23 matches found
EUVD-2019-5215
Malware in sbrugna...
EUVD-2019-5216
Malware in sbrugna...
EUVD-2019-5217
Malware in sbrugna...
CVE-2019-13949
SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator=update admin password change...
CVE-2019-13950
index.php?c=admin=index in SyGuestBook A5 Version 1.2 has stored XSS via a reply to a comment...
CVE-2019-13948
SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element...
SyGuestBook A5 Cross-Site Request Forgery Vulnerability
SyGuestBook A5 is a PHP-based open source message board system . A cross-site request forgery vulnerability exists in SyGuestBook A5 version 1.2. An attacker can use this vulnerability to change the administrator password...
CVE-2019-13949
SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator&a=update admin password change...
CVE-2019-13949
SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator&a=update admin password change...
CVE-2019-13948
SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element...
CVE-2019-13950
index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored XSS via a reply to a comment...
CVE-2019-13948
SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element...
CVE-2019-13950
index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored XSS via a reply to a comment...
Cross site scripting
index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored XSS via a reply to a comment...
Cross site scripting
SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element...
Cross site request forgery (csrf)
SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator&a=update admin password change...
CVE-2019-13950
index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored XSS via a reply to a comment...
CVE-2019-13950
CVE-2019-13950 affects SyGuestBook A5 Version 1.2. The issue is a stored XSS in index.php?c=admin&a=index introduced via a reply to a comment. Root cause described in CNVD as lack of proper validation of client-side data by the WEB application. Impact stated in sources as client-side code executi...
CVE-2019-13949
SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator&a=update admin password change...
CVE-2019-13949
The CVE-2019-13949 entry documents a CSRF vulnerability in SyGuestBook A5 Version 1.2 where there is no CSRF protection. The underlying issue allows an attacker to trigger a request to index.php?c=Administrator&a=update (admin password change) without authentication, enabling unauthorized admin p...