Lucene search
+L

36 matches found

cvelist
cvelist
added 2023/11/20 12:0 a.m.25 views

CVE-2023-38883

A reflected cross-site scripting XSS vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' parameter in 'ParentLookup.php'...

6.2AI score0.00631EPSS
Exploits0References3
osv
osv
added 2023/06/20 4:15 p.m.7 views

CVE-2023-3340

A vulnerability was found in SourceCodester Online School Fees System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajx.php of the component GET Parameter Handler. The manipulation of the argument namestartsWith leads to sql injection. The attack...

9.8CVSS5.7AI score0.00841EPSS
Exploits1References3
osv
osv
added 2023/01/02 10:15 p.m.7 views

CVE-2022-4297

The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection...

9.8CVSS5.8AI score0.03595EPSS
Exploits5References2
attackerkb
attackerkb
added 2022/07/17 11:15 a.m.8 views

CVE-2022-1933

The CDI WordPress plugin before 5.1.9 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.4AI score0.01566EPSS
Exploits2References3
attackerkb
attackerkb
added 2022/07/11 1:15 p.m.6 views

CVE-2022-1057

The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection...

9.8CVSS7.9AI score0.07942EPSS
Exploits2References3
osv
osv
added 2022/07/11 1:15 p.m.5 views

CVE-2022-1057

The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection...

9.8CVSS5.8AI score0.07942EPSS
Exploits2References1
cnnvd
cnnvd
added 2022/04/25 12:0 a.m.6 views

WordPress plugin Master Elements SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Master Elements 8.0 and earlier versions are vulnerable to SQL injection, which stems from t...

9.8CVSS5.9AI score0.07097EPSS
Exploits2References3
cnnvd
cnnvd
added 2021/03/18 12:0 a.m.8 views

Wordpress Load More SQL注入漏洞

Wordpress Load More is Wordpress an open source application plugin . Provide a load more items function . WordPress Load More plugin before 5.3.2 SQL injection vulnerability exists , the vulnerability stems from /wp-admin/admin-ajax.php repeater parameter or type=test parameter...

7.2CVSS7.3AI score0.01205EPSS
Exploits1References2
cnvd
cnvd
added 2021/01/08 12:0 a.m.8 views

MK-AUTH Cross-Site Scripting Vulnerability

MK-AUTH is an access control system developed by Pedro Filho, an individual developer in Brazil. A cross-site scripting vulnerability exists in MK-AUTH through version 19.01 K4.9, which originates in the tipo parameter of the admin log ajax.php. An attacker can exploit the vulnerability to read t...

8.8CVSS6.2AI score0.00528EPSS
Exploits2References1
osv
osv
added 2020/01/17 11:15 p.m.6 views

CVE-2020-7104

The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php totalquestions parameter...

6.1CVSS6.4AI score0.01607EPSS
Exploits2References1
nvd
nvd
added 2020/01/15 2:15 p.m.14 views

CVE-2011-4336

Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarfajax.php...

6.1CVSS6AI score0.07652EPSS
Exploits1References2
nvd
nvd
added 2019/10/08 1:15 p.m.20 views

CVE-2019-17271

vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter...

4.9CVSS5.8AI score0.01447EPSS
Exploits2References2
osv
osv
added 2019/04/26 10:29 p.m.6 views

CVE-2019-11557

The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $POST'action' value and the $GET'action' value, and the...

8.8CVSS7.3AI score0.01058EPSS
Exploits1References4
zdt
zdt
added 2018/03/20 12:0 a.m.73 views

WordPress Site Editor 1.1.1 Local File Inclusion Vulnerability

Exploit for php platform in category web applications Product: Site Editor Wordpress Plugin - https://wordpress.org/plugins/site-editor/ Vendor: Site Editor Tested version: 1.1.1 CVE ID: CVE-2018-7422 CVE description A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for...

7.5AI score0.63102EPSS
Exploits7
osv
osv
added 2018/01/13 12:29 a.m.3 views

CVE-2018-5654

An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php PFFREEAccessToken parameter...

6.1CVSS5.8AI score0.00954EPSS
Exploits1References2
seebug
seebug
added 2016/10/11 12:0 a.m.23 views

Joomla Huge-IT Video Gallery 1.0.9 ajax_url.php parameter galleryid SQL injection vulnerability

No description provided by source...

7.1AI score
Exploits0
Rows per page
Query Builder