CVE-2024-22414

flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the /user/ page allows a user's comments to execute arbitrary javascript code. The html template user.html contains the following code snippet to render comments made by a user: comment2|safe. Use of the "safe" tag...

Cross site request forgery (csrf)

In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account...

CVE-2018-18215

In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account...

CVE-2018-18215

In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account...

CVE-2018-18215

In Youke365 v1.1.5, the admin/user.html page contains a CSRF vulnerability that can be exploited by remote attackers to add a user account. The issue is documented across multiple sources (CVE-2018-18215) with CVSS v3.0 base score 8.8 (HIGH) and CVSS v2.0 base score 6.8 (MEDIUM) indicating unauth...

XPOZE Pro 3.06 - uid SQL Injection

XPOZE Pro 3.06 - uid SQL Injection ^Hiva Digital Security Team^ ^HIva Team^ Script: Xpoze Pro CMS 2008 XPOZE Pro 3.06 SQL Injection Exploit Demo: http://demo.xpoze.org/ Authors: farenh3it, sn0wman Exploit:...

Unfixed XSS vulnerability at www.mywunschzettel.de

Security researcher kInGoFcHaOs, has submitted on 18/06/2008 a cross-site-scripting XSS vulnerability affecting www.mywunschzettel.de, which at the time of submission ranked 3485259 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/07/2008. It...