6 matches found
CVE-2019-19619
domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS...
Daily Habit Tracker 1.0 - Stored Cross-Site Scripting (XSS)
Exploit Title: Daily Habit Tracker 1.0 - Stored Cross-Site Scripting XSS Date: 2 Feb 2024 Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17118/daily-habit-tracker-using-php-and-mysql-source-code.html Version: 1.0...
milforddailynews.com XSS vulnerability
Open Bug Bounty ID: OBB-161390 Description| Value ---|--- Affected Website:| milforddailynews.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...
CVE-2014-9528
CVE-2014-9528 affects HumHub 0.10.0-rc.1 and earlier. The vulnerability is a SQL injection in the actionIndex function of protected/modules_core/notification/controllers/ListController.php, exploitable by remote authenticated users via the from parameter to index.php. The issue may also enable cr...
cmseasy csrf导致sql注入绕过union getshell
简要描述: 上一次做了一个csrf+sql注入getshell的 这一次我继续发一个,由于此属于一个get类型的,所以很简单的,管理员根本就不用去点击,就能触发sql并且getshell 详细说明: 首先我们分析一下sql语句: admin/live/header.php:line:16-21 include'../../include/config.inc.php'; includeCEROOT.'/include/admin/check.inc.php'; includeCEROOT.'/include/celive.class.php'; $adminheader = new...
cpanel-xssxsrf.txt
DESCRIPTION OF THE SOFTWARE cPanel is a hosting automation tool. WHM interface provides access to the heart of the cPanel and WHM package and allows a Server Administrator to simply configure a few options and be on their way to hosting web sites. 2. DESCRIPTION OF THE VULNERABILITY There are...