23 matches found
CVE-2019-16334
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories - Add New Category - Name field. NOTE: this may overlap CVE-2017-16636...
EUVD-2019-7113
Malware in sbrugna...
EUVD-2022-3847
Malicious code in bioql PyPI...
CVE-2019-14518
Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the "access policy in the administration panel...
Insurance Management System 安全漏洞
Insurance Management System is an insurance management system by Angel Jude Reyes Suarez, an individual developer. A security vulnerability exists in Insurance Management System v1.0, which originates from a cross-site scripting vulnerability in the Category Name parameter of the /core/newcategor...
GHSA-FX2M-5M9V-JHGP XSS in baserCMS before 4.1.4
An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the dataUploaderCategoryname parameter to an admin/uploader/uploadercategories/edit URI...
Cross-site Scripting (XSS) - Stored in boxbilling/boxbilling
Description Stored XSS at parameter 'iconurl' when Create New Product, New Category or New Addon Proof of Concept // PoC.req POST /BoxBilling/src/index.php?url=/api/admin/product/update HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:94.0 Gecko/20100101...
CVE-2019-16334
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories - Add New Category - Name field. NOTE: this may overlap CVE-2017-16636...
Cross site scripting
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories - Add New Category - Name field. NOTE: this may overlap CVE-2017-16636...
CVE-2019-16334
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories - Add New Category - Name field. NOTE: this may overlap CVE-2017-16636...
CVE-2019-16334
CVE-2019-16334 corresponds to a persistent XSS vulnerability in Bludit v3.9.2, exploitable via the Categories → Add New Category → Name field. The linked sources consistently state a stored/persistent XSS risk affecting that UI entry, with note that it may overlap CVE-2017-16636. No explicit expl...
PT-2019-13728 · Evolution Cms · Evolution Cms
Name of the Vulnerable Software and Affected Versions: Evolution CMS versions 2.0.x Description: The issue allows for XSS via a description and new category location in a template. The vendor states that the behavior is consistent with the access policy in the administration panel. Recommendation...
BaserCMS Cross-Site Scripting Vulnerability (CNVD-2019-09273)
BaserCMS is an enterprise cms. 4.1.4 A cross-site scripting vulnerability exists in the category name of the "Register New Category" feature in the "Upload" menu of BaserCMS before 4.1.4, which can be exploited via the dataUploaderCategoryname parameter of the admin/uploader/uploadercategories/ed...
Design/Logic Flaw
An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the dataUploaderCategoryname parameter to an admin/uploader/uploadercategories/edit URI...
CVE-2018-18943
An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the dataUploaderCategoryname parameter to an admin/uploader/uploadercategories/edit URI...
CVE-2018-18943
An issue was discovered in baserCMS before 4.1.4. In the Register New Category feature of the Upload menu, the category name can be used for XSS via the dataUploaderCategoryname parameter to an admin/uploader/uploadercategories/edit URI...
Bludit Cross-Site Scripting Vulnerability
Bludit is an open source free lightweight blog CMS Content Management System system. new page, new category and edit post function body message context are among the functional modules. new page is a new page to add modules. new category is a new category to add modules . new page is a new page a...
CVE-2017-16636
In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via edit...
CVE-2015-2289
Cross-site scripting XSS vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipitycatname parameter to serendipityadmin.php, when creating a new category...
CVE-2012-4226
Multiple cross-site scripting XSS vulnerabilities in Quick Post Widget plugin 1.9.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 Title, 2 Content, or 3 New category field to wordpress/ or 4 query string to wordpress/...