PortlandLabs Concrete CMS 跨站脚本漏洞

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. A security vulnerability exists in Concrete CMS concrete5 versions prior to 8.5.10 and 9.0.0 through 9.1.2, which stems from susceptibility to a Reflective XSS attack,...

Cross-site Scripting (XSS)

concrete5/concrete5 is vulnerable to cross-site scripting. The vulnerability exists due to the insufficient sanitization in the input urls, allowing an attacker to inject and execute malicious javascript when using an older browser with built-in XSS protection is disabled...

CVE-2020-14319

It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery CSRF which is exploitable in cases where preflight checks are not instigated or bypassed. For example authorised users using an older browser with Adobe Flash are vulnerable when targeted by an attacker. This...

phpMyFAQ vulnerable to cross-site scripting

Overview phpMyFAQ is an open source FAQ software. phpMyFAQ contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's Internet Explorer when using an older version of the browser. Solution Apply an Update Apply the appropriate update for the version of...