14 matches found
CVE-2021-26746
Chamilo 1.11.14 allows XSS via a main/calendar/agendalist.php?type= URI...
CVE-2020-10399
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-user.php by adding a question mark ? followed by the payload...
EA Origin < 10.5.38 - Remote Code Execution Vulnerability
Exploit Title: EA Origin 10.5.38 Remote Code Execution Date: 05/22/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.38 and below Tested on: Windows 7, Windows 8, Windows 10 CVE :...
EA Origin Remote Code Execution
Exploit Title: EA Origin 10.5.38 Remote Code Execution Date: 05/22/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.38 and below Tested on: Windows 7, Windows 8, Windows 10 CVE :...
CVE-2018-17410
Horus CMS is affected by a SQL Injection vulnerability. Public records cite an injection instance reachable via /busca and /home, implying remote exploitation without authentication. CVSS scores from NVD indicate high to critical impact (CVSS v2 base 7.5; CVSS v3.1 base 9.8). Concrete exploit det...
CVE-2018-10265
An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrator account via the admin/index.php/users/save URI...
Mail.ru: Отраженная XSS на cloud.mail.ru в URL в функционале создания и редактировании презентации.
Reflected URI-based XSS via crafted name of new PowerPoint document in presentation editor...
Wordpress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability
Summary Securimage-WP adds powerful CAPTCHA protection to comment forms on posts and pages to help prevent comment spam from getting onto your site. Description Securimage-WP suffers from a XSS issue in 'siwptest.php' that uses the 'PHPSELF' variable. The vulnerability is present because there...
PolarisCMS (blog.aspx) Remote URI Based Cross-Site Scripting Vulnerability
Summary PolarisCMS is a White Label CMS content management System providing more features, functions and flexibility to global web professionals, than ever before. The breakthrough technology used for this web platform has been built over a 6 year period and includes a highly advanced Website...
ATutor AContent 1.1 / 1.3 Cross Site Scripting
AContent 1.1 Multiple Cross-Site Scripting Vulnerabilities Vendor: ATutor Inclusive Design Institute Product web page: http://www.atutor.ca Affected version: 1.1 build r296 Summary: AContent is an open source learning content authoring system and respository used to create interoperable,...
DoceboLMS 4.0.4 Cross Site Scripting
DoceboLMS 4.0.4 Multiple Stored XSS Vulnerabilities function xss1document.forms"xss1".submit; function xss2document.forms"xss2".submit; input type="hidden" name="authenticrequest" value="23dfee506a748201730ab2bb7...
DoceboLms 4.0.4 - Multiple Persistent Cross-Site Scripting Vulnerabilities
DoceboLms 4.0.4 - Multiple Persistent Cross-Site Scripting Vulnerabilities DoceboLMS 4.0.4 Multiple Stored XSS Vulnerabilities function xss1document.forms"xss1".submit; function xss2document.forms"xss2".submit; input type="hidden" name="authentic...
DVBBS Multiple Cross Site Scripting Vulnerabilities
Exploit for unknown platform in category web applications =================================================== DVBBS Multiple Cross Site Scripting Vulnerabilities =================================================== Remote: Yes Credit: lostmon is credited with the discovery of this vulnerability...
CVE-2008-2302
Cross-site scripting XSS vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request...