71 matches found
CVE-2021-22875
Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the setPerPage parameter...
CVE-2017-18287
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the POST usersearch parameter...
EUVD-2016-2095
Malware in sbrugna...
EUVD-2021-10010
Malware in sbrugna...
EUVD-2010-4981
Malware in sbrugna...
EUVD-2006-0246
Malware in sbrugna...
EUVD-2002-0349
Malware in sbrugna...
CVE-2017-18291
An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET user parameter...
CVE-2016-15029
CVE-2016-15029 affects Ydalb mapicoin versions up to 1.9.0. The vulnerability lies in webroot/stats.php where manipulating the link/search parameter leads to cross-site scripting. The issue can be triggered remotely. A fix is available in version 1.10.0; the patch is identified as 67e87f0f0c1ac23...
CVE-2016-15029 Ydalb mapicoin stats.php cross site scripting
A vulnerability has been found in Ydalb mapicoin up to 1.9.0 and classified as problematic. This vulnerability affects unknown code of the file webroot/stats.php. The manipulation of the argument link/search leads to cross site scripting. The attack can be initiated remotely. Upgrading to version...
PT-2023-10348 · Unknown · Ydalb Mapicoin
Name of the Vulnerable Software and Affected Versions: Ydalb mapicoin versions up to 1.9.0 Description: A vulnerability has been found in the file webroot/stats.php, where the manipulation of the link/search argument leads to cross-site scripting. The attack can be initiated remotely...
CVE-2021-39350
FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter in ~/view/stats.php (versions 7.5.0.727–7.5.2.727). An attacker can inject arbitrary scripts. Remediation: update to version 7.5.3.727 or later.
WordPress 插件 跨站脚本漏洞
WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin FV Flowplayer video player, which stems from the playerid parameter in the /view/stats.php file being susceptible to a reflected cross-site scripting attack,...
Revive Adserver: Reflected XSS on /admin/stats.php
Hi, Security Team! Linked to the reports: - https://hackerone.com/reports/1083376 - https://hackerone.com/reports/1097217 In the past reports, we have corrected Reflected XSS. But recently it turned out that with the parameter breakdown = affiliates, this vulnerability still works. Fixed when...
CVE-2021-22889
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the statsBreakdown parameter of stats.php and possibly other scripts due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking...
CVE-2021-22889
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the statsBreakdown parameter of stats.php and possibly other scripts due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking...
Cross site scripting
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the statsBreakdown parameter of stats.php and possibly other scripts due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking...
CVE-2021-22889
Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the statsBreakdown parameter of stats.php and possibly other scripts due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking...
Revive Adserver 跨站脚本漏洞
Revive Adserver is an open source ad server under the GNU General Public License license with an integrated banner management interface and a tracking system for collecting statistical information. A reflected cross-site scripting vulnerability exists in the statsBreakdown parameter in stats.php ...
Revive Adserver: Reflected XSS on /admin/stats.php
Linked to the report https://hackerone.com/reports/1083376 I found a reflected XSS attack on /admin/stats.php. Revive-Adserver version is revive-adserver-5.1.1. This time I found the parameter statsBreakdown - Go to...