EUVD-2018-8559

Malware in sbrugna...

DedeCMS Cross-Site Scripting Vulnerability (CNVD-2018-19871)

DedeCMS is a PHP-based web content management system CMS. A cross-site scripting vulnerability exists in the /plus/feedbackajax.php file in DedeCMS version 5.7 SP2, which can be exploited by remote attackers to execute JavaScript code with the help of the onhashchange attribute in the 'msg'...

CVE-2018-16786

DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedbackajax.php...

Cross site scripting

DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedbackajax.php...

CVE-2018-16786

CVE-2018-16786 concerns DedeCMS 5.7 SP2, where a Cross-Site Scripting (XSS) flaw exists in the /plus/feedback_ajax.php file. The vulnerability is triggered via an onhashchange attribute in the msg parameter, allowing arbitrary JavaScript execution in the context of the affected user. The availabl...

CVE-2018-16759

The removeXSS function in App/Common/common.php called from App/Modules/Index/Action/SearchAction.class.php in EasyCMS v1.4 allows XSS via an onhashchange event...

CVE-2018-16759

The removeXSS function in App/Common/common.php called from App/Modules/Index/Action/SearchAction.class.php in EasyCMS v1.4 allows XSS via an onhashchange event...

Design/Logic Flaw

The removeXSS function in App/Common/common.php called from App/Modules/Index/Action/SearchAction.class.php in EasyCMS v1.4 allows XSS via an onhashchange event...

CVE-2018-16759

The CVE-2018-16759 entry concerns EasyCMS v1.4. The vulnerability is in the removeXSS function (App/Common/common.php), invoked by App/Modules/Index/Action/SearchAction.class.php, which allows cross-site scripting via an onhashchange event. The issue is concretely described across multiple source...