Cyberthreat Blog

An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save (reachable via the index.php?id=book URI).

An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc.

An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the ” substring, as demonstrated by testmxml.

SEMCMS 3.5 has XSS via the first text box to the SEMCMS_Main.php URI.

S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI.

YzmCMS v5.2 has admin/role/add.html CSRF.

PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI.

DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field.

DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field.

DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.