21 matches found
EUVD-2017-4316
Malware in sbrugna...
CVE-2022-21644
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are...
Cross site scripting
A vulnerability has been found in Yuna Scatari TBDev up to 2.1.17 and classified as problematic. Affected by this vulnerability is the function getusericons of the file usersearch.php. The manipulation of the argument n/r/r2/em/ip/co/ma/d/d2/ul/ul2/ls/ls2/dl/dl2 leads to cross site scripting. The...
CVE-2014-125027
CVE-2014-125027 affects Yuna Scatari TBDev up to version 2.1.17, impacting the get_user_icons function in usersearch.php. The vulnerability arises from improper handling of the parameter n/r/r2/em/ip/co/ma/d/d2/ul/ul2/ls/ls2/dl/dl2, allowing cross-site scripting and remote exploitation. The advis...
CVE-2014-125027 Yuna Scatari TBDev usersearch.php get_user_icons cross site scripting
A vulnerability has been found in Yuna Scatari TBDev up to 2.1.17 and classified as problematic. Affected by this vulnerability is the function getusericons of the file usersearch.php. The manipulation of the argument n/r/r2/em/ip/co/ma/d/d2/ul/ul2/ls/ls2/dl/dl2 leads to cross site scripting. The...
Sql injection
Useful Simple Open-Source CMS USOC is a content management system CMS for programmers. Versions prior to Pb2.4Bfx3 allowed Sql injection in usersearch.php only for users with administrative privileges. Users should replace the file admin/pages/useredit.php with a newer version. USOC version...
CVE-2022-21666
CVE-2022-21666 concerns the Useful Simple Open-Source CMS (USOC). Multiple connected records confirm a SQL injection vulnerability in the admin functionality, specifically involving the file path admin/pages/useredit.php and related usersearch.php logic. The flaw affects versions prior to Pb2.4Bf...
CVE-2022-21666 SQL Injection in useredit.php
Useful Simple Open-Source CMS USOC is a content management system CMS for programmers. Versions prior to Pb2.4Bfx3 allowed Sql injection in usersearch.php only for users with administrative privileges. Users should replace the file admin/pages/useredit.php with a newer version. USOC version...
CVE-2022-21666 SQL Injection in useredit.php
Useful Simple Open-Source CMS USOC is a content management system CMS for programmers. Versions prior to Pb2.4Bfx3 allowed Sql injection in usersearch.php only for users with administrative privileges. Users should replace the file admin/pages/useredit.php with a newer version. USOC version...
CVE-2022-21644
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are...
Sql injection
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are...
CVE-2022-21644 SQL Injection via search in USOC
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are...
CVE-2022-21644
Summary: CVE-2022-21644 affects USOC, an open source CMS. The vulnerability arises in the search functionality (usersearch.php) where user-supplied terms are not sanitized and are directly used to construct SQL statements, enabling SQL injection. The issue is limited to affected USOC versions wit...
CVE-2022-21644 SQL Injection via search in USOC
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via usersearch.php. In search terms provided by the user were not sanitized and were used directly to construct a sql statement. The only users permitted to search are site admins. Users are...
CVE-2017-12907
Cross-Site Scripting XSS exists in NexusPHP version v1.5 via the url path to usersearch.php...
CVE-2017-12907
Cross-Site Scripting XSS exists in NexusPHP version v1.5 via the url path to usersearch.php...
NexusPHP Cross-Site Scripting Vulnerability (CNVD-2017-28416)
NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A cross-site scripting vulnerability exists in NexusPHP v1.5. A remote attacker can inject arbitrary web script or HTML by sending parameters to the usersearch.php file to exploit the...
CVE-2017-12777
Cross-Site Scripting XSS exists in NexusPHP version v1.5 via some parameter to usersearch.php...
Cross site scripting
Cross-Site Scripting XSS exists in NexusPHP version v1.5 via some parameter to usersearch.php...
CVE-2017-12777
CVE-2017-12777 is a confirmed Cross‑Site Scripting (XSS) vulnerability in NexusPHP v1.5. According to CNVD-2017-28416 and NVD details, a remote attacker can inject arbitrary web script or HTML by sending crafted parameters to the file usersearch.php, potentially affecting pages that render the vu...