Improper Privilege Management

typo3/cms is vulnerable to Improper Privilege Management. The vulnerability is due to a link potentially allowing certain editing permissions if the admin panel is configured to be shown,which requires a valid preview link to exploit...

GHSA-V5JP-4H2P-J2P4 Privilege Escalation in TYPO3 CMS

The workspace/ version preview link created by a privileged backend user could be abused to obtain certain editing permission, if the admin panel is configured to be shown. A valid preview link is required to exploit this vulnerability...

CVE-2023-43830

A Cross-site scripting XSS vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'...

PT-2023-21155 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 13.10.11 XWiki Platform versions prior to 14.4.7 XWiki Platform versions prior to 14.10-rc-1 Description: The issue allows any user with view rights to execute arbitrary Groovy, Python, or Velocity code in...

Subrion CMS Cross-Site Scripting Vulnerability (CNVD-2018-25034)

Subrion CMS is a PHP-based content management system CMS developed by the Subrion team. The system can be integrated into a website and supports a wide range of extensions plug-ins and more. A cross-site scripting vulnerability exists in Subrion CMS version 4.2.1. A remote attacker can exploit th...

D-Link DSL-500B Gen 2 - URL Filter Configuration Panel Persistent Cross-Site Scripting

!/usr/bin/perl Date dd-mm-aaaa: 13-02-2015 Exploit for D-Link DSL-500B G2 Cross Site Scripting XSS Injection Stored in todmngr.tod URL Filter Developed by Mauricio Corrêa XLabs Information Security WebSite: www.xlabs.com.br CAUTION! This exploit disables some features of the modem, forcing the...