19 matches found
CVE-2026-6954
Cross-Site Scripting XSS vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into the victim’s browser by sending a malicious URL via the 'urlDestino' parameter in '/portal.do'. This vulnerability can be...
CVE-2026-6954
CVE-2026-6954 describes a Cross-Site Scripting (XSS) vulnerability in Intermark IT's WebControl CMS v3.5. The issue enables an attacker to execute JavaScript or inject a dynamic iframe in a victim’s browser by sending a malicious URL via the ‘urlDestino’ parameter in /portal.do, potentially expos...
CVE-2022-32409
A local file inclusion LFI vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request...
CVE-2022-34093
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting XSS vulnerability via accesstoken.php...
CVE-2022-34094
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting XSS vulnerability via requesttoken.php...
CVE-2022-32409
A local file inclusion LFI vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request...
CVE-2022-34092
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting XSS vulnerability via svg2img.php...
Cross site scripting
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting XSS vulnerability via svg2img.php...
Cross site scripting
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting XSS vulnerability via requesttoken.php...
Cross site scripting
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting XSS vulnerability via accesstoken.php...
Cross site request forgery (csrf)
A local file inclusion LFI vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request...
CVE-2022-34094
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting XSS vulnerability via requesttoken.php...
CVE-2022-34094
i3geo v7.0.5 has a cross-site scripting (XSS) flaw exposed via request_token.php . The connected nuclei template confirms the vulnerability and describes impact as attackers injecting JavaScript into parameters that run in users’ browsers (potential token/session risks). Remediation in the connec...
CVE-2022-34093
CVE-2022-34093 affects Software Publico Brasileiro i3geo v7.0.5. The connected documents confirm a cross-site scripting (XSS) vulnerability in access_token.php, allowing injection of malicious JavaScript that can run in users’ browsers and potentially steal session tokens or perform unauthorized ...
CVE-2022-34092
CVE-2022-34092 affects Portal do Software Publico Brasileiro i3geo v7.0.5 with a cross-site scripting (XSS) vulnerability via the svg2img.php component. The connected documents consistently describe the issue as an XSS condition stemming from svg2img.php, affecting i3geo 7.0.5, but do not provide...
CVE-2022-34093
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting XSS vulnerability via accesstoken.php...
CVE-2022-34092
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting XSS vulnerability via svg2img.php...
CVE-2022-32409
CVE-2022-32409 affects Portal do Software Publico Brasileiro i3geo 7.0.5, with a local file inclusion in codemirror.php that allows arbitrary PHP code execution via a crafted HTTP request. Root cause: LFI in codemirror.php. Impact is reported as critical (CVSS 3.1: 9.8, HIGH confidentiality/ inte...
CVE-2022-32409
A local file inclusion LFI vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request...