CVE-2014-4613
Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php. (CV…
[20180301] – Core – SQLi vulnerability User Notes
Project: Joomla!
SubProject: CMS
Impact: High
Severity: Low
Versions: 3.5.0 through 3.8.5
Exploit type: SQLi
Reported Date: 2018-March-08
Fixed Date: 2018-March-12
CVE Number: CVE-2018-8045
Description
The lack of type casting of a variable in SQL st…
CVE-2012-0941
Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, …
[20180104] – Core – SQLi vulnerability in Hathor postinstall message
Project: Joomla!
SubProject: CMS
Impact: High
Severity: Low
Versions: 3.7.0 through 3.8.3
Exploit type: SQLi
Reported Date: 2017-November-17
Fixed Date: 2018-January-30
CVE Number: CVE-2018-6376
Description
The lack of type casting of a variable in S…
[20180103] – Core – XSS vulnerability in Uri class
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 1.5.0 through 3.8.3
Exploit type: XSS
Reported Date: 2017-November-17
Fixed Date: 2018-January-30
CVE Number: CVE-2018-6379
Description
Inadequate input filtering in the Uri cl…
[20180102] – Core – XSS vulnerability in com_fields
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 3.7.0 through 3.8.3
Exploit type: XSS
Reported Date: 2018-January-20
Fixed Date: 2018-January-30
CVE Number: CVE-2018-6377
Description
Inadequate input filtering in com_fields …
[20180101] – Core – XSS vulnerability in module chromes
Project: Joomla!
SubProject: CMS
Impact: Moderate
Severity: Low
Versions: 3.0.0 through 3.8.3
Exploit type: XSS
Reported Date: 2018-January-21
Fixed Date: 2018-January-30
CVE Number: CVE-2018-6380
Description
Lack of escaping in the module chromes le…
CVE-2012-6667
Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte Technologies vBShout module for vBulletin allows remote attackers to inject arbitrary web script or HTML via the shout parameter in a shout action. (CVSS:4.3) (Last Update:2018-01-29)
CVE-2012-0699
Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or…