EUVD-2020-16872

Malware in sbrugna...

CVE-2020-24136

Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php...

CVE-2024-44819

Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via a crafted script to the pagename parameter of the admin/del.php component...

PT-2024-31266 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZCMS versions 2023 and earlier Description: A Cross Site Scripting issue allows a remote attacker to obtain sensitive information via a crafted script to the pagename parameter of the "admin/del.php" component. This flaw enables the attacker...

ZZCMS 安全漏洞

ZZCMS is a content management system CMS from the ZZCMS team in China. A security vulnerability exists in ZZCMS v.2023 and earlier versions. A remote attacker can exploit this vulnerability to obtain sensitive information via a specially crafted script to the pagename parameter of the admin/del.p...

WCMS Cross-Site Scripting Vulnerability

WCMS is a content management system CMS that uses an open web interface to build websites. A cross-site scripting vulnerability exists in WCMS version 0.3.2. The vulnerability can be exploited to inject arbitrary web script and HTML via the pagename parameter of wex/html.php...

CVE-2020-24140

Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services...

CVE-2020-24138

Cross Site Scripting XSS vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php...

CVE-2020-24136

Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php...

CVE-2020-24138

Cross Site Scripting XSS vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php...

Directory traversal

Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php...

CVE-2020-24140

CVE-2020-24140 describes an SSRF in WCMS version 0.3.2. An attacker can craft requests via the pagename parameter to wex/html.php from the vulnerable web application’s back-end server, enabling discovery of open ports and local network hosts and the execution of commands on local services. The co...

CVE-2020-24140

Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services...

CVE-2020-24138

Cross Site Scripting XSS vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php...

CVE-2020-24138

CVE-2020-24138 is a Cross Site Scripting (XSS) vulnerability in WCMS 0.3.2. The issue allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php. Connected sources (Red Hat, CNVD, NVD, OSV) all describe the same flaw in WCMS 0.3.2. No concrete explo...

WCMS 路径遍历漏洞

WCMS is a content management system CMS that uses an open web interface to build websites. A directory traversal vulnerability exists in WCMS version 0.3.2. The vulnerability can be exploited to read arbitrary files on the server running the application via the pagename parameter of wex/html.php...

Wcms 代码问题漏洞

WCMS is a content management system CMS. A server-side request forgery vulnerability exists in Wcms version 0.3.2, where an attacker sends a crafted request/html.php file to wex from the back-end server of a vulnerable web application via the pagename parameter. It can help to identify open ports...

WCMS 跨站脚本漏洞

WCMS is a content management system CMS that uses an open web interface to build websites. A cross-site scripting vulnerability exists in WCMS version 0.3.2. The vulnerability can be exploited to inject arbitrary web script and HTML via the pagename parameter of wex/html.php...

PT-2019-12884 · Zoho · Zoho Manageengine Assetexplorer

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine AssetExplorer affected versions not specified Description: An issue was discovered in Zoho ManageEngine AssetExplorer, where there is a cross-site scripting XSS issue via the ResourcesAttachments.jsp page with the pageName...

CVE-2007-5674

Directory traversal vulnerability in index.php in InstaGuide Weather aka Weather for PHP 1.0, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the PageName parameter...