Lucene search
K

31 matches found

Vulnrichment
Vulnrichment
added 2026/03/05 5:31 a.m.3 views

CVE-2026-30777

EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication MFA bypass vulnerability. An attacker who has obtained a valid administrator ID and password may be able to bypass two-factor authentication and gain unauthorized access to the administrative page...

6.9CVSS5.8AI score0.00339EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-4614

Malware in sbrugna...

3.5CVSS6.4AI score0.01019EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-22417

Malicious code in bioql PyPI...

5.3CVSS4.9AI score0.00286EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-52838

Malicious code in bioql PyPI...

4.8CVSS5.5AI score0.00326EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/23 4:38 a.m.9 views

CVE-2025-43881

Improper validation of specified quantity in input issue exists in Real-time Bus Tracking System versions prior to 1.1. If exploited, a denial of service DoS condition may be caused by an attacker who can log in to the administrative page of the affected product...

5.3CVSS0.00286EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:40 a.m.4 views

CVE-2024-55864

Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver 1.24.1. If a malicious administrative user customizes the administrative page with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing...

4.8CVSS5AI score0.00326EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:39 p.m.8 views

CVE-2020-5679

Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted...

6.1CVSS6.7AI score0.00655EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/13 12:0 a.m.10 views

CVE-2023-42243

In Selesta Visual Access Manager 4.42.2, an authenticated user can access the administrative page /common/vamSql.php, which allows for arbitrary SQL queries...

5.8AI score0.00231EPSS
Exploits0References1
CVE
CVE
added 2025/01/13 12:0 a.m.38 views

CVE-2023-42243

In Selesta Visual Access Manager, versions prior to 4.42.2 are affected. An authenticated user can access the administrative page /common/vam_Sql.php and execute arbitrary SQL queries due to lack of validation of externally entered SQL statements. The impact is potential data exposure or modifica...

5.4CVSS7.5AI score0.00231EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/12/17 5:15 a.m.7 views

CVE-2024-55864

Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver 1.24.1. If a malicious administrative user customizes the administrative page with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing...

4.8CVSS0.00326EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/17 4:43 a.m.15 views

CVE-2024-55864

Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver 1.24.1. If a malicious administrative user customizes the administrative page with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing...

4.8CVSS0.00326EPSS
Exploits0References3
CVE
CVE
added 2024/12/17 4:43 a.m.44 views

CVE-2024-55864

CVE-2024-55864 is a Cross-Site Scripting vulnerability in My WP Customize Admin/Frontend. Affected versions are before 1.24.1 (WordPress plugin). The issue could allow an authenticated attacker to inject arbitrary JavaScript that runs in other users’ browsers (CVSS 3.0 base 4.8, MEDIUM). Red Hat/...

4.8CVSS6.5AI score0.00326EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/17 4:43 a.m.7 views

CVE-2024-55864

Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver 1.24.1. If a malicious administrative user customizes the administrative page with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing...

4.8CVSS6.7AI score0.00326EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/26 7:38 a.m.30 views

CVE-2024-36249

Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs multifunction printers. If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names,...

7.4CVSS0.00527EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/10/15 12:0 a.m.2 views

SourceCodester Online Eyewear Shop 跨站脚本漏洞

SourceCodester Online Eyewear Shop is a SourceCodester open source online eyewear store website project developed using PHP and MySQL, which provides an online shopping and ordering platform for the eyewear business and its potential customers. A cross-site scripting vulnerability exists in...

5.1CVSS3.8AI score0.00402EPSS
Exploits1References6
OSV
OSV
added 2024/02/20 7:15 a.m.5 views

CVE-2023-44308

Open redirect vulnerability in adaptive media administration page in Liferay DXP 2023.Q3 before patch 6, and 7.4 GA through update 92 allows remote attackers to redirect users to arbitrary external URLs via the comliferayadaptivemediawebportletAMPortletredirect parameter...

6.1CVSS5.9AI score0.00385EPSS
Exploits0References1
Prion
Prion
added 2023/07/31 10:15 a.m.21 views

Cross site scripting

The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen...

5.8CVSS6.2AI score0.00852EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2022/06/15 12:0 a.m.24 views

WordPress Themify plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of the WordPress Themify plugin prior to 1.3.8. The...

6.1CVSS2AI score0.00815EPSS
Exploits2References1
CNVD
CNVD
added 2022/05/25 12:0 a.m.13 views

WordPress Domain Replace plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Domain Replace plugin, which stems from the...

6.1CVSS2.2AI score0.00757EPSS
Exploits2References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/15 12:0 a.m.39 views

JVN#79254445: Multiple ETUNA EC-CUBE plugins vulnerable to cross-site scripting

Multiple EC-CUBE plugins provided by ETUNA contain a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by executing a specific operation on the management page of EC-CUBE. As of 2021 June 15, an attack exploting this vulnerability has been observed in the wild. Impact...

6.1CVSS6.1AI score0.01121EPSS
Exploits0
Rows per page
Query Builder