Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2022-27047: mogu_blog_v5.2 backend Management System has an vulnerability of uploading arbitrary files · Issue #62 · moxi624/mogu_blog_v2

mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation.

CVE
#xss#vulnerability#js#git#java
CVE-2021-46437: ZZCMS2021 has a xss vulnerability · Issue #2 · xunyang1/ZZCMS

An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php.

CVE-2022-27349: GitHub - D4rkP0w4r/sms-Unrestricted-File-Upload-RCE-POC

Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-27357: CVEs/POC.md at main · D4rkP0w4r/CVEs

Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-27064: GitHub - D4rkP0w4r/Musical-World-Unrestricted-File-Upload-RCE-POC

Musical World v1 was discovered to contain an arbitrary file upload vulnerability via uploaded_songs.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-27063: GitHub - D4rkP0w4r/AeroCMS-Comment-Stored_XSS-Poc

AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.

CVE-2022-27348: GitHub - D4rkP0w4r/sms-Add_Student-Stored_XSS-POC

Social Codia SMS v1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field.

CVE-2022-26624

Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title parameter in /vendor/views/add_product.php.

CVE-2022-27062: GitHub - D4rkP0w4r/AeroCMS-Add_Posts-Stored_XSS-Poc

AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field.