Lucene search
K

276 matches found

CNVD
CNVD
added 2020/09/04 12:0 a.m.2 views

vBulletin Cross-Site Scripting Vulnerability (CNVD-2020-50940)

vBulletin is a suite of forum programs that can be customized to suit your needs. A cross-site scripting vulnerability exists in the Admin CP in vBulletin 5.6.3. The vulnerability can be exploited by an attacker to conduct a cross-site scripting attack via the Smilie title of Smilies Manager...

4.8CVSS6.2AI score0.00553EPSS
Exploits1References1
CNVD
CNVD
added 2020/09/04 12:0 a.m.3 views

vBulletin Cross-Site Scripting Vulnerability (CNVD-2020-50939)

vBulletin is a suite of forum programs that can be customized to suit your needs. A cross-site scripting vulnerability exists in the Admin CP of vBulletin 5.6.3. The vulnerability can be exploited to conduct cross-site scripting attacks via the "Pay to subscribe to email notifications" field in t...

4.8CVSS6.3AI score0.00669EPSS
Exploits1References1
CNVD
CNVD
added 2020/09/04 12:0 a.m.3 views

vBulletin Cross-Site Scripting Vulnerability (CNVD-2020-50938)

vBulletin is a suite of forum programs that can be customized to suit your needs. A cross-site scripting vulnerability exists in the Admin CP in vBulletin 5.6.3. The vulnerability can be exploited to conduct cross-site scripting attacks via the admincp/search.php?do=dosearch URI...

4.8CVSS6.3AI score0.00553EPSS
Exploits1References1
CNVD
CNVD
added 2020/09/04 12:0 a.m.2 views

vBulletin Cross-Site Scripting Vulnerability (CNVD-2020-50935)

vBulletin is a suite of forum programs that can be customized to suit your needs. A cross-site scripting vulnerability exists in the Admin CP in vBulletin 5.6.3. The vulnerability can be exploited by an attacker to conduct a cross-site scripting attack via the Junior Member Title in the User Titl...

4.8CVSS6.2AI score0.00553EPSS
Exploits1References1
NVD
NVD
added 2020/09/03 6:15 p.m.10 views

CVE-2020-25124

The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI...

4.8CVSS4.9AI score0.00553EPSS
Exploits1References1
OSV
OSV
added 2020/09/03 6:15 p.m.1 views

CVE-2020-25124

The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI...

4.8CVSS5.8AI score0.00553EPSS
Exploits1References1
OSV
OSV
added 2020/09/03 6:15 p.m.2 views

CVE-2020-25120

The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI...

4.8CVSS5.8AI score0.00553EPSS
Exploits1References1
NVD
NVD
added 2020/09/03 6:15 p.m.14 views

CVE-2020-25122

The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager...

4.8CVSS4.8AI score0.00553EPSS
Exploits1References1
NVD
NVD
added 2020/09/03 6:15 p.m.14 views

CVE-2020-25118

The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager...

4.8CVSS4.8AI score0.00553EPSS
Exploits1References1
OSV
OSV
added 2020/09/03 6:15 p.m.4 views

CVE-2020-25117

The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager...

4.8CVSS5.8AI score0.00553EPSS
Exploits1References1
Prion
Prion
added 2020/09/03 6:15 p.m.11 views

Design/Logic Flaw

The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI...

3.5CVSS4.8AI score0.00553EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2020/08/09 7:15 p.m.18 views

CVE-2020-17451

flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 pagelinkname, pagetitle, pagecontent, or pageextracontent parameter, or the acp/acp.php?tn=system&sub=syspref prefspagename, prefspagetitle, or prefspagesubtitle parameter...

4.8CVSS5AI score0.00611EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2020/03/30 12:0 a.m.205 views

DesignMasterEvents CMS 1.0 SQL Injection / Cross Site Scripting

Exploit Title: DesignMasterEvents Conference management CMS SQL Injection Auth Bypass & XSS Vulnerability Google Dork: intext:"by :Design Master Events" Date: 2020-03-28 Exploit Author: @ThelastVvV Vendor Homepage: http://www.designmasterevents.com Version: 1.0 Tested on: Ubuntu...

0.4AI score
Exploits0
Prion
Prion
added 2020/03/12 2:15 p.m.14 views

Cross site scripting

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-articles.php by adding a question mark ? followed by the payload...

3.5CVSS4.9AI score0.00611EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2019/09/21 8:15 p.m.12 views

Cross site request forgery (csrf)

An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF...

5.8CVSS6.5AI score0.00472EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/08/12 10:15 p.m.3 views

CVE-2019-14976

iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter...

6.1CVSS6.3AI score0.00826EPSS
Exploits1References1
Prion
Prion
added 2019/05/22 6:29 p.m.28 views

Design/Logic Flaw

The database backup feature in upload/source/admincp/admincpdb.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code...

9CVSS8.9AI score0.10615EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2019/05/22 6:29 p.m.6 views

CVE-2018-14729

The database backup feature in upload/source/admincp/admincpdb.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code...

8.8CVSS6AI score0.10615EPSS
Exploits1References4
OSV
OSV
added 2019/04/22 11:29 a.m.3 views

CVE-2019-11426

An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter...

6.1CVSS6.3AI score0.00826EPSS
Exploits1References1
CNVD
CNVD
added 2019/01/31 12:0 a.m.2 views

idreamsoft iCMS Directory Traversal Vulnerability (CNVD-2019-12122)

iCMS is an efficient and simple content management system built with PHP and MySQL. A directory traversal vulnerability exists in admincp.php?app=apps&do=save in idreamsoft iCMS 7.0.13, which can be exploited to delete arbitrary folders with the help of the 'app=' parameter and uninstall requests...

7.5CVSS7.1AI score0.02476EPSS
Exploits1References1
Rows per page
Query Builder