PT-2019-11436 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 6.0.4 Description: The issue affects the htdocs/product/stats/card.php component and allows for Cross Site Scripting XSS, which can lead to cookie stealing. The attack vector involves a victim clicking a specially crafted lin...

WP Google Maps Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the wp-admin/admin.php file in versions of the WordPress...

CVE-2019-7569

An issue was discovered in DOYO aka doyocms 2.320140425 update. There is a CSRF vulnerability that can add a super administrator account via admin.php?c=aadminuser&a=add&run=1...

CVE-2018-18797

School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php...

SEMCMS Cross-Site Scripting Vulnerability (CNVD-2019-01722)

SEMCMS is a foreign trade web content management system CMS that supports multiple languages. A cross-site scripting vulnerability exists in SEMCMS version 3.4, which can be exploited by remote attackers to inject arbitrary Web script or HTML with the help of admin/SEMCMSDownload.php?lgid=1 URI...

waimai Super Cms Cross Site Scripting Vulnerability

waimai Super Cms is a takeaway ordering system. The system is compatible with IE, Firefox, Chrome, Safari and Opera browsers. A cross-site scripting vulnerability exists in version 20150505 of waimai Super Cms. A remote attacker can exploit this vulnerability by sending the 'fcname' parameter to...

QCMS cross-site scripting vulnerability (CNVD-2019-10276)

QCMS is an open source content management system CMS for creating responsive websites. A cross-site scripting vulnerability exists in upload/System/Controller/backend/system.php in QCMS 3.0.1, which can be exploited by remote attackers to inject arbitrary web script or HTML...

CVE-2018-10107

D-Link DIR-815 REV. B with firmware through DIR-815REVBFIRMWAREPATCH2.07.B01 devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php...

DEBIAN-CVE-2018-8763

Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=renameform URI...

CVE-2017-9764

Cross-site scripting XSS vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action...

CVE-2017-6562

XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=XSS attack...

Zzcms V7.2 Arbitrary File Deletion Vulnerability

ZZCMS is an enterprise website builder. An arbitrary file deletion vulnerability exists in the '/user/delimg.php' page of Zzcms V7.2. An attacker is allowed to exploit the vulnerability to delete arbitrary files, or can cause a reinstallation...

UBUNTU-CVE-2016-2511

Cross-site scripting XSS vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php...

Fedora 16 : phpMyAdmin-3.5.2.2-1.fc16 (2012-12060)

phpMyAdmin 3.5.2.2 2012-08-12 =============================== - security Fixed XSS vulnerabilities, see PMASA-2012-4 http://www.phpmyadmin.net/homepage/security/PMASA-2012 -4.php phpMyAdmin 3.5.2.1 2012-08-03 =============================== - security Fixed local path disclosure vulnerability, se...

VulnCheck KEV: CVE-2011-10033

The WordPress plugin is-human = v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-reset'. The root cause is unsafe use of eval on user-controlled input, which can lead to execution...