4 matches found
The vulnerability of the “phase” parameter in the netshop CMS system’s Netcat module allows a hacker to execute arbitrary JavaScript code.
The vulnerability of the “phase” parameter in the netshop CMS system’s Netcat framework exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute any arbitrary JavaScript code in the user’s browser remotely...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via multiple parameters such as setName, webappType, httpPort, dsName, description, phase, and url in different JSP pages. An attacker can inject arbitrary web script or HTML by sending crafted input to these...
Home Owners Collection Management System SQL注入漏洞
A SQL injection vulnerability exists in Home Owners Collection Management System v1.0, which originates in /hocms/classes/Master.php The vulnerability is caused by a lack of filtering and escaping of SQL data in ?f=deletephase. An attacker could exploit this vulnerability to cause SQL injection...
CVE-2016-4316
Multiple cross-site scripting XSS vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the 1 setName parameter to identity-mgt/challenges-mgt.jsp; the 2 webappType or 3 httpPort parameter to webapp-list/webappinfo.jsp; the 4 dsName or 5 descriptio...