XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks. Date published : 2022-04-27 https://huntr.dev/bounties/b8e5c324-3dfe-46b4-8095-1697c6b0a6d6 https://github.com/microweber/microweber/commit/1f6a4de416a85e626dc643bb5ceb916e4802223e
A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input...
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using...
Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto’s Tripetto plugin
Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko’s Psychological tests & quizzes plugin
A path traversal vulnerability in XPLATFORM’s runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using...
Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote...
A lack of rate limiting in the ‘forgot password’ feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service...
A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification. Date published : 2022-04-26 https://zammad.com/en/advisories/zaa-2022-03
GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=. Date published : 2022-04-26 https://github.com/GreenCMS/GreenCMS/issues/116
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit. Date published : 2022-04-26 https://github.com/alexlang24/bloofoxCMS/issues/14
dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del. Date published : 2022-04-26 https://github.com/ShaoGongBra/dhcms/issues/5
ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edit_user&id=1. Date published : 2022-04-26 https://github.com/chilin89117/ED01-CMS/issues/5
ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.php. Date published : 2022-04-26 https://github.com/chilin89117/ED01-CMS/issues/4