70 matches found
EUVD-2017-18187
Malware in sbrugna...
EUVD-2018-20550
Malware in sbrugna...
EUVD-2020-14265
Malware in sbrugna...
EUVD-2023-30950
Malicious code in bioql PyPI...
CVE-2018-8942
Xiuno BBS 4.0.0 has XSS in the adminpage sitename parameter...
PT-2024-5174 · Unknown · Tailoring Management System
Name of the Vulnerable Software and Affected Versions: Tailoring Management System version 1.0 Description: A critical issue has been identified in the Tailoring Management System, affecting the setgeneral.php file. This issue is related to the lack of protection against SQL query structure...
CVE-2024-2016
A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the function index of the file app/manage/controller/setcontroller.php. The manipulation of the argument sitename leads to code injection. It is possible to launch the attack remotely. The exploit has been...
ZhiCms 安全漏洞
ZhiCms is a professional buy-worthy system for the ZhiCms community. ZhiCms version 4.0 has a security vulnerability that stems from the parameter sitename in the file app/manage/controller/setcontroller.php that causes code injection...
Withdrawn Advisory: Stored Cross-site scripting affecting automad/automad
Withdrawn Advisory This advisory has been withdrawn because only the main admin with the highest level of privilege can provide input, and there are no users other than the admin from whom data could be stolen. This link is maintained to preserve external references. Original Description automad ...
GHSA-7J9H-CH38-474R Withdrawn Advisory: Stored Cross-site scripting affecting automad/automad
Withdrawn Advisory This advisory has been withdrawn because only the main admin with the highest level of privilege can provide input, and there are no users other than the admin from whom data could be stolen. This link is maintained to preserve external references. Original Description automad ...
Automad Code Injection Vulnerability
Automad is a flat file content management system and template engine by Marc Anton Dahmen, an individual developer. A code injection vulnerability exists in Automad 1.10.9 and earlier versions, which stems from a stored cross-site scripting XSS vulnerability in the parameter sitename of the file...
PT-2023-32843 · Automad · Automad
Name of the Vulnerable Software and Affected Versions: automad versions up to 1.10.9 Description: A vulnerability was found in automad, allowing for cross-site scripting due to the manipulation of the sitename argument. This issue affects some unknown functionality of the file...
CVE-2023-27170
Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter...
CVE-2023-27170
Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter...
CVE-2023-27170
Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter...
Xpand IT Write-back manager security vulnerability
Xpand IT Write-back manager is an extension for Xpand IT. that allows users to enter data directly from Tableau dashboards into the database. A security vulnerability exists in Xpand IT Write-back manager version v2.3.1, which stems from allowing an attacker to perform directory traversal via the...
Stored XSS in Sitename
Description There is a presence of stored xss in username, which directly gets rendered whenever the page is opened. Proof of Concept 1: use the below command to clone the repo in your machine git clone https://github.com/answerdev/answer.git 2: Navigate inside the repo cd answer 3: Use...
CVE-2020-21495
A cross-site scripting XSS vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter...
CVE-2020-21495
A cross-site scripting XSS vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter...
CVE-2020-21495
A cross-site scripting XSS vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter...