38 matches found
CVE-2026-1437
Graylog Web Interface console 2.2.3 contains a reflected XSS flaw due to insufficient sanitization/escaping of HTML output. Several endpoints may echo parts of the URL in responses, enabling arbitrary JavaScript execution when a user visits a crafted URL. The vulnerability could allow script exec...
CVE-2026-1437 Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface
Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...
Graylog Web Interface 跨站脚本漏洞
The Graylog Web Interface is a web interface provided by the American company Graylog. Version 2.2.3 of the Graylog Web Interface contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient cleaning and escaping of HTML output, which could allow arbitrary JavaScri...
PT-2026-20393
Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...
Webkul Krayin CRM 安全漏洞
Webkul Krayin CRM is a free and open source CRM solution for small and medium-sized businesses from Webkul India. A security vulnerability exists in Webkul Krayin CRM version 2.1.0 and prior versions, which originates in the file /admin/settings/users/edit that is vulnerable to cross-site scripti...
CVE-2022-30820
In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "usersedit.php" file...
CVE-2022-30829
Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\usersedit.php...
CVE-2022-30829
Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\usersedit.php...
Wedding Management System SQL注入漏洞
Wedding Management System is a wedding planning management system by John Paul Lim Gabule, a personal developer. version 1.0 of Wedding Management System is vulnerable to SQL injection, which stems from a lack of validation of external input on the admin/usersedit.php page. SQL statement...
CVE-2020-11679
Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to escalate their privileges by adding additional...
CVE-2020-11679
Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to escalate their privileges by adding additional...
CVE-2020-11679
Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation via Adminstrator/Users/Edit/:UserId, where requests aren’t checked for admin authority, enabling a normal user to add roles and gain administrator privileges. The issue is fixed in v1.0.1 per linked disclosures; CVSS data in sources ...
CVE-2020-11679
Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to escalate their privileges by adding additional...
WSTMall Cross-Site Request Forgery Vulnerability
WSTMall is an open source O2O e-commerce system developed using ThinkPHP framework and supporting multiple users. A cross-site request forgery vulnerability exists in WSTMall version 1.9.1170316. A remote attacker can add user accounts with the help of index.php?m=Admin&c=Users&a=edit URI to...
CVE-2018-13010
WSTMall v1.9.1170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account...
ISPConfig '/admin/users_edit.php' cross-site request forgery vulnerability
ISPConfig is a set of Linux-based open source hosting control panel, it can be used through the Web control panel to manage multiple servers, open a Web site, monitor server operating conditions and so on. ISPConfig suffers from a cross-site request forgery vulnerability that allows remote...
CMS Ortus 1.13 - SQL Injection
CMS Ortus 1.13 - SQL Injection Author: otmorozok428, http://forum.antichat.ru Products: CMS Ortus 1.12, CMS Ortus 1.13 Vendor: http://ortus.nirn.ru Download: http://ortus.nirn.ru/files/ortus1-12.zip, http://ortus.nirn.ru/files/ortus1-13.zip Dork for ALL Versions of CMS Ortus:...
PT-2004-2553 · Unknown · Password Protect
Name of the Vulnerable Software and Affected Versions: Password Protect affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL statements and bypass authentication. This can be achieved through various parameters and files, including 1 admin or Pas...