Lucene search
K

4 matches found

BDU FSTEC
BDU FSTEC
added 2024/08/21 12:0 a.m.11 views

The vulnerability of the “phase” parameter in the netshop CMS system’s Netcat module allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the “phase” parameter in the netshop CMS system’s Netcat framework exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute any arbitrary JavaScript code in the user’s browser remotely...

9CVSS5.8AI score
Exploits0References1Affected Software1
Snyk
Snyk
added 2022/05/14 2:46 a.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via multiple parameters such as setName, webappType, httpPort, dsName, description, phase, and url in different JSP pages. An attacker can inject arbitrary web script or HTML by sending crafted input to these...

6.1CVSS5.7AI score0.03998EPSS
Exploits5References2
CNNVD
CNNVD
added 2022/04/21 12:0 a.m.5 views

Home Owners Collection Management System SQL注入漏洞

A SQL injection vulnerability exists in Home Owners Collection Management System v1.0, which originates in /hocms/classes/Master.php The vulnerability is caused by a lack of filtering and escaping of SQL data in ?f=deletephase. An attacker could exploit this vulnerability to cause SQL injection...

9.8CVSS6AI score0.01233EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2017/02/17 2:59 a.m.2 views

CVE-2016-4316

Multiple cross-site scripting XSS vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the 1 setName parameter to identity-mgt/challenges-mgt.jsp; the 2 webappType or 3 httpPort parameter to webapp-list/webappinfo.jsp; the 4 dsName or 5 descriptio...

6.1CVSS5.4AI score0.03998EPSS
Exploits5References6
Rows per page
Query Builder