The Advanced Text Widget plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
The Alert Before Your Post plugin for WordPress is vulnerable to cross-site scripting (XSS) due to inadequate input sanitization. An attacker can exploit this vulnerability by injecting arbitrary script code in the affected site's browser. This can lead to the theft of authentication credentials and enable further malicious activities.
The Digital Attic Foundation CMS is vulnerable to an SQL injection attack due to inadequate input sanitization. An attacker can manipulate the 'id' parameter in the 'index.php' page to inject malicious SQL code, potentially compromising the application, gaining unauthorized access to data, or exploiting other vulnerabilities in the underlying database.
This exploit allows an attacker to perform a blind SQL injection attack in the myAlbum-P module of XOOPS CMS version 2.0 or earlier. By manipulating the 'cid' parameter in the viewcat.php file, an attacker can extract sensitive information from the database.
The GoAhead WebServer is prone to multiple cross-site scripting vulnerabilities due to insufficient sanitization of user-supplied data. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a victim user, potentially leading to the theft of authentication credentials and other attacks.
The Jetty Web Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary files within the context of the webserver. Information harvested may aid in launching further attacks.
The Flexible Custom Post Type plugin for WordPress is vulnerable to cross-site scripting due to insufficient input sanitization. An attacker can exploit this vulnerability by injecting arbitrary script code into the affected site's browser, potentially leading to the theft of authentication credentials and other malicious activities.
ZOHO ManageEngine ADSelfService Plus is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
webERP is prone to information-disclosure, SQL-injection, and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may exploit the information-disclosure issue to gain access to sensitive information that may lead to further attacks. An attacker may exploit the SQL-injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This vulnerability allows an attacker to perform SQL injection by manipulating the 'newsid' parameter in the 'news.php' file. By using a UNION SELECT statement, the attacker can retrieve the usernames and passwords from the 'newsadmin' table.
Services By CQR