#csrf

Cross Site Request Forgery (CSRF) vulnerability in `xxl-job-admin/user/add` in xuxueli xxl-job version 2.2.0 allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file.

Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.

Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint.

Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file.

DigaSell Digital Store PHP Script version 1.0.0 suffers from a cross site scripting vulnerability.

iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.

DriverPack Solution CMS version 17.11.108 suffers from a cross site scripting vulnerability.

Desenvolvido C3iM CMS version 2.0 suffers from a cross site scripting vulnerability.

Deprixa version 3.2.5 suffers from a cross site request forgery vulnerability.

A CSRF issue was discovered in LWsystems Benno MailArchiv 2.10.1.