Lucene search
K

18 matches found

SUSE CVE
SUSE CVE
added 2026/03/05 6:54 a.m.2 views

SUSE CVE-2025-70963

Gophish =0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user's long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...

7.6CVSS5.8AI score0.00267EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-9568

Malware in sbrugna...

4.3CVSS4.8AI score0.01016EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-30240

Malware in sbrugna...

6.5CVSS6.5AI score0.00468EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 3:44 p.m.17 views

CVE-2020-9419

Multiple stored cross-site scripting XSS vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domainname parameters present in the LAN configuration section of the administrative dashboard...

5.4CVSS5.7AI score0.0048EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/20 6:35 a.m.25 views

CVE-2020-36698 Security & Malware scan by CleanTalk <= 2.50 - Missing Authorization

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes...

8.8CVSS8.4AI score0.00964EPSS
Exploits1References3
NVD
NVD
added 2022/12/14 1:15 a.m.18 views

CVE-2020-9419

Multiple stored cross-site scripting XSS vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domainname parameters present in the LAN configuration section of the administrative dashboard...

5.4CVSS0.0048EPSS
Exploits0References1
Prion
Prion
added 2022/12/14 1:15 a.m.18 views

Default credentials

The login password of the web administrative dashboard in Arcadyan Wifi routers VRV9506JAC23 is sent in cleartext, allowing an attacker to sniff and intercept traffic to learn the administrative credentials to the router...

4CVSS6.6AI score0.00468EPSS
Exploits1References1
Prion
Prion
added 2022/12/14 1:15 a.m.26 views

Cross site scripting

Multiple stored cross-site scripting XSS vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domainname parameters present in the LAN configuration section of the administrative dashboard...

4.9CVSS5.4AI score0.0048EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/12/14 12:0 a.m.6 views

CVE-2020-9419

Multiple stored cross-site scripting XSS vulnerabilities in Arcadyan Wifi routers VRV9506JAC23 allow remote attackers to inject arbitrary web script or HTML via the hostName and domainname parameters present in the LAN configuration section of the administrative dashboard...

5.9AI score0.0048EPSS
Exploits0References1
CVE
CVE
added 2022/12/14 12:0 a.m.42 views

CVE-2020-9419

CVE-2020-9419 affects Arcadyan Wifi routers VRV9506JAC23. The stored XSS flaws occur in the LAN configuration section of the administrative dashboard, exploitable via hostName and domain_name parameters in the LAN config. Impact: remote XSS with payloads injected into admin UI; exploitation requi...

5.4CVSS5.3AI score0.0048EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/10/11 12:0 a.m.3 views

Merchandise Online Store 安全漏洞

Merchandise Online Store is a Merchandise Online Store system by Carlo Montero Personal Developer. A security vulnerability exists in Merchandise Online Store version v.1.0, which stems from a vertical privilege escalation issue that allows an attacker to access the administrative dashboard...

8.8CVSS7.9AI score0.00827EPSS
Exploits1References2
Prion
Prion
added 2019/12/26 3:15 a.m.16 views

Privilege escalation

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a privilege bypass flaw that allowed authenticated users Subscriber or greater access to send test emails from the administrative dashboard on behalf of an administrator. This occurs because the plugin registers a wpajax...

4CVSS4.6AI score0.01016EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/12/26 2:26 a.m.14 views

CVE-2019-19980

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a privilege bypass flaw that allowed authenticated users Subscriber or greater access to send test emails from the administrative dashboard on behalf of an administrator. This occurs because the plugin registers a wpajax...

4.3CVSS4.9AI score0.01016EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2019/01/10 12:0 a.m.13 views

Ninja Forms <= 3.3.21 - XSS and SQLi

Reflected XSS vulnerability in the administrative dashboard. Blind SQL injection vulnerability in the search filter on the submissions page...

1.8AI score
Exploits0Affected Software1
OSV
OSV
added 2018/04/13 5:29 a.m.3 views

CVE-2018-10086

CMS Made Simple CMSMS through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses "eval'function testfunction'.rand" and it is possible to bypass certain restrictions on these "testfunction" functions...

7.2CVSS6.3AI score
Exploits0References1
Hacker One
Hacker One
added 2017/10/08 3:56 p.m.16 views

X (Formerly Twitter): Blind XSS in Mobpub Marketplace Admin Production | Sentry via demand.mopub.com (User-Agent)

Summary: I've identified a Blind XSS vulnerability that fires in the Mobpub Marketplace Admin Production | Sentry dashboard and can be triggered by sending a HTTPS request to an endpoint from the domain demand.mopub.com. Description: I've sent the following HTTPS request to the following URL...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2016/03/26 12:11 a.m.36 views

Uber: Stored XSS in drive.uber.com WordPress admin panel

There is another bug in the All In One Event Calendar plugin used on drive.uber.com. An attacker can inject arbitrary JavaScript in the administrative Dashboard of WordPress. The script would be evaluated under administrator privileges as only logged-in administrators can view the Dashboard. Such...

6.5AI score
Exploits0
Cisco
Cisco
added 2015/10/26 12:0 a.m.30 views

Cisco Secure Access Control Server Role-Based Access Control URL Lack of Protection Vulnerability

A vulnerability in the role-based access control RBAC implementation of the Cisco Secure Access Control Server ACS could allow an authenticated, remote attacker to impact the integrity of the system by modifying dashboard portlets that should be restricted. The vulnerability is due to improper...

4CVSS6.5AI score0.0137EPSS
Exploits0References1
Rows per page
Query Builder