EUVD-2024-35174

Malicious code in bioql PyPI...

EUVD-2024-35365

Malicious code in bioql PyPI...

CVE-2024-35555

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/shareswitch.php?mudi=switch&dataType=newsWeb&fieldName=state&fieldName2=state&tabName=infoWeb&dataID=40...

CVE-2024-35009

CVE-2024-35009 affects idccms v1.35 with a Cross-Site Request Forgery (CSRF) risk in the /admin/share_switch.php endpoint, where parameters like mudi, dataType, fieldName, fieldName2, tabName, and dataID are used. The issue is documented to involve CSRF in the share_switch.php component, indicati...

CVE-2024-35009

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component /admin/shareswitch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6...

Design/Logic Flaw

An issue was discovered in OTCMS 3.61. XSS exists in admin/shareswitch.php via these parameters: fieldName fieldName2 tabName...

CVE-2018-17086

OTCMS 3.61 is affected by CVE-2018-17086: a cross-site scripting (XSS) vulnerability in admin/share_switch.php exploitable via the fieldName, fieldName2, and tabName parameters. The root cause is likely insufficient input sanitization in these parameters, enabling injection of arbitrary HTML/JS. ...