[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

252097

 
 

909

 
 

196747

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 250907 Download | Alert*

razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component.

razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component.

feindura 2.0.7 allows XSS via the tags field of a new page created at index.php?category=0&page=new.

Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files.

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145108.

\upload\plugins\sys\Install.php in CScms 4.1 has XSS via the site name.

CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.

\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save.

In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block.

In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings).


Pages:      Start    11200    11201    11202    11203    11204    11205    11206    11207    11208    11209    11210    11211    11212    11213    ..   25090

© SecPod Technologies