Cross-site Scripting (XSS)

nukeviet/nukeviet is vulnerable to cross-site scripting.The vulnerability exists in Request.php due to incorrectly neutralized user-controllable inputs which allows an attacker to inject and execute malicious javascript through Data URL Handler...

PT-2022-24992 · Unknown · Nukeviet Cms

Name of the Vulnerable Software and Affected Versions: NukeViet CMS versions prior to 4.5 Description: A vulnerability has been found in the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet lead...

Cross-site Scripting (XSS)

nukeviet/nukeviet is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the $preTag parameter in filterTags of Request.php...

Thinkphp 'Request.php' file code execution vulnerability

ThinkPHP is developed and maintained by the Shanghai Top Thinking Information Technology Co., Ltd. development and maintenance of the MVC structure of the open-source PHP framework. A code execution vulnerability exists in the Thinkphp 'Request.php' file. An attacker could exploit this...

Design/Logic Flaw

xowl/request.php in Ximdex 4.0 has XSS via the content parameter...

banks.rssing.com XSS vulnerability

Vulnerable URL: http://banks.rssing.com/request.php?req=gsearch=%22%3E%3Cimg%20src=x%20onerror=prompt%27OPENBUGBOUNTY%27%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 15.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 5871 VIP...

feed.rssing.com XSS vulnerability

Vulnerable URL: http://feed.rssing.com/request.php?req=gsearch=%22%3E%3Cimg%20src=x%20onerror=prompt%27OPENBUGBOUNTY%27%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.10.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown /...

omnigooch-rocks.rssing.com XSS vulnerability

Vulnerable URL: http://omnigooch-rocks.rssing.com/request.php?req=gsearch%27%22%3E%3Csvg/onload=alert/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.09.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...

littleappletech.com XSS vulnerability

Open Bug Bounty ID: OBB-257672 Description| Value ---|--- Affected Website:| littleappletech.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

pentest205.rssing.com XSS vulnerability

Vulnerable URL: http://pentest205.rssing.com/request.php?req=gsearch=%22%3E%3Cimg%20src=x%20onerror=prompt%27OPENBUGBOUNTY%27%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 07.08.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 5240...

editorsforum.org XSS vulnerability

Vulnerable URL: http://www.editorsforum.org/application-request.php Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2614143 Google Pagerank| 4 VIP website status:| No Check...

Sql injection

Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and 3.2.2 allow remote attackers to execute arbitrary SQL commands via the x parameter to 1 messagebox.php and 2 request.php...

CVE-2007-3218

Cross-site scripting XSS vulnerability in request.php in PHP Live! 3.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the pagex parameter...

PHP Live! Support XSS vuln.

PHP Live! Support XSS vuln. Vuln. discovered by : r0t Date: 12 June 2007 vendor:http://www.phplivesupport.com/ affected versions: 3.2.2 and prior orginal advisory: http://pridels-team.blogspot.com/2007/06/php-live-support-xss-vuln.html PHP Live! contains a flaw that allows a remote Cross-Site...