[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

88036

 
 

136

 
 
Paid content will be excluded from the download.

Filter
Matches : 112926 Download | Alert*

FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a reflected XSS in forums/search.php (search-by-topic parameter).

groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS in commons/browser.php (path parameter).

Multiple Cross-Site Scripting (XSS) issues were discovered in phpipam 1.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (instructions in app/admin/instructions/preview.php; subnetId in app/admin/powerDNS/refresh-ptr-records.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-6394. Reason: This candidate is a duplicate of CVE-2017-6394. Notes: All CVE users should reference CVE-2017-6394 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (lang_code in themes/*/admin/system_preferences/language_edit.tmpl.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Multiple Cross-Site Scripting (XSS) issues were discovered in INTER-Mediator 5.5. The vulnerabilities exist due to insufficient filtration of user-supplied data (c and cred) passed to the "INTER-Mediator-master/Auth_Support/PasswordReset/resetpassword.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the "php-calendar-master/error.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

A Cross-Site Scripting (XSS) issue was discovered in reasoncms before 4.7.1. The vulnerability exists due to insufficient filtration of user-supplied data (nyroModalSel) passed to the "reasoncms-master/www/nyroModal/demoSent.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (state, element, id, tab, cid) passed to the "EPESI-master/modules/Utils/RecordBrowser/favorites.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (visible, tab, cid) passed to the EPESI-master/modules/Utils/RecordBrowser/Filters/save_filters.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.


Pages:      Start    9671    9672    9673    9674    9675    9676    9677    9678    9679    9680    9681    9682    9683    9684    ..   11292

© SecPod Technologies