Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-37807)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-37806)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-37809)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Kashipara Hotel Management System 安全漏洞

Kashipara Hotel Management System is a hotel management system from Kashipara. A cross-site scripting vulnerability exists in Kashipara Hotel Management System v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the useremail parameter of...

CVE-2024-42779

An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=savemusic" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file...

Mini Inventory and Sales Management System 安全漏洞

Mini Inventory and Sales Management System is a small inventory and sales management system written in PHP CodeIgniter framework that supports MySQL and Sqlite3 databases. A security vulnerability exists in Mini Inventory and Sales Management System. An attacker can exploit this vulnerability to...

ZZCMS content parameter cross-site scripting vulnerability

ZZCMS is a content management system CMS by the ZZCMS team in China. A cross-site scripting vulnerability exists in ZZCMS v2023, which originates from the lack of effective filtering and escaping of user-supplied data in the content parameter of /user/askedit.php?action=add, which can be exploite...

TpMeCMS Cross-Site Scripting Vulnerability

TpMeCMS is a CMS developed on the FastAdmin framework. TpMeCMS version 1.3.3.2 suffers from a cross-site scripting vulnerability, which originates from the lack of effective filtering and escaping of user-supplied data in the parameter Site Name/Beian/Contact address/copyright/technical support i...

Concrete CMS Cross-Site Scripting Vulnerability

Concrete CMS is Concrete CMS open source a team-oriented open source content management system . Concrete CMS cross-site scripting vulnerability , the vulnerability stems from the getAttributeSetName function of the user-supplied data lack of effective filtering and escaping , an attacker can...

CVE-2024-41613

A Cross Site Scripting XSS vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject arbitrary web script or HTML by editing note...

CVE-2024-41613

A Cross Site Scripting XSS vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject arbitrary web script or HTML by editing note...

CVE-2024-41613

A Cross Site Scripting XSS vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject arbitrary web script or HTML by editing note...

CVE-2024-41613

CVE-2024-41613 represents a documented XSS in Symphony CMS 2.7.10, where an attacker can inject arbitrary script/HTML by editing a note. The affected software is Symphony CMS (version 2.7.10); the entry describes the vulnerability as a cross-site scripting issue impacting note editing. The Red Ha...

Cross-site scripting vulnerability in microweber admin.php file

Microweber is Microweber open source can provide drag and drop functionality of the online store management system . The system includes adding products , images and other modules. microweber 2.0.16 version of a cross-site scripting vulnerability , the vulnerability stems from...

Record Management System school parameter cross-site scripting vulnerability

Record Management System is a record management system. A cross-site scripting vulnerability exists in Record Management System version 1.0, which stems from the lack of effective filtering and escaping of user-supplied data by parameter school, and can be exploited by an attacker to execute...

Microweber add_tagging_tagged.php file cross-site scripting vulnerability

Microweber is Microweber open source can provide drag and drop functionality of the online store management system . The system includes adding products , images and other modules. microweber version 2.0.16 cross-site scripting vulnerability , the vulnerability stems from...

GHSA-M99V-MMG2-66VF Microweber Reflected Cross-site scripting (XSS) vulnerability

A Reflected Cross-site scripting XSS vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter...

CVE-2024-40101

A Reflected Cross-site scripting XSS vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter...

TOTOLINK EX200 安全漏洞

The TOTOLINK EX200 is a 2.4G wireless N range extender designed to extend the coverage of existing Wi-Fi networks. A buffer overflow vulnerability exists in the TOTOLINK EX200. The vulnerability originates from the function loginauth in the /cgi-bin/cstecgi.cgi file, which operates on the paramet...

SAP CRM Cross-Site Scripting Vulnerability (CNVD-2024-36347)

SAP CRM is a customer relationship management system from SAP, Germany. SAP CRM suffers from a cross-site scripting vulnerability that stems from custom CSS support options that do not adequately encode user-controlled input, which can be exploited by an attacker to execute arbitrary web script o...