20 matches found
CVE-2019-7721
lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters...
EUVD-2018-10092
Malware in sbrugna...
EUVD-2019-17253
Malware in sbrugna...
CVE-2018-18874
nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=filemanagerupload URI...
CVE-2019-7721
lib/NCCms.class.php in nc-cms 3.5 allows upload of .php files via the index.php?action=save name and editordata parameters...
CVE-2018-18874
nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=filemanagerupload URI...
CVE-2018-18874
CVE-2018-18874 affects nc-cms up to 2017-03-10. Remote attackers can execute arbitrary PHP code via the Upload File or Image feature when uploading a file named *.php with Content-Type: application/octet-stream to index.php?action=file_manager_upload. The vulnerability description does not specif...
nc-cms cross-site scripting vulnerability (CNVD-2018-21238 )
nc-cms is a PHP-based embeddable lightweight CMS Content Management System. A cross-site scripting vulnerability exists in the index.php?action=edithtml page in nc-cms 2017-03-10 and earlier versions. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the...
Design/Logic Flaw
An issue was discovered in nc-cms through 2017-03-10. index.php?action=edithtml allows XSS via the name parameter, as demonstrated by a value beginning with homecontent and containing a crafted SRC attribute of an IMG element...
CVE-2018-18361
An issue was discovered in nc-cms through 2017-03-10. index.php?action=edithtml allows XSS via the name parameter, as demonstrated by a value beginning with homecontent and containing a crafted SRC attribute of an IMG element...
CVE-2018-18361
An issue was discovered in nc-cms through 2017-03-10. index.php?action=edithtml allows XSS via the name parameter, as demonstrated by a value beginning with homecontent and containing a crafted SRC attribute of an IMG element...
CVE-2018-18361
An issue was discovered in nc-cms through 2017-03-10. index.php?action=edithtml allows XSS via the name parameter, as demonstrated by a value beginning with homecontent and containing a crafted SRC attribute of an IMG element...
CVE-2018-18361
nc-cms (through 2017-03-10) contains a cross-site scripting (XSS) vulnerability in index.php?action=edit_html where the name parameter can inject arbitrary script/HTML via an IMG SRC attribute. This has been documented in CNVD-2018-21238 and related CVE-2018-18361 records, with exploit details in...
CVE-2018-18290
An issue was discovered in nc-cms through 2017-03-10. index.php?action=edithtml&name=homecontent allows XSS via the HTML Source Editor. NOTE: the vendor disputes this because the form requires administrator privileges, and entering JavaScript is supported functionality...
Design/Logic Flaw
DISPUTED An issue was discovered in nc-cms through 2017-03-10. index.php?action=edithtml&name=homecontent allows XSS via the HTML Source Editor. NOTE: the vendor disputes this because the form requires administrator privileges, and entering JavaScript is supported functionality...
CVE-2018-18290
An issue was discovered in nc-cms through 2017-03-10. index.php?action=edithtml&name=homecontent allows XSS via the HTML Source Editor. NOTE: the vendor disputes this because the form requires administrator privileges, and entering JavaScript is supported functionality...
CVE-2018-18290
An issue was discovered in nc-cms through 2017-03-10. index.php?action=edithtml&name=homecontent allows XSS via the HTML Source Editor. NOTE: the vendor disputes this because the form requires administrator privileges, and entering JavaScript is supported functionality...
CVE-2018-18290
CVE-2018-18290 concerns nc-cms where an XSS vulnerability exists in the index.php?action=edit_html&name=home_content endpoint, exploitable via the HTML Source Editor. Affected software: nc-cms (through 2017-03-10). Root cause: input of JavaScript via the HTML Source Editor in that URI, with vendo...
CVE-2018-18290
An issue was discovered in nc-cms through 2017-03-10. index.php?action=edithtml&name=homecontent allows XSS via the HTML Source Editor. NOTE: the vendor disputes this because the form requires administrator privileges, and entering JavaScript is supported functionality...
PT-2018-14394 · Nc Cms · Nc-Cms
Name of the Vulnerable Software and Affected Versions: nc-cms versions through 2017-03-10 Description: An issue was discovered that allows XSS via the HTML Source Editor in the "index.php?action=edit html&name=home content" endpoint. The vendor disputes this issue because the form requires...