348 matches found
CVE-2019-7325
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $REQUEST'PHPSELF', without applying any proper filtration...
CVE-2019-7329
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $SERVER'PHPSELF' insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS...
CVE-2019-7325
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $REQUEST'PHPSELF', without applying any proper filtration...
CVE-2019-7325
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $REQUEST'PHPSELF', without applying any proper filtration...
CVE-2019-7329
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $SERVER'PHPSELF' insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS...
CVE-2019-7325
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as multiple views under web/skins/classic/views insecurely utilize $REQUEST'PHPSELF', without applying any proper filtration...
CVE-2019-7329
Reflected Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the form action on multiple views utilizes $SERVER'PHPSELF' insecurely, mishandling any arbitrary input appended to the webroot URL, without any proper filtration, leading to XSS...
CVE-2018-17361
Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php because $SERVER'PHPSELF' is mishandled...
Cross site scripting
Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php because $SERVER'PHPSELF' is mishandled...
CVE-2018-17361
Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php because $SERVER'PHPSELF' is mishandled...
CVE-2018-17361
CVE-2018-17361 affects WeaselCMS v0.3.6 (PHP). Multiple XSS vulnerabilities allow remote attackers to inject arbitrary web script or HTML via PATH_INFO to index.php; root cause is mishandling of $_SERVER['PHP_SELF']. Public exploit details are not provided in the connected documents; no remediati...
FreeBSD : mantis -- multiple vulnerabilities (0822a4cf-9318-11e8-8d88-00e04c1ea73d)
mantis reports : Teun Beijers reported a cross-site scripting XSS vulnerability in the Edit Filter page which allows execution of arbitrary code if CSP settings permit it when displaying a filter with a crafted name. Prevent the attack by sanitizing the filter name before display. Omer Citak,...
mantis -- multiple vulnerabilities
mantis reports: Teun Beijers reported a cross-site scripting XSS vulnerability in the Edit Filter page which allows execution of arbitrary code if CSP settings permit it when displaying a filter with a crafted name. Prevent the attack by sanitizing the filter name before display. Ömer Cıtak,...
Dolibarr 7.0.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications CVE-2018-10094 Dolibarr SQL Injection vulnerability Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through GitHub or as distribution packages e.g .deb package. Threat The...
Design/Logic Flaw
ILIAS 5.3.4 has XSS through unsanitized output of PHPSELF, related to shiblogout.php and third-party demo files...
CVE-2018-10665
ILIAS 5.3.4 has XSS through unsanitized output of PHPSELF, related to shiblogout.php and third-party demo files...
CVE-2018-10665
ILIAS 5.3.4 has XSS through unsanitized output of PHPSELF, related to shiblogout.php and third-party demo files...
CVE-2018-10665
CVE-2018-10665 : A cross-site scripting (XSS) vulnerability affects ILIAS 5.3.4, caused by unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files. Multiple connected sources (Red Hat, CNVD, NVD, OSV, CVE lists) confirm the issue as an XSS in ILIAS 5.3.4. The provide...
CVE-2018-10059
Cacti before 1.1.37 has XSS because the getcurrentpage function in lib/functions.php relies on $SERVER'PHPSELF' instead of $SERVER'SCRIPTNAME' to determine a page name...
ILIAS 5.3.4 XSS Vulnerability
ILIAS eLearning version 5.3.4 is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...