Cross-site Scripting (XSS)

Overview microweber/microweber is a new generation CMS with drag and drop. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the manipulation of the group argument in the Settings Handler due to improper sanitization before being rendered on the page. Details...

CVE-2025-2214

CVE-2025-2214 affects Microweber 2.0.19. The vulnerability is an XSS in the Settings Handler, triggered by manipulating the group argument in the file path userfiles/modules/settings/group/website_group/index.php. It can be exploited remotely and the public PoC has been disclosed. No fixed versio...

CVE-2024-13104

A vulnerability, which was classified as critical, was found in D-Link DIR-816 A2 1.10CNB05R1B011D88210. Affected is an unknown function of the file /goform/form2AdvanceSetup.cgi of the component WiFi Settings Handler. The manipulation leads to improper access controls. It is possible to launch t...

CVE-2024-12000

A vulnerability was found in code-projects Blood Bank System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /controllers/updatesettings.php of the component Setting Handler. The manipulation of the argument firstname leads to cross site scripting. Th...

CVE-2024-6933

A flaw has been found in LimeSurvey 6.5.14-240624. Affected by this issue is the function actionUpdateSurveyLocaleSettingsGeneralSettings of the file /index.php?r=admin/database/index/updatesurveylocalesettingsgeneralsettings of the component Survey General Settings Handler. This manipulation of...

CVE-2021-4283

A vulnerability was found in FreeBPX voicemail. It has been rated as problematic. Affected by this issue is some unknown functionality of the file views/ssettings.php of the component Settings Handler. The manipulation of the argument key leads to cross site scripting. The attack may be launched...

Cross site scripting

A vulnerability was found in FreeBPX voicemail. It has been rated as problematic. Affected by this issue is some unknown functionality of the file views/ssettings.php of the component Settings Handler. The manipulation of the argument key leads to cross site scripting. The attack may be launched...

PT-2022-11699 · Freebpx · Freebpx

Name of the Vulnerable Software and Affected Versions: FreeBPX voicemail versions prior to 14.0.6.25 Description: A vulnerability was found in the Settings Handler component of FreeBPX voicemail, specifically in the file views/ssettings.php. The issue is related to the manipulation of the key...

FreePBX 跨站脚本漏洞

FreePBX formerly known as Asterisk Management Portal is a set of tools from the FreePBX project for configuring Asterisk IP telephony system through a GUI web-based graphical interface. A cross-site scripting vulnerability exists in FreePBX voicemail versions prior to 14.0.6.25, which stems from...

CVE-2022-4633

A vulnerability was found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file src/setting-page.php of the component Settings Handler. The manipulation leads to cross-site request forgery. The attack may be launched...

CVE-2022-4633

A vulnerability was found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file src/setting-page.php of the component Settings Handler. The manipulation leads to cross-site request forgery. The attack may be launched...

Cross site request forgery (csrf)

A vulnerability was found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file src/setting-page.php of the component Settings Handler. The manipulation leads to cross-site request forgery. The attack may be launched...

PT-2022-27822 · Unknown · Auto Upload Images

Name of the Vulnerable Software and Affected Versions: Auto Upload Images versions up to 3.3.0 Description: A vulnerability was found in the file src/setting-page.php of the component Settings Handler, leading to cross-site request forgery. The attack may be launched remotely. Recommendations: Fo...

Auto Upload Images 跨站请求伪造漏洞

Auto Upload Images is designed to automatically detect external images in post content and import the images into your site and add them to the media library. A cross-site request forgery vulnerability exists in Auto Upload Images version 3.3.1, which stems from some unknown functions in the...

CVE-2022-4633 Auto Upload Images Settings setting-page.php cross-site request forgery

A vulnerability was found in Auto Upload Images up to 3.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file src/setting-page.php of the component Settings Handler. The manipulation leads to cross-site request forgery. The attack may be launched...