2 matches found
FortiWLM - stored cross-site scripting in hotspot profile controller
An improper neutralization of input during web page generation vulnerability 'Cross-site Scripting' CWE-79 in FortiWLM may allow an authenticated attacker to perform a stored cross site scripting attack XSS via storing malicious payloads and trigger the attack on victim's client via various...
ThinkCMF Arbitrary File Deletion Vulnerability
ThinkCMF is a CMS Content Management System based on ThinkPHP. An arbitrary file deletion vulnerability exists in the 'doavatar' function in the \application\User\Controller\ProfileController.class.php file in ThinkCMF version X2.2.3. An attacker can delete arbitrary files with the help of the...