Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2022-0362: SQL Injection in showdoc

SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.

CVE
#sql#web#windows#apple#js
CVE-2021-46085: There is a Insecure Permissions vulnerability exists in OneBlog <= 2.2.8 · Issue #29 · zhangyd-c/OneBlog

OneBlog <= 2.2.8 is vulnerable to Insecure Permissions. Low level administrators can delete high-level administrators beyond their authority.

CVE-2021-46084: There is a stored xss vulnerability exists in uscat. · Issue #2 · chenniqing/uscat

uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via "close registration information" input box.

CVE-2021-46083: There is a stored xss vulnerability exists in uscat. · Issue #1 · chenniqing/uscat

uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via the input box of the statistical code.

CVE-2021-46086: There is a Insecure Permissions vulnerability exists in XZS · Issue #327 · mindskip/xzs-mysql

xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The front end of this open source system is an online examination system. There is an unsafe vulnerability in the functional method of submitting examination papers. An attacker can use burpuite to modify parameters in the packet to destroy real data.

CVE-2021-41928: CVE-nu11secur1ty/vendors/oretnom23/CVE-nu11-17-092921 at main · nu11secur1ty/CVE-nu11secur1ty

SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) 1.0 by oretnom23, allows attackers to execute arbitrary code via the rid parameter to the view_recipe page.

CVE-2021-41930: CVE-nu11secur1ty/vendors/oretnom23/CVE-nu11-18-09-2821 at main · nu11secur1ty/CVE-nu11secur1ty

Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid Vaccination Scheduler System v1 by oretnom23, allows attackers to execute arbitrary code via the lid parameter to /scheduler/addSchedule.php.

CVE-2021-44244: CVE-nu11secur1ty/vendors/oretnom23/Simple-Logistic-Hub-Parcels-Management at main · nu11secur1ty/CVE-nu11secur1ty

An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Parcel's Management System 1.0 via the username parameter in login.php.

CVE-2021-46026: There is a stored xss vulnerability exists in mysiteforme · Issue #39 · wangl1989/mysiteforme

mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting (XSS) via the add blog tag function in the blog tag in the background blog management.

CVE-2021-46028: There is a CSRF vulnerability exists in mblog<=3.5.0 · Issue #50 · langhsu/mblog

In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, the article will be deleted.