Show filters
53 Total Results
Displaying 21-30 of 53
Sort by:
Attacker Value
Unknown
CVE-2021-29033
Disclosure Date: March 24, 2021 (last updated February 22, 2025)
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/edit_group.php URI.
0
Attacker Value
Unknown
CVE-2021-29029
Disclosure Date: March 24, 2021 (last updated February 22, 2025)
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/edit_personal_page.php URI.
0
Attacker Value
Unknown
CVE-2021-29027
Disclosure Date: March 24, 2021 (last updated February 22, 2025)
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/index.php URI.
0
Attacker Value
Unknown
CVE-2021-29026
Disclosure Date: March 24, 2021 (last updated February 22, 2025)
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/permissions.php URI.
0
Attacker Value
Unknown
CVE-2021-29030
Disclosure Date: March 24, 2021 (last updated February 22, 2025)
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/index.php URI.
0
Attacker Value
Unknown
CVE-2012-5193
Disclosure Date: November 13, 2019 (last updated November 27, 2024)
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) stats/index.php or (2) newsletters/edition.php or the (3) username parameter to users/remind_password.php, (4) days parameter to stats/index.php, (5) login parameter to users/register.php, or (6) highlight parameter.
0
Attacker Value
Unknown
CVE-2019-16133
Disclosure Date: September 09, 2019 (last updated November 27, 2024)
An issue was discovered in eteams OA v4.0.34. Because the session is not strictly checked, the account names and passwords of all employees in the company can be obtained by an ordinary account. Specifically, the attacker sends a jsessionid value for URIs under app/profile/summary/.
0
Attacker Value
Unknown
CVE-2019-10272
Disclosure Date: April 30, 2019 (last updated November 27, 2024)
An issue was discovered in Weaver e-cology 9.0. There is a CRLF Injection vulnerability via the /workflow/request/ViewRequestForwardSPA.jsp isintervenor parameter, as demonstrated by the %0aSet-cookie: substring.
0
Attacker Value
Unknown
CVE-2012-5192
Disclosure Date: January 28, 2014 (last updated October 05, 2023)
Directory traversal vulnerability in gmap/view_overlay.php in Bitweaver 2.8.1 and earlier allows remote attackers to read arbitrary files via "''%2F" (dot dot encoded slash) sequences in the overlay_type parameter.
0
Attacker Value
Unknown
CVE-2012-5225
Disclosure Date: October 01, 2012 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in webscr.php in xClick Cart 1.0.1 and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the shopping_url parameter.
0
