132 matches found
CVE-2018-17085
An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php via these parameters: dataTypeCN dataMode dataModeStr...
CVE-2018-17086
OTCMS 3.61 is affected by CVE-2018-17086: a cross-site scripting (XSS) vulnerability in admin/share_switch.php exploitable via the fieldName, fieldName2, and tabName parameters. The root cause is likely insufficient input sanitization in these parameters, enabling injection of arbitrary HTML/JS. ...
CVE-2018-17085
CVE-2018-17085 affects OTCMS 3.61. The vulnerability is a cross-site scripting (XSS) flaw in admin/users.php exploitable via the dataTypeCN, dataMode, and dataModeStr parameters. Exploitation status is not documented in the provided materials. The CNVD entry similarly describes an XSS vector in O...
CVE-2018-8973
OTCMS 3.20 allows XSS by adding a keyword or link to an article, as demonstrated by an admin/keyWorddeal.php?mudi=add request...
CVE-2018-8973
OTCMS 3.20 allows XSS by adding a keyword or link to an article, as demonstrated by an admin/keyWorddeal.php?mudi=add request...
CVE-2018-8973
OTCMS 3.20 allows XSS by adding a keyword or link to an article, as demonstrated by an admin/keyWorddeal.php?mudi=add request...
Cross site request forgery (csrf)
OTCMS 3.20 allows XSS by adding a keyword or link to an article, as demonstrated by an admin/keyWorddeal.php?mudi=add request...
CVE-2018-8973
OTCMS 3.20 allows XSS by adding a keyword or link to an article, as demonstrated by an admin/keyWorddeal.php?mudi=add request...
CVE-2018-8973
OTCMS 3.20 is affected by a cross-site scripting (XSS) vulnerability exposed via adding a keyword or link to an article, demonstrated through an admin request to admin/keyWord_deal.php?mudi=add. The issue arises in the article/keyword handling mechanism and could allow injected script or HTML whe...
OTCMS PHP_V2.83 code execution vulnerability in sysCheckFile_deal.php file
Nettitanium Article Management System OTCMS is a news/article publishing website using PHP+sqlite/mysql. A code execution vulnerability exists in the OTCMS PHPV2.83 sysCheckFiledeal.php file. An attacker can obtain a webshell by executing sql statements and writing a one-sentence trojan...
XSS Vulnerability in otcms v2.5.6
Net Titanium Article Management System OTCMS is a simple and good asp article management system. An XSS vulnerability exists in otcms v2.5.6. An attacker can exploit this vulnerability to obtain sensitive information...
Cross-Site Scripting Vulnerability in OTCMS
OTCMS is a website article management system using ASP+ACCESS/MSSQL. OTCMS suffers from a cross-site scripting vulnerability due to the system's failure to strictly filter user input data. An attacker can exploit this vulnerability to implant cross-site code and launch cross-site scripting attack...