5 matches found
Cross-site Scripting (XSS)
baserproject/basercms is vulnerable to Cross-site Scripting XSS. The vulnerability in the favorite feature of form.php because it fails to properly escape malicious characters before rendering. This allows an attacker to inject and execute malicious JavaScript in the web browser when accessing th...
body-parser-xml code issue vulnerability
body-parser-xml is an XML body parser that converts incoming XML data into a JSON representation. a code issue vulnerability exists in body-parser-xml, which stems from an error in the product's implementation of certain functionality. No details of the vulnerability are currently available...
CVE-2020-35284
Flamingo aka FlamingoIM through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product'...
Deserialization of untrusted data
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a...
FaraBord Product's Shell Upload / Cross Site Scripting
Securitylab.ir Application Info: Name: FaraBord Product's Vendor: http://farabord.com Vulnerability Info: Type: Remote Arbitrary File Upload,XSS Risk: High Remote File Upload: http://site.ir/fckeditor/editor/filemanager/upload/test.html Shell.asp Rename to Shell.ASA Uploaded Here:...