6 matches found
CVE-2018-19465
Maccms through 8.0 allows XSS via the sitekeywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/systemconfig.html, related to template/paody/html/vodindex.html...
CVE-2018-19465
Maccms through 8.0 allows XSS via the sitekeywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/systemconfig.html, related to template/paody/html/vodindex.html...
CVE-2018-19465
Maccms through 8.0 allows XSS via the sitekeywords field to index.php?m=system-config because of tpl/module/system.php and tpl/html/systemconfig.html, related to template/paody/html/vodindex.html...
Cross site scripting
An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page...
WeaselCMS Cross-Site Scripting Vulnerability
WeaselCMS is a lightweight content management system CMS written in PHP. A cross-site scripting vulnerability exists in WeaselCMS version 0.3.5. A remote attacker can exploit this vulnerability to execute JavaScript code via the Site Language, Site Title, Site Description, and Site Keywords field...
CVE-2015-4396
Multiple cross-site request forgery CSRF vulnerabilities in the Keyword Research module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to hijack the authentication of users with the "kwresearch admin site keywords" permission for requests that 1 create, 2 delete, or 3 set priorities to...