Lucene search
K

9 matches found

CNVD
CNVD
added 2020/11/23 12:0 a.m.2 views

Sentrifugo Code Issue Vulnerability

Sentrifugo is a human resource management system. The system includes functions for human resources management, performance appraisal, recruitment management and asset management. A security vulnerability exists in Sentrifugo version 3.2, which is caused by a user being able to upload images unde...

8.8CVSS7AI score0.01394EPSS
Exploits1References1
OSV
OSV
added 2020/11/12 7:15 p.m.2 views

CVE-2020-26803

In Sentrifugo 3.2, users can upload an image under "Assets - Add" tab. This "Upload Images" functionality is suffered from "Unrestricted File Upload" vulnerability so attacker can upload malicious files using this functionality and control the server...

8.8CVSS7.3AI score0.01394EPSS
Exploits1References1
CNVD
CNVD
added 2018/12/11 12:0 a.m.6 views

DomainMOD cross-site scripting vulnerability (CNVD-2019-07965)

DomainMOD is an open source application for managing your domain names and other Internet assets in a central location. DomainMOD 4.11.01 suffers from a cross-site scripting vulnerability that can be exploited by an attacker via the assets/add/category.php Category Name or Stakeholder fields...

4.8CVSS8.1AI score0.04428EPSS
Exploits6References1
NVD
NVD
added 2018/12/10 9:29 a.m.23 views

CVE-2018-20011

DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field...

4.8CVSS4.9AI score0.04428EPSS
Exploits6References2
OSV
OSV
added 2018/12/10 9:29 a.m.17 views

CVE-2018-20011

DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field...

4.8CVSS5.7AI score
Exploits0References2
Cvelist
Cvelist
added 2018/12/06 7:0 p.m.33 views

CVE-2018-19914

DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field...

5.3AI score0.03316EPSS
Exploits5References2
Cvelist
Cvelist
added 2018/11/29 10:0 p.m.29 views

CVE-2018-19752

DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar...

5.3AI score0.03316EPSS
Exploits6References2
Prion
Prion
added 2017/09/15 6:29 p.m.17 views

Code injection

SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by 1 the Insert Media option in the content editor or 2 an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017...

4.3CVSS5.9AI score0.01304EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2017/09/15 6:29 p.m.22 views

CVE-2017-14498

SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by 1 the Insert Media option in the content editor or 2 an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017...

6.1CVSS5.8AI score
Exploits0References4
Rows per page
Query Builder