Page 2 of 19 results (0.004 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-16660

https://notcve.org/view.php?id=CVE-2019-16660

joyplus-cms 1.6.0 has admin_ajax.php?action=savexml&tab=vodplay CSRF. joyplus-cms versión 1.6.0, presenta una vulnerabilidad de tipo CSRF de admin_ajax.php?action=savexml&tab=vodplay. • https://github.com/joyplus/joyplus-cms/issues/440 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-14501

https://notcve.org/view.php?id=CVE-2018-14501

manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring. manager/admin_ajax.php en joyplus-cms 1.6.0 tiene una inyección SQL, tal y como queda demostrado con datos POST manipulados con una subcadena que comienza por "m_id=1 AND SLEEP(5)". • https://github.com/joyplus/joyplus-cms/issues/432 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-14500

https://notcve.org/view.php?id=CVE-2018-14500

joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter. joyplus-cms 1.6.0 tiene Cross-Site Scripting (XSS) en manager/collect/collect_vod_zhuiju.php mediante el parámetro keyword. • https://github.com/joyplus/joyplus-cms/issues/431 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-14388

https://notcve.org/view.php?id=CVE-2018-14388

joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array parameter. joyplus-cms 1.6.0 tiene Cross-Site Scripting (XSS) en manager/admin_ajax.php mediante el parámetro del array can_search_device. • https://github.com/joyplus/joyplus-cms/issues/429 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-14389

https://notcve.org/view.php?id=CVE-2018-14389

joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val parameter. joyplus-cms 1.6.0 tiene una inyección SQL en manager/admin_ajax.php mediante el parámetro val. • https://github.com/joyplus/joyplus-cms/issues/430 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •