18 matches found
Statamic 安全漏洞
Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. There were security vulnerabilities in versions prior to Statamic 5.73.21 and 6.15.0, where the password form’s respons...
CVE-2026-33883
Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.16 and 6.7.2, the user:resetpasswordform tag could render user-input directly into HTML without escaping, allowing an attacker to craft a URL that executes arbitrary JavaScript in the victim's browser. Thi...
EUVD-2011-4648
Malware in sbrugna...
EUVD-2018-1921
Malware in sbrugna...
EUVD-2018-5295
Malware in sbrugna...
CVE-2025-52899 Tuleap vulnerable to user enumeration via the lost password form
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot password form allows for user enumeration. This is fixed ...
CVE-2022-23619
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to guess if a user has an account on the wiki by using the "Forgot your password" form, even if the wiki is closed to guest users. This problem has been...
CVE-2024-24721
An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access the administration panel...
CVE-2024-24721
An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access the administration panel...
Information exposure in xwiki-platform
Impact It's possible to guess if a user has an account on the wiki by using the "Forgot your password" form, even if the wiki is closed to guest users. Patches The problem has been patched on XWiki 12.10.9, 13.4.1 and 13.6RC1. Workarounds There's no easy workaround other than applying the upgrade...
CVE-2022-23619 Information exposure in xwiki-platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to guess if a user has an account on the wiki by using the "Forgot your password" form, even if the wiki is closed to guest users. This problem has been...
TerraMaster TOS Cross-Site Scripting Vulnerability (CNVD-2019-00668)
TerraMaster TOS is a set of storage server special operating system based on Linux platform developed by Terra Master. The system supports file sharing, cloud data synchronization, data backup and virtualization. A cross-site scripting vulnerability exists in Control Panel in TerraMaster TOS...
Cross site scripting
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form...
CVE-2018-13351
Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form...
CVE-2011-3344
A flaw was found in Spacewalk. A remote attacker can exploit a cross-site scripting XSS vulnerability in the Lookup Login/Password form by injecting arbitrary web script or HTML via the URI. This can lead to information disclosure or unauthorized actions within the user's browser session...
CVE-2011-4851
The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in server/google-tool...
CVE-2011-4757
Parallels Plesk Small Business Panel 10.2.0 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in smb/auth and certain other files...
Easy and sun Shopping Mall v1. 4Cookies injection vulnerability-vulnerability warning-the black bar safety net
Easy and sun Shopping Mall v1. 4Cookies injection vulnerability This injection vulnerability seems to occur in the Home Shopping system. Looks like the network fun. The problem occurs in getpwd4. asp page. See the code: % username=request"username" passwd=md5trimrequest. form"passwd",1 6 set...