4 matches found
SUSE CVE-2021-23225
Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "newusername" field during creation of a new user via "Copy" method at useradmin.php...
CVE-2013-1422
webcalendar before 1.2.7 shows the reason for a failed login e.g., "no such user"...
CVE-2017-1000428
flatCore-CMS 1.4.6 is vulnerable to reflected XSS in usermanagement.php due to the use of $SERVER'PHPSELF' to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string...
gpEasy 1.6.1 - Cross-Site Request Forgery (Add Admin)
============================================= gpEasy Date : 04-29-2010 Site : http://www.giudinvx.altervista.org/ Location : Naples, Italy -------------------------------------------------------- Application Info Site : http://www.gpeasy.com/ Version: 1.6.1...