EUVD-2018-12928

Malware in sbrugna...

PT-2025-7316 · Phpjabbers · Phpjabbers Meeting Room Booking System

Name of the Vulnerable Software and Affected Versions: PHPJabbers Meeting Room Booking System version 1.0 Description: The issue is related to a CSV Injection vulnerability that allows an attacker to execute remote code. This vulnerability exists due to insufficient input validation on the...

WordPress YOP Poll plugin <= 6.3.0 - Stored Cross-Site Scripting (XSS) vulnerability via Options Module

Stored Cross-Site Scripting XSS vulnerability via Options Module discovered by Vishnupriya Ilango in WordPress YOP Poll plugin versions = 6.3.0. Solution Update the WordPress YOP Poll plugin to the latest available version at least 6.3.1...

YOP Poll < 6.3.1 - Author+ Stored Cross-Site Scripting via Options Module

The plugin is affected by a stored Cross-Site Scripting vulnerability which exists in the Create Poll - Options module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation ...

CVE-2020-36410

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Email address to receive notification of news submission" parameter under the "Options" module...

Cross site scripting

A stored cross scripting XSS vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Email address to receive notification of news submission" parameter under the "Options" module...

CMS Made Simple 跨站脚本漏洞

CMS Made Simple CMSMS is an open source content management system that provides developers, programmers, and website owners with a web-based version of the development and management interface. A stored cross-site scripting vulnerability exists in CMS Made Simple version 2.2.14, which can be...

SZ NetChat Options Module Cross-Site Scripting Vulnerability

SZ NetChat is an online chat application.Options module is one of the menu modules. A cross-site scripting vulnerability exists in the MyName input field of the Options module in SZ NetChat versions prior to 7.9, which can be exploited by a remote attacker to inject commands that could affect the...

CVE-2018-20370

SZ NetChat before 7.9 has XSS in the MyName input field of the Options module. Attackers are able to inject commands to compromise the enabled HTTP server web frontend...

CVE-2018-20370

SZ NetChat before 7.9 is vulnerable to Cross-Site Scripting in the Options module (MyName input). The root cause is an XSS flaw in the MyName field, allowing a remote attacker to inject inputs that could compromise the enabled HTTP server web frontend. The public references consistently describe ...

CVE-2018-20370

SZ NetChat before 7.9 has XSS in the MyName input field of the Options module. Attackers are able to inject commands to compromise the enabled HTTP server web frontend...

Directory traversal

Multiple directory traversal vulnerabilities in CutePHP CuteNews 1.4.6, when magicquotesgpc is disabled, allow remote authenticated users with editor or administrative application access to read arbitrary files via a .. dot dot in the source parameter in a 1 list or 2 editnews action to the...