8 matches found
EUVD-2019-3052
Malware in sbrugna...
CVE-2019-20519
ERPNext 11.1.47 allows reflected XSS via the PATHINFO to the user/ URI, as demonstrated by a crafted e-mail address...
Design/Logic Flaw
ERPNext 11.1.47 allows reflected XSS via the PATHINFO to the user/ URI, as demonstrated by a crafted e-mail address...
CVE-2019-20519
Affected software: ERPNext 11.1.47. Vulnerability: reflected XSS via PATH_INFO to the user/ URI, demonstrated by a crafted e-mail address. Root cause (as stated): improper handling of PATH_INFO leading to script execution on the client side. Impact: client-side code execution risk; severity metri...
CVE-2019-11077
FastAdmin V1.0.0.20190111beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 URI...
CVE-2019-8902
An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI...
PHPGedView 2.5/2.6 - 'Individual.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/11882/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remote attacker to create a malicious...
CHETCPASSWD 1.12 - Shadow File Disclosure
source: https://www.securityfocus.com/bid/6472/info CHETCPASSWD is prone to a vulnerability that may potentially cause the tail end of the local shadow file to be disclosed to a remote attacker. It is possible to exploit this issue by sending an overly long string as a value for the 'user' URI...