CVE-2024-22569

Stored Cross-Site Scripting XSS vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&isinstalldb=0...

CVE-2024-22569

POSCMS v4.6.2 contains a Stored XSS vulnerability. A crafted payload to /index.php?c=install&m=index&step=2&is_install_db=0 can cause arbitrary code execution. The connected PT-2024-19489 advisory notes a workaround to restrict access to that endpoint until a patch is available; no patch/version ...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Express.js Express denial of service (CVE-2022-24999)

Summary Potential denial of service vulnerability in express-CVE-2022-24999 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-24999 DESCRIPTION: Express.js Express is vulnerable to...

Conversios.io < 4.6.2 - Subscriber+ SQL Injection

The plugin does not sanitise, validate and escape the syncprogressivedata parameter for the tvcajaxproductsyncbantchwise AJAX action before using it in a SQL statement, allowing any authenticated user to perform SQL injection attacks. Note: The vendor was notified multiple times since November 6t...

Injection in UserFrosting

In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” functionality to reset the victim’s password and successfully take over their account...

mambo462-xss.txt

Application : Mambo v4.6.2 Author : Beenu Arora website : www.darkc0de.com Email ; [email protected] Website: http://sourceforge.net/projects/mambo/ --------------- |Multiple XSS | --------------- a.Vulnerable URL: http://localhost/mambo/index.php?option=comfrontpage&Itemid= Parameter = Item...