Security
Headlines
HeadlinesLatestCVEs

Tag

#php

Blog Site 1.0 Cross Site Scripting

Blog Site version 1.0 suffers from a cross site scripting vulnerability.

Packet Storm
Open in Source
#xss#vulnerability#web#windows#google#php#auth#firefox
GHSA-hf66-xfgj-42g8: Microweber Cross Site Scripting (XSS) vulnerability

Microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\tags\add_tagging_tagged.php.

Online Shopping Portal Project 2.0 SQL Injection

Online Shopping Portal Project version 2.0 suffers from a remote SQL injection vulnerability.

Dolphin 7.4.2 Blind SQL Injection

Dolphin version 7.4.2 suffers from a remote blind SQL injection vulnerability.

e107 2.3.3 Cross Site Scripting

e107 version 2.3.3 suffers from a cross site scripting vulnerability.

Codeprojects E-Commerce 1.0 Insecure Settings

Codeprojects E-Commerce version 1.0 suffers from an ignored default credential vulnerability.

Blog Site 1.0 SQL Injection

Blog Site version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Best Courier Management System 1.0 SQL Injection

Best Courier Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Appointment Scheduler 4.0 Insecure Direct Object Reference

Appointment Scheduler version 4.0 suffers from an insecure direct object reference vulnerability.

GHSA-w9pg-7c3h-fc8j: ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF

### Impact Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF) Affected products: * Icinga Web (>=2.12.0) * Icinga DB Web (>=1.0.0) * Icinga Notifications Web (>=0.1.0) * Icinga Web JIRA Integration (>=1.3.0) All affected products, in any version, will be unaffected by this once `icinga-php-library` is upgraded. ### Patches Version 0.10.1 will include a fix for this. It will be published as part of the `icinga-php-library` v0.14.1 release.