Lucene search
K

33 matches found

OSV
OSV
added 2018/04/10 6:29 a.m.4 views

CVE-2018-9925

An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request...

5.4CVSS5.8AI score0.00644EPSS
Exploits1References1
Prion
Prion
added 2016/12/13 10:59 p.m.13 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 description, 2 email, or 3 username parameter to user/save...

4.3CVSS6AI score0.01855EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2016/12/13 10:0 p.m.21 views

CVE-2016-5060

Multiple cross-site scripting XSS vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 description, 2 email, or 3 username parameter to user/save...

6.1AI score0.01855EPSS
Exploits1References4
Cvelist
Cvelist
added 2016/08/01 1:0 a.m.24 views

CVE-2016-4834

modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors...

7.7AI score0.02207EPSS
Exploits0References5
OSV
OSV
added 2016/04/12 3:59 p.m.10 views

CVE-2016-3169

The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the usersave function with an explicit category and loads all roles into the array...

8.1CVSS8.3AI score
Exploits0References4
OSV
OSV
added 2016/04/12 3:59 p.m.2 views

UBUNTU-CVE-2016-3169

The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the usersave function with an explicit category and loads all roles into the array...

8.1CVSS7.3AI score0.02221EPSS
Exploits0References4
NVD
NVD
added 2015/01/01 11:59 a.m.17 views

CVE-2011-5316

Cross-site request forgery CSRF vulnerability in admin/index.php in Cambio 0.5a nightly r37 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...

6.8CVSS7AI score0.00609EPSS
Exploits1References1
NVD
NVD
added 2015/01/01 11:59 a.m.10 views

CVE-2011-5315

Cross-site request forgery CSRF vulnerability in admin/index.php in whCMS 0.115 alpha allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...

6.8CVSS7AI score0.00609EPSS
Exploits1References1
Prion
Prion
added 2015/01/01 11:59 a.m.14 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in admin/index.php in Cambio 0.5a nightly r37 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...

6.8CVSS7.6AI score0.00609EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2015/01/01 11:59 a.m.10 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in admin/index.php in whCMS 0.115 alpha allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...

6.8CVSS7.6AI score0.00609EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2015/01/01 11:0 a.m.22 views

CVE-2011-5315

Cross-site request forgery CSRF vulnerability in admin/index.php in whCMS 0.115 alpha allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...

7AI score0.00609EPSS
Exploits1References1
Cvelist
Cvelist
added 2015/01/01 11:0 a.m.22 views

CVE-2011-5316

Cross-site request forgery CSRF vulnerability in admin/index.php in Cambio 0.5a nightly r37 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action...

7AI score0.00609EPSS
Exploits1References1
CVE
CVE
added 2015/01/01 11:0 a.m.41 views

CVE-2011-5316

The CVE-2011-5316 entry concerns a CSRF flaw in the Cambio 0.5a nightly r37 release, specifically affecting the admin/index.php handler. The underlying issue allows an attacker to hijack an administrator’s session and perform credential-changing actions via a seemingly legitimate user-initiated r...

6.8CVSS7.3AI score0.00609EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder