The vulnerability allows an attacker to inject sql commands from search section with 'my_item_search' parameter.
The GetSimple CMS application does not utilize the SameSite flag for the session cookie, and instead uses a CSRF token 'nonce' to protect against cross-site attacks. Version of the My SMTP Contact plugin v1.1.1 and before do not implement the CSRF token. When the administrator configures the SMTP settings, the backend PHP code of the plugin injects the admins user input into PHP code files. These user supplied values are injected into PHP strings which use double quotes, allowing variables to be expanded within the strings and variables enclosed in {} braces to attempt to evaluate complex expressions, resulting in code execution.
A stored cross-site scripting (XSS) vulnerability was discovered in htmly 2.8.0. An attacker can exploit this vulnerability to inject malicious JavaScript code into the 'description' field of the 'config.ini' file. This code will be executed in the browser of the victim when they visit the website.
A reflected cross-site scripting (XSS) vulnerability exists in Tileserver-gl versions <3.1.0. An attacker can exploit this vulnerability by sending a maliciously crafted URL to the victim. The malicious URL contains a malicious script that is executed in the victim's browser when the URL is accessed. The malicious script can be used to steal the victim's session information or to perform other malicious activities.
Horde Groupware Webmail 5.2.22 is vulnerable to stored XSS. An attacker can inject malicious JavaScript code into the application, which will be executed when a user views the affected page. This can be used to steal user credentials, session tokens, or other sensitive data.
jQuery versions greater than or equal to 1.0.3 and before 3.5.0 are vulnerable to Cross-Site Scripting (XSS). Two proof of concepts have been provided, one for jQuery versions greater than or equal to 1.0.3 and before 3.5.0 and the other for jQuery 3.x. The first proof of concept involves using a style tag with an img tag containing an onerror attribute. The second proof of concept involves using an img tag with an alt and title attribute containing a malicious payload.
A Cross-Site Scripting (XSS) vulnerability exists in jQuery versions greater than or equal to 1.2 and before 3.5.0. An attacker can inject malicious code into the vulnerable application, which will be executed in the victim's browser. Proof of Concept 1: <option><style></option></select><img src=x onerror=alert(1)></style>
An OS command execution vulnerability exists in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An attacker can exploit this vulnerability by creating a reverse shell payload, starting a listener, copying the payload to the target machine, and executing the payload.
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sys_config_valid.xgi, as demonstrated by the http://x.x.x.x/sys_config_valid.xgi?exeshell=%60telnetd%20%26%60 URI.
To exploit this flaw it is necessary to be authenticated. The vulnerable URL is https://vulnsite.com/citsmart/pages/smartPortal/pages/autoCompletePortal/autoCompletePortal.load?idPortfolio=&idServico=&query=fale and the vulnerable parameter is 'query'. Sqlmap usage is sqlmap -u "https://vulnsite.com/citsmart/pages/smartPortal/pages/autoCompletePortal/autoCompletePortal.load?idPortfolio=&idServico=&query=fale" --cookie 'JSESSIONID=xxx' --time-sec 1 --prefix ")" --suffix "AND ('abc%'='abc" --sql-shell
Services By CQR