12 matches found
CVE-2024-25166
Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file...
CVE-2024-25166
CVE-2024-25166 affects 71CMS v1.0.0. A Cross Site Scripting flaw allows a remote attacker to execute arbitrary code via the uploadfile action parameter in controller.php. The Red Hat/NVD/CVE reports and related vendors confirm the vulnerability; no official patch/version is provided in the suppli...
CVE-2024-25166
Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file...
CVE-2023-46495
Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter...
CVE-2023-46478
An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customerdata parameter...
CVE-2023-46478
An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customerdata parameter...
CVE-2023-40833
The CVE-2023-40833 entry concerns Thecosy IceCMS v1.0.0. A remote attacker can gain privileges via the Id and key parameters in getCosSetting, with impact described as Confidentiality/Integrity/Availability High. Public sources consistently describe a privilege escalation/vector affecting getCosS...
Information disclosure
An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via session key in the message function...
Information disclosure
An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function...
Authentication flaw
An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message...
Sql injection
SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive information via theID parameter in the fulldelete.php component...
CVE-2022-46957
CVE-2022-46957 affects Sourcecodester.com Online Graduate Tracer System v1.0.0. The vulnerability is described as Cross-Site Scripting (XSS). According to the CVSS data, the issue has a CVSS v3.1 base score of 6.1 (Medium), with Network attack vector, Low attack complexity, No privileges required...