25 matches found
EUVD-2018-10823
Malware in sbrugna...
EUVD-2018-10805
Malware in sbrugna...
EUVD-2018-10806
Malware in sbrugna...
EUVD-2018-10804
Malware in sbrugna...
CVE-2025-8807
A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been declared as critical. This vulnerability affects unknown code of the file /tianti-module-admin/user/ajax/save. The manipulation leads to missing authorization. The attack can be initiated remotely. The exploit has been disclosed...
Code injection
tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the column list page or edit a column...
CVE-2018-19110
The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/user/skin/list directly because controller\usercontroller.java maps a /skin/list request to the function skinList, and lacks an authorization chec...
CVE-2018-19109
tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the column list page or edit a column...
CVE-2018-19109
tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the column list page or edit a column...
CVE-2018-19110
The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/user/skin/list directly because controller\usercontroller.java maps a /skin/list request to the function skinList, and lacks an authorization chec...
CVE-2018-19109
tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the column list page or edit a column...
CVE-2018-19110
The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/user/skin/list directly because controller\usercontroller.java maps a /skin/list request to the function skinList, and lacks an authorization chec...
CVE-2018-19090
tianti 2.3 has stored XSS in the article management module via an article title...
CVE-2018-19089
tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/saverole name parameter, which is mishandled in tianti-module-admin\src\main\webapp\WEB-INF\views\user\userlist.jsp...
Cross site scripting
tianti 2.3 has stored XSS in the article management module via an article title...
CVE-2018-19091
tianti 2.3 has reflected XSS in the user management module via the tianti-module-admin/user/list userName parameter...
Cross site scripting
tianti 2.3 has reflected XSS in the user management module via the tianti-module-admin/user/list userName parameter...
CVE-2018-19091
tianti 2.3 has reflected XSS in the user management module via the tianti-module-admin/user/list userName parameter...
Cross site scripting
tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/saverole name parameter, which is mishandled in tianti-module-admin\src\main\webapp\WEB-INF\views\user\userlist.jsp...
CVE-2018-19089
tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/saverole name parameter, which is mishandled in tianti-module-admin\src\main\webapp\WEB-INF\views\user\userlist.jsp...