4 results (0.003 seconds)

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in index.php in DEV Web Management System (WMS) 1.5 allows remote attackers to inject arbitrary web script or HTML via the action parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php en DEV Web Management System (WMS) 1.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro action. • http://securityreason.com/securityalert/1758 http://www.securityfocus.com/archive/1/449121/100/0/threaded http://www.securityfocus.com/bid/20590 http://www.x0n3-h4ck.org/index.php?name=news&article=139 https://exchange.xforce.ibmcloud.com/vulnerabilities/29659 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in register.php in DEV web management system 1.5 allows remote attackers to inject arbitrary web script or HTML via the "City/Region" field (mesto variable). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://secunia.com/advisories/18714 http://www.osvdb.org/23468 http://www.securityfocus.com/bid/16812 http://www.vupen.com/english/advisories/2006/0723 https://exchange.xforce.ibmcloud.com/vulnerabilities/24875 •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 7

Multiple SQL injection vulnerabilities in DEV web management system 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in an openforum action (openforum.php) in index.php, (2) cat parameter in getfile.php, and (3) target parameter in download_now.php. • https://www.exploit-db.com/exploits/1387 https://www.exploit-db.com/exploits/26977 https://www.exploit-db.com/exploits/26976 http://rgod.altervista.org/dev_15_sql_xpl.html http://secunia.com/advisories/18239 http://securitytracker.com/id?1015410 http://www.osvdb.org/22040 http://www.osvdb.org/22041 http://www.osvdb.org/22042 http://www.securityfocus.com/archive/1/420253/100/0/threaded http://www.securityfocus.com/bid/16063 https://exchange.xforce.ibmcloud. •

CVSS: 4.3EPSS: 2%CPEs: 1EXPL: 5

Cross-site scripting (XSS) vulnerability in add.php in DEV web management system 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) ENTER_ARTICLE_TITLE, (2) SPECIFY_ZONE, (3) ENTER_ARTICLE_HEADER, and (4) ENTER_ARTICLE_BODY indices in the language array parameter. • https://www.exploit-db.com/exploits/26978 http://rgod.altervista.org/dev_15_sql_xpl.html http://secunia.com/advisories/18239 http://securitytracker.com/id?1015410 http://www.osvdb.org/22043 http://www.securityfocus.com/archive/1/420253/100/0/threaded http://www.securityfocus.com/bid/16063 https://exchange.xforce.ibmcloud.com/vulnerabilities/23900 •