#google

Sisfo Sistem Informasi Akademik LMS version 1.9.3 suffers from a cross site scripting vulnerability.

Rest-Cafe and Restaurant Website CMS version 2.0.0 suffers from a cross site scripting vulnerability.

phpFK version 9.2 Beta suffers from cross site scripting and remote SQL injection vulnerabilities.

ArabInfotech CMS version 2.0.1 suffers from a cross site scripting vulnerability.

Alumni Club Management Tools version 2.2.7 suffers from a cross site scripting vulnerability.

AngularJS Filemanager version 1.5.1 suffers from a remote shell upload vulnerability.

Alumni Club Management Tools version 2.2.7 suffers from file upload and remote SQL injection vulnerabilities.

Aplikasi Sistem Informasi Kelulusan CMS version 1.0.9 suffers from a remote file inclusion vulnerability.

Amazon S3 Droppy version 1.4.6 suffers from a remote shell upload vulnerability.

The MultiVendorX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.7. This is due to missing or incorrect nonce validation on the submit_comment() function. This makes it possible for unauthenticated attackers to submit comments via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.