Information disclosure

There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages...

Cross site scripting

An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: 1 Facts page, when clicking on the "chart" button and hovering over the chart; 2 Trends page, when checking the graph for a trend based on a such fact; 3 Statistics page, for facts that are...

WEBONE CMS service.php etc. 5 SQL injection vulnerability

0x01 vulnerability profile WEBONE CMS in the following 5 branch there is SQL injection vulnerability: 1page service. php GET parameter pk can be a Union injection 2page info. php GET parameter pk can be a Union injection 3Page newscon. php GET parameter pk can be a Union injection 4page photobook...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via 1 a plugin name, related to managepluginuninstall.php; 2 an enumeration value or 3 a String value of a custom field, related to...