52 matches found
Session fixation
SOPlanning 1.45 allows XSS via the Name or Comment to status.php...
CVE-2020-9339
CVE-2020-9339 affects SOPlanning 1.45. A cross-site scripting (XSS) vulnerability exists in status.php via the Name or Comment fields, allowing injected JavaScript code to be executed. Reports from multiple sources (CNVD, Red Hat, CVE list, CNVD) consistently describe XSS via Name/Comment in stat...
CVE-2020-9339
SOPlanning 1.45 allows XSS via the Name or Comment to status.php...
CVE-2020-9339
SOPlanning 1.45 allows XSS via the Name or Comment to status.php. Recent assessments: horshark at March 09, 2020 8:38pm UTC reported: Recap Javascript execution. Where On the ip/www/status.php page, you can execute Javascript in the name and comment fields. Assessed Attacker Value: 2 Assessed...
PT-2019-14890 · Fusionpbx · Fusionpbx
Name of the Vulnerable Software and Affected Versions: FusionPBX versions prior to 4.5.8 Description: The issue concerns an XSS vulnerability where an unsanitized savemsg variable from the URL is reflected in HTML. This occurs in the file appsip statussip status.php. Recommendations: For FusionPB...
CVE-2019-8429
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filterQueryterms0cnj parameter...
CVE-2019-8429
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filterQueryterms0cnj parameter...
Sql injection
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filterQueryterms0cnj parameter...
CVE-2019-8424
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter...
CVE-2019-8429
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filterQueryterms0cnj parameter...
CVE-2019-8424
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter...
Sql injection
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter...
CVE-2019-8429
Vulnerability summary (CVE-2019-8429) ZoneMinder pre-1.32.3 is affected by an SQL Injection in ajax/status.php via the filter[Query][terms][0][cnj] parameter. The issue, documented across multiple sources, allows database commands to be injected and isSeverity-mapping indicates high risk (NVD CVS...
CVE-2019-8424
CVE-2019-8424 affects ZoneMinder before 1.32.3. It is a SQL Injection via the ajax/status.php sort parameter, potentially enabling unauthenticated remote attackers to manipulate queries. CVSS v3 base score 9.8 (CRITICAL) / NETWORK, LOW complexity, no user interaction. Remediation: upgrade ZoneMin...
CVE-2019-8429
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filterQueryterms0cnj parameter...
CVE-2019-8424
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter...
CVE-2019-8429
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filterQueryterms0cnj parameter...
CVE-2019-8424
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter...
skyflyexpress.com XSS vulnerability
Open Bug Bounty ID: OBB-651161 Description| Value ---|--- Affected Website:| skyflyexpress.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
medienrettung.de XSS vulnerability
Open Bug Bounty ID: OBB-610057 Description| Value ---|--- Affected Website:| medienrettung.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...