yapi 安全漏洞

YMFE YApi is a visual interface management platform from YMFE, Inc. A security vulnerability exists in yapi version v1.10.2, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary web script or HTML by injecting a crafted...

MiniCMS 安全漏洞

MiniCMS is the minimalist content management system for personal websites. A cross-site scripting vulnerability exists in MiniCMS v.1.11, which stems from the lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary Web script or HTM...

HadSky 跨站脚本漏洞

HadSky is an original open source php lightweight forum system by the Chinese company HadSky. A cross-site scripting vulnerability exists in HadSky v7.6.3, which originates from the presence of cross-site scripting in the remote linking functionality that allows an attacker to execute arbitrary w...

CVE-2022-34560

A cross-site scripting XSS vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter...

phpFox 安全漏洞

phpFox is a social networking platform from phpFox Inc. A security vulnerability exists in phpFox version v4.8.9. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload with the History parameter...

CVE-2024-32206

A stored cross-site scripting XSS vulnerability in the component \affiche\admin\index.php of WUZHICMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $formdata parameter...

CVE-2024-29958

Brocade SANnav (SANnav) up to v2.3.0a has a vulnerability where privileged users running the script to replace the SANnav Management Portal standby node can cause the encryption key to be printed to the console. This exposes the encryption key and creates an extra attack surface for key theft. Af...

TOTOLINK N300RT 安全漏洞

The TOTOLINK N300RT is a wireless router designed for home and small business users. The TOTOLINK N300RT suffers from a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied data by the IP/Port Filtering feature of the Firewall page, an...

CVE-2024-32743

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SITE LANGUAGE CONFIG parameter under the Security module...

CVE-2024-32745

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRENT PAGE module...

CVE-2024-32338

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE TITLE parameter under the Current Page module...

CVE-2024-32744

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE KEYWORDS parameter under the CURRENT PAGE module...

CVE-2024-30950

A stored cross-site scripting XSS vulnerability in FUDforum v3.1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php...

CVE-2024-30950

A stored cross-site scripting XSS vulnerability in FUDforum v3.1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php...

MindsDB Cross-Site Scripting Vulnerability (CNVD-2024-26182)

MindsDB is an emerging low-code machine learning platform from MindsDB, Inc. MindsDB suffers from a cross-site scripting vulnerability. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute...

CVE-2024-32338

WonderCMS v3.4.3 is affected by a cross-site scripting (XSS) vulnerability in the Settings section, exploitable via a crafted payload in the PAGE TITLE parameter under the Current Page module. Impact: can disclose/modify data (low confidentiality and integrity impact) with no availability impact ...

CVE-2024-30950

A stored cross-site scripting XSS vulnerability in FUDforum v3.1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php...

CVE-2024-32344

CMSimple v5.15 is affected by an XSS in the Settings menu, via crafted input in the Language section Edit parameter. The vulnerability arises from insufficient filtering/escaping of user-supplied data in that parameter, enabling arbitrary script/HTML execution. In-the-wild details are not provide...

WonderCMS 安全漏洞

WonderCMS is an open source PHP-based content management system CMS. A security vulnerability exists in WonderCMS version v3.4.3, which originates from a cross-site scripting XSS vulnerability in the Settings section. An attacker can exploit this vulnerability to execute arbitrary web script or...

CVE-2024-32337

WonderCMS v3.4.3 is affected by a cross-site scripting (XSS) vulnerability in the Settings section, allowing an attacker to inject arbitrary script or HTML via a crafted payload in the ADMIN LOGIN URL parameter under the Security module. The CVE is CVE-2024-32337. Affected component: Settings → S...