Security
Headlines
HeadlinesLatestCVEs

Tag

#sql

OctoberCMS v3.4.0 (Category) Stored Cross-Site Scripting Vulnerability

OctoberCMS suffers from stored cross-site scripting vulnerability when a user with the ability to a category-creating feature that stores data persistently could create a stored XSS attack against any other users visiting the blog page. This can lead to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

Zero Science Lab
Open in Source
#sql#xss#vulnerability#web#mac#js#wordpress#php#postgres#docker
OctoberCMS v3.4.0 (Blog) Stored Cross-Site Scripting Vulnerabilities

OctoberCMS suffers from stored cross-site scripting vulnerability when a user with the ability to a blog-creating feature that stores data persistently could perform a stored XSS attack against any other users visiting the blog page. This can lead to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

OctoberCMS v3.4.0 (Author) Stored Cross-Site Scripting Vulnerability

OctoberCMS suffers from stored cross-site scripting vulnerability when a user with the ability to be an author feature could perform a stored XSS attack against any other users visiting the posts by the author. This can lead to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

OctoberCMS v3.4.0 (Wiki_article) Stored Cross-Site Scripting Vulnerability

OctoberCMS suffers from stored cross-site scripting vulnerability when a user with the ability to create an article could perform a stored XSS attack against any other users with the ability to create an article. This can lead to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

CVE-2020-36768

A vulnerability was found in rl-institut NESP2 Initial Release/1.0. It has been classified as critical. Affected is an unknown function of the file app/database.py. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 07c0cdf36cf6a4345086d07b54423723a496af5e. It is recommended to apply a patch to fix this issue. VDB-246642 is the identifier assigned to this vulnerability.

CVE-2023-6464

A vulnerability was found in SourceCodester User Registration and Login System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /endpoint/add-user.php. The manipulation of the argument user leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-246614 is the identifier assigned to this vulnerability.

CVE-2023-48893: Vuln0wned Report: SQL Injection in staff_act.php · Issue #209 · slims/slims9_bulian

Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/staff_act.php.

CVE-2023-48813: CVE-ID-not-yet/slims/slims9_bulian-9.6.1-SQLI-fines_report.md at main · komangsughosa/CVE-ID-not-yet

Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php.

GHSA-fg29-37px-c7wm: RuoYi vulnerable to SQL injection vulnerability

RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit.

CVE-2023-49371: RuoYi-v4.6-vulnerability/Ruoyiv4.6.md at main · Maverickfir/RuoYi-v4.6-vulnerability

RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit.