SQL injection vulnerabilities in myaccount.php in Easy Scripts Answer and Question Script allow remote authenticated users to execute arbitrary SQL commands via the 1 user name userid parameter and 2 password...
CVE-2009-1655
The vulnerability CVE-2009-1655 affects Easy Scripts Answer and Question Script, specifically the myaccount.php component. Multiple SQL injection vulnerabilities allow remote authenticated users to execute arbitrary SQL commands via the userid parameter (user name) and the password parameter. The...