157 matches found
CVE-2024-52724
ZZCMS 2023 was discovered to contain a SQL injection vulnerability in /q/show.php...
CVE-2024-43006
A stored cross-site scripting XSS vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. An attacker can exploit this vulnerability by sending a specially crafted POST request to /user/askedit.php?action=add, which includes malicious JavaScript code in the 'content' parameter. Whe...
CVE-2024-43006
A stored cross-site scripting XSS vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. An attacker can exploit this vulnerability by sending a specially crafted POST request to /user/askedit.php?action=add, which includes malicious JavaScript code in the 'content' parameter. Whe...
CVE-2024-43006
ZZCMS2023 contains a stored XSS in /user/ask_edit.php?action=add via the content parameter. When an attacker injects JavaScript in content and a user loads ask/show_{newsid}.html, the script runs in the user’s browser, potentially stealing cookies or session tokens. Affected component: ZZCMS2023,...
CVE-2024-43006
A stored cross-site scripting XSS vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. An attacker can exploit this vulnerability by sending a specially crafted POST request to /user/askedit.php?action=add, which includes malicious JavaScript code in the 'content' parameter. Whe...
CVE-2024-4993 SQL injection vulnerability in SiAdmin
Vulnerability in SiAdmin 1.1 that allows XSS via the /show.php query parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and thereby steal their cookie session credentials...
CVE-2024-4993
Summary: CVE-2024-4993 describes an XSS vulnerability in SiAdmin 1.1 triggered by the /show.php query parameter, which could allow a remote attacker to craft a URL that, when opened by an authenticated user, may lead to cookie session credential leakage. What’s affected: SiAdmin 1.1; vulnerabilit...
CVE-2022-25574
A stored cross-site scripting XSS vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file...
DouPHP 跨站脚本漏洞
A cross-site scripting vulnerability exists in DouPHP, a lightweight enterprise content management system CMS from China DouShell Network Technology. The vulnerability stems from a lack of data validation filtering of user-supplied data and output in the upload function of dmin/show.php. An...
CVE-2020-22212
SQL Injection in 74cms 3.2.0 via the id parameter to wap/wap-company-show.php...
Sql injection
SQL Injection in 74cms 3.2.0 via the id parameter to wap/wap-company-show.php...
CVE-2020-22212
SQL Injection in 74cms 3.2.0 via the id parameter to wap/wap-company-show.php...
Cross site scripting
An issue was discovered in YUNUCMS V1.1.8. app/index/controller/Show.php has an XSS vulnerability via the index.php/index/show/index cw parameter...
CVE-2018-14962
zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php...
CVE-2018-14962
zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php...
CVE-2018-14962
The CVE-2018-14962 entry concerns zzcms 8.3 with a stored XSS vulnerability affecting the content variable in user/manage.php and zt/show.php. Affected component/file paths are specified, and the underlying issue is a stored XSS condition, enabling injection via the content field. The available d...
pawpatrol.de XSS vulnerability
Open Bug Bounty ID: OBB-596491 Description| Value ---|--- Affected Website:| pawpatrol.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
gasteel.us XSS vulnerability
Vulnerable URL: http://www.gasteel.us/show.php?Search=%27%22%3E%3Csvg%2Fonload%3Dconfirm%28%2FOPENBUGBOUNTY%2F%29%3E〈=Eng Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 15301041 VI...
institute.mec.biz XSS vulnerability
Open Bug Bounty ID: OBB-311113 Description| Value ---|--- Affected Website:| institute.mec.biz Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
iuf.org XSS vulnerability
Vulnerable URL: http://www.iuf.org/show.php?tid=...