CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2019/07/18 1:15 p.m.•13 views

Cross site request forgery (csrf)

6.8CVSS8.7AI score0.00141EPSS

Exploits1References1Affected Software1

CVE•added 2019/07/18 12:36 p.m.•49 views

CVE-2019-1010095

DomainMOD v4.10.0 is affected by a Cross-Site Request Forgery (CSRF) vulnerability in the admin/users/add.php component. The underlying issue enables an attacker to add an administrator account after the legitimate administrator logs in and visits the crafted page. Impact is described as enabling...

8.8CVSS8.7AI score0.00141EPSS

Exploits1References1Affected Software1

Cvelist•added 2019/07/18 12:36 p.m.•9 views

CVE-2019-1010095

8.8AI score0.00141EPSS

Exploits1References1

OSV•added 2019/01/16 4:29 a.m.•13 views

CVE-2016-10738

Zenbership v107 has CSRF via admin/cp-functions/event-add.php...

8.8CVSS7AI score

NVD•added 2019/01/16 4:29 a.m.•10 views

CVE-2016-10738

Zenbership v107 has CSRF via admin/cp-functions/event-add.php...

8.8CVSS8.8AI score0.00177EPSS

CVE•added 2019/01/16 4:0 a.m.•33 views

CVE-2016-10738

Zenbership v107 is affected by a CSRF vulnerability located at admin/cp-functions/event-add.php. The description explicitly states CSRF via that endpoint, indicating potential unauthorized operations could be triggered by attackers. No concrete patch/version remediation details are provided in th...

8.8CVSS8.7AI score0.00177EPSS

Exploits0References1Affected Software1

OSV•added 2018/11/29 10:29 p.m.•16 views

CVE-2018-19751

DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields...

4.8CVSS5.8AI score

Exploits0References2

NVD•added 2018/11/29 10:29 p.m.•8 views

CVE-2018-19751

DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields...

4.8CVSS4.9AI score0.00236EPSS

Exploits6References2

CVE•added 2018/11/29 10:0 p.m.•91 views

CVE-2018-19751

DomainMOD 4.11.01 contains a stored cross-site scripting vulnerability in the admin/ssl-fields/add.php page (Display Name, Description & Notes fields). The root cause is input processing that allows injected JavaScript to be stored and executed in the victim’s browser, with potential for session ...

4.8CVSS5.1AI score0.00236EPSS

Exploits6References2Affected Software1

NVD•added 2018/10/29 12:29 p.m.•11 views

CVE-2016-10732

ProjectSend formerly cFTP r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?fileid=1, or process-zip-download.php, or adduserform parameters to users-add.php...

9.8CVSS9.6AI score0.00403EPSS

NVD•added 2018/09/16 9:29 p.m.•8 views

CVE-2018-17090

An issue was discovered in DonLinkage 6.6.8. The modules /pages/bazy/bazyadresow.php and /pages/proxy/add.php are vulnerable to stored XSS that can be triggered by closing followed by tags...

5.4CVSS5.2AI score0.00206EPSS

Exploits1References1

Openbugbounty•added 2018/08/24 9:13 a.m.•7 views

maskay.com XSS vulnerability

Open Bug Bounty ID: OBB-668673 Description| Value ---|--- Affected Website:| maskay.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Openbugbounty•added 2016/11/03 12:30 a.m.•7 views

kboing.com.br XSS vulnerability

Vulnerable URL: http://www.kboing.com.br/meu-canal/add.php?url=alert/OPENBUGBOUNTY/...

6.9AI score

seebug.org•added 2015/05/10 12:0 a.m.•23 views

ThinkSAAS 最新版注入

简要描述： ThinkSAAS 2.4 详细说明： app\group\action\add.php 60行开始 // 执行发布帖子 case "do" : ......省略...... $groupid = intval $POST 'groupid' ; $title = trim $POST 'title' ; $content = tsClean $POST 'content' ; $typeid = intval $POST 'typeid' ; $tag = $POST 'tag'; ......省略...... // 处理@用户名 if pregmatchall '/@/'...

7AI score

seebug.org•added 2015/03/30 12:0 a.m.•21 views

thinksaas最新版xss2

简要描述：详细说明： \app\group\action\add.php // 执行发布帖子 case "do" : if $POST 'token' != $SESSION 'token' tsNotice '非法操作！' ; $authcode = strtolower $POST 'authcode' ; if $TSSITE 'base' 'isauthcode' if $authcode != $SESSION 'verify' tsNotice "验证码输入有误，请重新输入！" ; $groupid = intval $POST 'groupid' ; $title =...

seebug.org•added 2014/07/01 12:0 a.m.•11 views

saphp Lesson add.php forumid Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/15185/info saphp Lesson is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...

seebug.org•added 2014/07/01 12:0 a.m.•25 views

PHPRank 1.8 Add.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5945/info phpRank is a freely available web site link sharing script. It is available for Unix, Linux, and Microsoft operating systems. It has been reported that phpRank is vulnerable to cross-site scripting attacks. Unde...

seebug.org•added 2014/07/01 12:0 a.m.•14 views

myBloggie 2.1.2/2.1.3 add.php trackback_url Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...