Security
Headlines
HeadlinesLatestCVEs

Tag

#webkit

CVE-2023-26953: Background administrator management - Adding an administrator has a storage xss vulnerability · Issue #8 · keheying/onekeyadmin

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Administrator module.

CVE
Open in Source
#xss#vulnerability#web#windows#apple#js#php#chrome#webkit
CVE-2023-26954: Backstage member grouping - add storage xss vulnerability · Issue #11 · keheying/onekeyadmin

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Group module.

CVE-2019-8720: WebKitGTK and WPE WebKit Security Advisory WSA-2019-0005

A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.

CVE-2023-26949: Remote code execution caused by uploading arbitrary files in the background · Issue #1 · keheying/onekeyadmin

An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file.

Purchase Order Management 1.0 Cross Site Scripting

Purchase Order Management version 1.0 appears to suffer from a cross site scripting vulnerability due to printing errors with a malicious password payload.

CVE-2023-1162: Vuln/2.md at main · xxy1126/Vuln

A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1225C of the file mainfunction.cgi. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222258 is the identifier assigned to this vulnerability.

CVE-2023-1163: Vuln/3.md at main · xxy1126/Vuln

A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4 and classified as problematic. Affected by this vulnerability is the function sub_1DA58 of the file mainfunction.cgi. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222259.

CVE-2021-4328: 狮子鱼CMS ApiController.class.php SQL注入漏洞复现 - n00bk1ng的小窝

A vulnerability has been found in ???CMS and classified as critical. Affected by this vulnerability is the function goods_detail of the file ApiController.class.php. The manipulation of the argument goods_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-222223.