CVE-2017-9067

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal...

Cross site scripting

Cross-site scripting XSS vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to setup/index.php...

CVE-2014-4737

Cross-site scripting XSS vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to setup/index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in setup/index.php in Textpattern CMS 4.4.1, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the ddb parameter...

CVE-2011-5019

Cross-site scripting XSS vulnerability in setup/index.php in Textpattern CMS 4.4.1, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the ddb parameter...

phpMyAdmin Setup Interface Cross Site Scripting Vulnerability

phpMyAdmin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Podcast Generator 1.2 - Unauthorized Re-Installation

$file.$ext $Ldeleted"; / Explanation code snippet above points ----------------------------------------------------------------------------------- 1. blocks all 'amilogged' REQUEST variables,what about GLOBALS?,therefore useless! 2. if 'amilogged' isn't true - exit function activated. 3. unlink...