6 matches found
CVE-2022-31943
MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability...
SUSE CVE-2025-59431
MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipula...
WordPress WooCommerce plugin < 9.4.3 - Unauthenticated Order Creation vulnerability
Unauthenticated Order Creation vulnerability discovered by Laszlo in WordPress Plugin WooCommerce versions 9.4.3...
GLPI Cross-Site Scripting Vulnerability (CNVD-2019-21438)
Teclib GLPI is an open source IT asset management suite from the French company Teclib. The suite includes features such as device status management, asset inventory storage, management processes and work log management. A cross-site scripting vulnerability exists in the inc/user.class.php file i...
UBUNTU-CVE-2019-13239
inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture...
PT-2008-2167 · F5 · F5 Big-Ip Application Security Manager
Name of the Vulnerable Software and Affected Versions: F5 BIG-IP Application Security Manager ASM version 9.4.3 Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via the report type parameter in the dms/policy/rep request.php...