33 matches found
CVE-2018-9925
An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 description, 2 email, or 3 username parameter to user/save...
CVE-2016-5060
Multiple cross-site scripting XSS vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 description, 2 email, or 3 username parameter to user/save...
CVE-2016-4834
modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors...
CVE-2016-3169
The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the usersave function with an explicit category and loads all roles into the array...
UBUNTU-CVE-2016-3169
The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the usersave function with an explicit category and loads all roles into the array...
CVE-2011-5316
Cross-site request forgery CSRF vulnerability in admin/index.php in Cambio 0.5a nightly r37 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...
CVE-2011-5315
Cross-site request forgery CSRF vulnerability in admin/index.php in whCMS 0.115 alpha allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in admin/index.php in Cambio 0.5a nightly r37 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in admin/index.php in whCMS 0.115 alpha allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...
CVE-2011-5315
Cross-site request forgery CSRF vulnerability in admin/index.php in whCMS 0.115 alpha allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...
CVE-2011-5316
Cross-site request forgery CSRF vulnerability in admin/index.php in Cambio 0.5a nightly r37 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...
CVE-2011-5316
The CVE-2011-5316 entry concerns a CSRF flaw in the Cambio 0.5a nightly r37 release, specifically affecting the admin/index.php handler. The underlying issue allows an attacker to hijack an administrator’s session and perform credential-changing actions via a seemingly legitimate user-initiated r...