CVE-2019-11447

An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatarfile field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content ...

Design/Logic Flaw

An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatarfile field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content ...

xss vulnerability in the profile area of cityleague's website builder system

City Union is a local portal alliance website organized by Beijing City Union Technology Co. There is an xss vulnerability in the profile area of the Cities Alliance website builder system, which can be exploited by attackers to insert malicious js code into the page, obtain user cookies and othe...

Tendoo CMS 1.3 - XSS Vulnerabilities

Introduction :a Stored And a Reflected XSS Vulnerability In Profile Area In Tendoo CMSMake CMS Vulnerable And Can Be Used For Stealing Admin Cookies And ....... . Stored Xss In http://localhost/tendoo/index.php/account/update In FirstName and Last Name InputsExcute Java Script Codes And If Admin ...

Tendoo CMS 1.3 - XSS Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Tendoo CMS Stored And Reflected Xss Vulnerability Google Dork: N/A Date: 28/7/2015 Exploit Author: Arash Khazaei Vendor Homepage: http://tendoo.org/ Software Link: http://sourceforge.net/projects/tendoo-cms/ Version: 1.3 Tested...

Tendoo CMS 1.3 - Cross-Site Scripting

Exploit Title: Tendoo CMS Stored And Reflected Xss Vulnerability Google Dork: N/A Date: 28/7/2015 Exploit Author: Arash Khazaei Vendor Homepage: http://tendoo.org/ Software Link: http://sourceforge.net/projects/tendoo-cms/ Version: 1.3 Tested on: Kali , Windows CVE : N/A Contact : [email protected]...

Tendoo CMS 1.3 - Cross-Site Scripting

Tendoo CMS 1.3 - Cross-Site Scripting Exploit Title: Tendoo CMS Stored And Reflected Xss Vulnerability Google Dork: N/A Date: 28/7/2015 Exploit Author: Arash Khazaei Vendor Homepage: http://tendoo.org/ Software Link: http://sourceforge.net/projects/tendoo-cms/ Version: 1.3 Tested on: Kali , Windo...

Tendoo CMS 1.3 Cross Site Scripting

Exploit Title: Tendoo CMS Stored And Reflected Xss Vulnerability Google Dork: N/A Date: 28/7/2015 Exploit Author: Arash Khazaei Vendor Homepage: http://tendoo.org/ Software Link: http://sourceforge.net/projects/tendoo-cms/ Version: 1.3 Tested on: Kali , Windows CVE : N/A Contact : [email protected]...