| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter of $_GET['dbhcms_pid'] variable in dbhcms\page.php line 107, |
| phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php. |
| The time check operation of PepeAuctionSale 1.0 can be rendered ineffective by assigning a large number to the _duration variable, compromising access control to the application. |
| Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request. |
| A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1-628 may lead to an out-of-bounds write while running mp42aac, leading to system crashes and a denial of service (DOS). |
| Insufficient filtering of the tag parameters in feehicms 0.1.3 allows attackers to execute arbitrary web or HTML via a crafted payload. |
| A stored cross-site scripting (XSS) vulnerability via ResourceController.java in spring-boot-admin as of 20190710 allows attackers to execute arbitrary web scripts or HTML. |
| A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile action in save.php. |
| Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7. |
| DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. |
| Cross Site Scripting (XSS) vulnerability in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B via all fields in the FTP settings page to the "goform/formSetFtpCfg" settings page. |
| Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new. |
| Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile. |
| Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing. |
| Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile. |
| Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing. |
| Cross Site Scripting (XSS) in redirect module of Racktables version 0.21.2, allows an attacker to inject arbitrary web script or HTML via the op parameter. |
| Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service. |
| Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI. |