412 matches found
CVE-2020-10407
The issue is a reflected XSS in Chadha PHPKB Standard Multi-Language 9 caused by how URIs are parsed in admin/header.php. The cve description notes it can be triggered in admin/edit-news.php by appending a payload after a question mark. Red Hat entries corroborate the URI-based XSS pattern affect...
CVE-2020-10397
CVE-2020-10397 affects Chadha PHPKB Standard Multi-Language 9. The issue is a Reflected XSS in URI handling within admin/header.php, exploitable via admin/add-news.php by appending a question mark ? followed by payload. The Red Hat connected records corroborate a pattern of Reflected XSS in admin...
60CycleCMS - (news.php) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: 60CycleCMS 2.5.2 - 'news.php' SQL Injection Exploit Author: Unkn0wn Vendor Homepage: http://davidvg.com/ Software Link: https://www.opensourcecms.com/60cyclecms Version: 2.5.2 Tested on: Ubuntu CVE : N/A...
60CycleCMS 2.5.2 SQL Injection
Exploit Title: 60CycleCMS 2.5.2 - 'news.php' SQL Injection Google Dork: N/A Date: 2020-03-07 Exploit Author: Unkn0wn Vendor Homepage: http://davidvg.com/ Software Link: https://www.opensourcecms.com/60cyclecms Version: 2.5.2 Tested on: Ubuntu CVE : N/A...
60CycleCMS - 'news.php' SQL Injection
Exploit Title: 60CycleCMS - 'news.php' Multiple vulnerability Google Dork: N/A Date: 2020-02-10 Exploit Author: Unkn0wn Vendor Homepage: http://davidvg.com/ Software Link: https://www.opensourcecms.com/60cyclecms Version: 2.5.2 Tested on: Ubuntu CVE : N/A...
Design/Logic Flaw
An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS via the id parameter...
CVE-2018-16361
An issue was discovered in BTITeam XBTIT 2.5.4. news.php allows XSS via the id parameter...
Cross site scripting
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/news.php has XSS...
CVE-2018-14974
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/news.php has XSS...
CVE-2018-14974
CVE-2018-14974 affects QCMS 3.0.1, with a cross-site scripting (XSS) flaw in upload/System/Controller/backend/news.php. CNVD describes remote exploitation to inject arbitrary script/HTML; CVSS3 base score 4.8 (MEDIUM). No remediation details provided in the supplied documents.
onehealthinitiative.com XSS vulnerability
Open Bug Bounty ID: OBB-650599 Description| Value ---|--- Affected Website:| onehealthinitiative.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Dimofinf CMS 3.0.0 - Cross-Site Scripting
Dimofinf CMS 3.0.0 - Cross-Site Scripting Title: Dimofinf CMS 3.0.0 - Cross-Site Scripting Author: Felipe "Renzi" Gabriel Date: 2018-06-13 Software: Dimofinf CMS Version 3.0.0 CVE: CVE-2018-12094 A Reflected Cross-Site Scripting web vulnerability has been discovered in the "Dimofinf CMS"...
education.gov.ag XSS vulnerability
Open Bug Bounty ID: OBB-631160 Description| Value ---|--- Affected Website:| education.gov.ag Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Dimofinf CMS Cross-Site Scripting Vulnerability
Dimofinf CMS is an Arabic content management system CMS written in PHP. A cross-site scripting vulnerability exists in the news.php file in Dimofinf CMS version 3.0.0. The vulnerability can be exploited by a remote attacker to inject arbitrary web script or HTML with the help of the 'id' paramete...
Cross site scripting
Cross-site scripting XSS vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter...
CVE-2018-12094
Cross-site scripting XSS vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter...
mail.crpn.cn XSS vulnerability
Open Bug Bounty ID: OBB-626080 Description| Value ---|--- Affected Website:| mail.crpn.cn Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Design/Logic Flaw
PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php...
CVE-2018-11487
PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php...
CVE-2018-11487
PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php...