16 matches found
bootplus 注入漏洞
bootplus is a permission management framework by JoeyBling Personal Developer. An injection vulnerability exists in bootplus, which stems from the parameter sort/order in the file /admin/sys/menu/list that causes SQL injection...
CVE-2020-26713
REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. The information submitted by the user is immediately returned in the response and not escaped leading to the reflected XSS vulnerability. Attackers can exploit vulnerabilities to steal login session informati...
Cross site scripting
REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. The information submitted by the user is immediately returned in the response and not escaped leading to the reflected XSS vulnerability. Attackers can exploit vulnerabilities to steal login session informati...
Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-18336)
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A reflective cross-site scripting vulnerability exists in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9. The...
Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-18329)
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A reflective cross-site scripting vulnerability exists in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9. The...
CVE-2020-10471
Reflected XSS in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...
CVE-2020-10476
Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...
CVE-2020-10472
Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...
CVE-2020-10474
Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...
CVE-2020-10477
Reflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...
CVE-2020-10469
Reflected XSS in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...
Cross site scripting
Reflected XSS in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...
CVE-2020-10476
CVE-2020-10476 is a reflected cross-site scripting vulnerability in Chadha PHPKB Standard Multi-Language 9. The flaw resides in admin/manage-glossary.php, where an unsanitized GET parameter sort can inject arbitrary web script or HTML. Red Hat and CNVD entries corroborate the same issue. Impact i...
CVE-2020-10473
CVE-2020-10473 : A reflected cross-site scripting vulnerability in Chadha PHPKB Standard Multi-Language 9 affects the admin/manage-categories.php page. The issue arises from the GET parameter sort , allowing an attacker to inject arbitrary script/HTML. Affected component: PHPKB Core (admin UI). I...
CVE-2020-10473
Reflected XSS in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...
CVE-2020-10470
Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...