CVE-2014-125078 – yanheven console horizon.instances.js cross site scripting
https://notcve.org/view.php?id=CVE-2014-125078
A vulnerability was found in yanheven console and classified as problematic. Affected by this issue is some unknown functionality of the file horizon/static/horizon/js/horizon.instances.js. The manipulation leads to cross site scripting. The attack may be launched remotely. The patch is identified as 32a7b713468161282f2ea01d5e2faff980d924cd. • https://github.com/yanheven/console/commit/32a7b713468161282f2ea01d5e2faff980d924cd https://vuldb.com/?ctiid.218354 https://vuldb.com/?id.218354 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-7138 – Horizon QCMS 4.0 SQL Injection / Directory Traversal
https://notcve.org/view.php?id=CVE-2013-7138
Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter. Vulnerabilidad de recorrido de directorios en lib/functions/d-load.php de Horizon Quick Content Management System (QCMS) 4.0 y anteriores permite a atacantes remotos leer archivos de forma arbitraria a través de un .. (punto punto) en el parámetro start. Horizon QCMS version 4.0 suffers from remote SQL injection and directory traversal vulnerabilities. • http://www.securityfocus.com/bid/64717 https://www.htbridge.com/advisory/HTB23191 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •