Lucene search
+L

371 matches found

Prion
Prion
added 2023/12/30 8:15 a.m.13 views

Cross site scripting

LogoBee 0.2 allows updates.php?id= XSS...

5.8CVSS7.2AI score0.00411EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/12/30 12:0 a.m.3 views

LogoBee Cross-Site Scripting Vulnerability

LogoBee is a logo creation software from LogoBee Inc. in the United States. A cross-site scripting vulnerability exists in LogoBee version 0.2, which stems from the use of a special load that can lead to cross-site scripting...

6.1CVSS5.9AI score0.00411EPSS
Exploits1References2
CVE
CVE
added 2023/12/30 12:0 a.m.35 views

CVE-2023-52257

CVE-2023-52257 affects LogoBee 0.2 with a cross‑site scripting vulnerability in the updates.php?id= endpoint. The root cause is unsafe handling of the id parameter, enabling injected scripts to run in the application's context. Impact: XSS that can affect users interacting with the update interfa...

6.1CVSS6.3AI score0.00411EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/30 12:0 a.m.4 views

PT-2023-31944 · Logobee · Logobee

Name of the Vulnerable Software and Affected Versions: LogoBee version 0.2 Description: The issue allows for XSS in the updates.php?id= endpoint. Recommendations: For LogoBee version 0.2, as a temporary workaround, consider restricting access to the "updates.php?id=" endpoint until a patch is...

6.1CVSS6AI score0.00411EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2023/11/21 12:0 a.m.9 views

PT-2023-7082

Name of the Vulnerable Software and Affected Versions ownCloud owncloud/graphapi versions 0.2.x through 0.2.0 and versions 0.3.x through 0.3.0 Description The issue is related to the graphapi app in ownCloud, which relies on a third-party GetPhpInfo.php library. This library provides a URL that,...

10CVSS8.1AI score0.78428EPSS
Exploits5References94
Prion
Prion
added 2023/11/20 10:15 p.m.21 views

Code injection

An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote attacker to gain escalated privileges via crafted jwt JSON web token...

7.5CVSS7.5AI score0.00911EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/20 12:0 a.m.7 views

PT-2023-30716 · Unknown · Websiteguide

Name of the Vulnerable Software and Affected Versions: WebsiteGuide version 0.2 Description: An issue with insecure permissions in WebsiteGuide allows a remote attacker to gain escalated privileges by using a crafted JSON web token jwt. Recommendations: For WebsiteGuide version 0.2, consider...

9.8CVSS9.4AI score0.00911EPSS
Exploits0References5
CVE
CVE
added 2023/11/20 12:0 a.m.38 views

CVE-2023-48176

CVE-2023-48176 affects WebsiteGuide v0.2, where an insecure permissions issue could let a remote attacker escalate privileges by presenting a crafted JWT. Documents consistently describe this vulnerability across multiple feeds, listing WebsiteGuide 0.2 as the affected version and citing privileg...

9.8CVSS9.4AI score0.00911EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/07/11 2:15 p.m.4 views

CVE-2023-37656

WebsiteGuide v0.2 is vulnerable to Remote Command Execution RCE via image upload...

9.8CVSS7.4AI score0.01561EPSS
Exploits1References2
OSV
OSV
added 2023/04/23 10:15 a.m.5 views

CVE-2022-45361

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Boris Kuzmanov 0mk Shortener plugin = 0.2 versions...

4.8CVSS5.8AI score0.00394EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/04/23 12:0 a.m.5 views

WordPress Plugin 0mk Shortener 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.9CVSS6.2AI score0.00394EPSS
Exploits0References2
OSV
OSV
added 2023/03/20 11:15 a.m.2 views

CVE-2023-25795

Auth. admin+ Cross-Site Scripting XSS vulnerability in WP-master.Ir Feed Changer & Remover plugin = 0.2 versions...

4.8CVSS6.6AI score0.00369EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/03/20 12:0 a.m.6 views

WordPress Plugin master.Ir Feed Changer & Remover 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.9CVSS6.3AI score0.00369EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/20 12:0 a.m.5 views

PT-2023-20310 · WordPress · Wp-Master.Ir Feed Changer & Remover

Name of the Vulnerable Software and Affected Versions: WP-master.Ir Feed Changer & Remover plugin versions 0.2 and earlier Description: The issue is related to an authentication bypass and Cross-Site Scripting XSS vulnerability. This allows for potential malicious script injection, affecting the...

5.9CVSS5.8AI score0.00369EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/02/06 7:15 p.m.3 views

CVE-2022-2933

The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromkoptionspage function. This makes it possible for unauthenticated attackers to inject malicious web scripts vi...

8.8CVSS5.8AI score0.00512EPSS
Exploits1References3
Prion
Prion
added 2023/01/16 7:15 p.m.19 views

Improper access control

A vulnerability was found in Little Apps Little Software Stats. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file inc/class.securelogin.php of the component Password Reset Handler. The manipulation leads to improper access controls. The...

7.5CVSS7.1AI score0.00643EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2023/01/13 12:0 a.m.7 views

cool-php-captcha 跨站脚本漏洞

cool-php-captcha is an application by the individual developer LaoWei. A cross-site scripting vulnerability exists in version 0.2 of cool-php-captcha, which stems from unknown code in the file example-form.php, and can be exploited to cause cross-site scripting using the input of an action-specif...

6.1CVSS4.6AI score0.00747EPSS
Exploits1References6
Prion
Prion
added 2023/01/08 6:15 p.m.13 views

Sql injection

A vulnerability was found in mrtnmtth joomlamodeinsatzstats up to 0.2. It has been classified as critical. This affects the function getStatsByType of the file helper.php. The manipulation of the argument year leads to sql injection. Upgrading to version 0.3 is able to address this issue. The...

7.5CVSS8AI score0.00658EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/08 12:0 a.m.8 views

PT-2023-10335 · Joomla · Joomla Mod Einsatz Stats

Name of the Vulnerable Software and Affected Versions: joomla mod einsatz stats versions up to 0.2 Description: A critical issue was found, affecting the getStatsByType function in the helper.php file. The manipulation of the year argument leads to SQL injection. Recommendations: For versions up ...

9.8CVSS8.2AI score0.00658EPSS
Exploits0References6
CNVD
CNVD
added 2022/11/24 12:0 a.m.112 views

Unspecified Vulnerability in Super Xray

Super Xray is an excellent vulnerability scanning tool by 4ra1n individual developers. A security vulnerability exists in Super Xray version 0.2-beta Linux and Mac OS systems, which can be exploited by attackers to elevate privileges...

7.8CVSS7.6AI score0.00381EPSS
Exploits1References1
Rows per page
Query Builder