| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check. |
| An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the third textbox (aka site logo) of "System setting->site setting" of admin/index.php, aka site_logo. |
| An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the second textbox of "System setting->site setting" of admin/index.php, aka site_domain. |
| An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the first textbox of "System setting->site setting" of admin/index.php, aka site_name. |
| njiandan-cms through 2013-05-23 has index.php/admin/user_new CSRF to add an administrator. |
| imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter. |
| admin/default.php in PHPMyWind v5.5 has XSS via an HTTP Host header. |
| In CmsEasy 7.0, there is XSS via the ckplayer.php autoplay parameter. |
| JTBC(PHP) 3.0.1.8 allows Arbitrary File Upload via the console/#/console/file/manage.php?type=list URI, as demonstrated by a .php file. |
| In CmsEasy 7.0, there is XSS via the ckplayer.php url parameter. |
| ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter. |
| ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value. |
| daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters. |
| skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter. |
| includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages. |
| ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter. |
| ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter. |
| A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php. |
| upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter. |
| VNote 2.2 has XSS via a new text note. |
