CVE-2021-22875

Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the setPerPage parameter...

CVE-2021-22875

Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the setPerPage parameter...

Cross site scripting

Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the setPerPage parameter...

CVE-2021-22875

Revive Adserver is affected by CVE-2021-22875: a reflected XSS in stats.php via the setPerPage parameter, impacting Revive Adserver versions up to 5.1.0 (fixed in 5.1.1). The root cause is insufficient input validation/neutralization of user-supplied data in the request parameters, allowing injec...

CVE-2021-22875

Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the setPerPage parameter...

Revive Adserver: Reflected XSS on /admin/stats.php

I found a reflected XSS attack on /admin/stats.php. Revive-Adserver version is revive-adserver-5.1.0. - Go to...

CVE-2017-18291

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET user parameter...

CVE-2017-18288

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET game parameter...

CVE-2017-18288

The CVE-2017-18288 issue affects PvPGN Stats 2.4.6. A SQL injection exists in ladder/stats.php via the GET game parameter, due to insufficient input filtering in the code. This can allow an attacker to manipulate database queries, potentially accessing sensitive data. The connected Red Hat and CN...

CVE-2017-18290

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET sortdirection parameter...

CVE-2016-9457

Revive Adserver before 3.2.3 suffers from Reflected XSS. www/admin/stats.php is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed, such as setPerPage, pageId, bannerid, periodstart, periodend, and possibly others...

wuzhicms coreframe\app\content\stats.php parameters keyid SQL injection

No description provided by source...

pdfes.eprensa.com XSS vulnerability

Vulnerable URL: http://pdfes.eprensa.com/php/stats.php?ClientName=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...

mcGallery 'lang' Parameter Multiple Cross Site Scripting Vulnerabilities

背景： PhpForums.net mcGallery是一款网站图片管理脚本工具。 类型： xss 影响： 可注入任意web脚本或HTML 分析： PhpForums.net mcGallery 1.1版本中存在多个跨站脚本攻击漏洞。远程攻击者可以借助对 1admin.php, 2index.php, 3sess.php, 4stats.php, 5detail.php, 6resize.php, 7show.php的lang参数，注入任意web脚本或HTML。...

VWar 1.5 stats.php vwar_root Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/19387/info VWar is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote file...

UCStats 1.1 - SQL Injection Vulnerability

No description provided by source. UCStats 1.1 Remote SQL Injection Vulnerability Author: Sora Contact: vhr95zw at hotmail dot com Website: http://greyhathackers.wordpress.com/ Google Dork: Powered by UCStats version 1.1 Vulnerability Description: UCStats version 1.1 suffers a remote SQL injectio...

mcGallery 1.1 - stats.php lang Parameter XSS

No description provided by source...

CmsEasy最新版本前台SQL注射 (2)

简要描述： 这几天在尝试做一款PHP源码审计工具，匹配一些初步的规则时扫出来的，并非针对，感谢CmsEasy 详细说明： 还是INSERT注入，/index.php下有一个stats::getbot;这个方法在做什么呐？ /lib/table/stats.php public static function getbot $ServerName = $SERVER"SERVERNAME"; $ServerPort = $SERVER"SERVERPORT"; $ScriptName = $SERVER"SCRIPTNAME"; $QueryString =...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in FreeNAC 3.02 allow remote attackers to inject arbitrary web script or HTML via the 1 comment, 2 mac, 3 graphtype, 4 name, or 5 type parameter to stats.php; or 6 comment parameter to deviceadd.php...

CVE-2012-6559

Multiple cross-site scripting XSS vulnerabilities in FreeNAC 3.02 allow remote attackers to inject arbitrary web script or HTML via the 1 comment, 2 mac, 3 graphtype, 4 name, or 5 type parameter to stats.php; or 6 comment parameter to deviceadd.php...