8 matches found
CVE-2020-37236
NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the title parameter in the news addition interface. Attackers can inject JavaScript payloads via the title field in the admin panel that...
EUVD-2018-11233
Malware in sbrugna...
CVE-2018-19544
JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news...
CVE-2018-19544
JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news...
Cross site request forgery (csrf)
JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news...
JEECMS Cross-Site Request Forgery Vulnerability (CNVD-2018-26785)
JEECMS is a set of China Jinlei technology development company using Java language development of content management system CMS. A cross-site request forgery vulnerability exists in JEECMS version 9.3. A remote attacker can exploit this vulnerability to add news with the help of...
Jax Calender admin bypass vulnerability
Exploit for php platform in category web applications ======================================= Jax Calender admin bypass vulnerability ======================================= Exploit Title: Jax Calender admin bypass vulnerability Date: 3.10.2010 Author: EraGoN Software Link:...
Новости
Product: Новости Version: 1.0 OffSite: http://xonix.ru Problem: Добавление новостей -------------------------------------- Можно добавлять новости без авторизации. http://target/admin/script.php?data=ENTERTHISYOURNEWS. Пример: http://target/admin/script.php?data=script.php?data=? system$cmd ? зат...