LightCMS Cross-Site Scripting Vulnerability

LightCMS is a lightweight content management system CMS that can also be used as a general-purpose back-office management framework. A cross-site scripting vulnerability exists in LightCMS v1.3.4 that allows an attacker to execute HTML or JavaScript code to manage sensitive words in a vulnerable...

LightCMS v跨站脚本漏洞

LightCMS is a lightweight content management system CMS that can also be used as a general-purpose back-office management framework. A cross-site scripting vulnerability exists in LightCMS v1.3.4 that allows an attacker to execute HTML or JavaScript code to manage sensitive words in a vulnerable...

XDCMS企业管理系统SQL注入#1

简要描述： 最新版XDCMS企业管理系统，由于过滤不严，可绕过限制，导致多处SQL注入 详细说明： 注入在XDCMS企业管理系统的注册功能处，来看看\system\modules\member\index.php文件： 注册时会调用registersave，问题就出在index.php的registersave函数处： public function registersave $username=safehtml$POST'username';//获取UserName，这里用safehtml函数进行过滤 $password=$POST'password';...