9 matches found
EUVD-2018-8559
Malware in sbrugna...
DedeCMS Cross-Site Scripting Vulnerability (CNVD-2018-19871)
DedeCMS is a PHP-based web content management system CMS. A cross-site scripting vulnerability exists in the /plus/feedbackajax.php file in DedeCMS version 5.7 SP2, which can be exploited by remote attackers to execute JavaScript code with the help of the onhashchange attribute in the 'msg'...
Cross site scripting
DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedbackajax.php...
CVE-2018-16786
DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedbackajax.php...
CVE-2018-16786
CVE-2018-16786 concerns DedeCMS 5.7 SP2, where a Cross-Site Scripting (XSS) flaw exists in the /plus/feedback_ajax.php file. The vulnerability is triggered via an onhashchange attribute in the msg parameter, allowing arbitrary JavaScript execution in the context of the affected user. The availabl...
CVE-2018-16759
The removeXSS function in App/Common/common.php called from App/Modules/Index/Action/SearchAction.class.php in EasyCMS v1.4 allows XSS via an onhashchange event...
Design/Logic Flaw
The removeXSS function in App/Common/common.php called from App/Modules/Index/Action/SearchAction.class.php in EasyCMS v1.4 allows XSS via an onhashchange event...
CVE-2018-16759
The removeXSS function in App/Common/common.php called from App/Modules/Index/Action/SearchAction.class.php in EasyCMS v1.4 allows XSS via an onhashchange event...
CVE-2018-16759
The CVE-2018-16759 entry concerns EasyCMS v1.4. The vulnerability is in the removeXSS function (App/Common/common.php), invoked by App/Modules/Index/Action/SearchAction.class.php, which allows cross-site scripting via an onhashchange event. The issue is concretely described across multiple source...