EUVD-2018-4581

Malware in sbrugna...

Cross-site Scripting (XSS)

prestashop/prestashop is vulnerable to Cross-Site Scripting. The vulnerability is due to the isCleanHtml function within Validate.php because it does not adequately identify and filter out HTML attributes and Unicode characters, which allows an attacker to inject malicious scripts, leading to...

Cross-site Scripting (XSS)

prestashop/prestashop is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to missing restricted html tags in the isCleanHTML method of Validate.php which allows an attacker to inject and execute malicious Javascript...

Cross-Site Scripting (XSS)

prestashop/prestashop is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of event sanitization in the $events parameter of Validate.php which allows an attacker to inject and execute arbitrary JavaScript into the browser...

CVE-2018-12625

An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter...

CVE-2018-12625

An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter...

Cross site scripting

An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter...

CVE-2018-12625

An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter...

CVE-2011-3825

Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Validate.php and certain other files...

CVE-2004-1509

CVE-2004-1509 affects WebCalendar via validate.php, where a remote attacker can gain sensitive information by supplying an invalid encoded_login parameter, causing the full path to be exposed in an error message. The NVD entry lists a CVSS v2 base score of 5.0 (Medium) with network access, no aut...