Lucene search
K

47 matches found

Cvelist
Cvelist
added 2021/08/26 5:28 p.m.24 views

CVE-2020-18469

Stored cross-site scripting XSS vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to...

5.2AI score0.00544EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/08/26 5:28 p.m.32 views

CVE-2020-18467

Cross Site Scripting XSS vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create...

5.1AI score0.00473EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/08/26 12:0 a.m.5 views

Rukovoditel 跨站脚本漏洞

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management, customer relationship management and other features. A cross-site scripting vulnerability exists in Rukovoditel, which stems from the failure of the Name of...

5.4CVSS5.7AI score0.00515EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/08/26 12:0 a.m.5 views

Rukovoditel 跨站脚本漏洞

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management, customer relationship management and other functions. A cross-site scripting vulnerability exists in Rukovoditel, which stems from the lack of valid validation...

5.4CVSS5.5AI score0.00544EPSS
Exploits1References3
NVD
NVD
added 2021/08/03 7:15 p.m.23 views

CVE-2021-36703

The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send an authenticated post HTTP request to admin/config and inject arbitrary web script or HTML through a special website...

6.1CVSS0.00931EPSS
Exploits1References1
OSV
OSV
added 2021/08/03 7:15 p.m.28 views

CVE-2021-36702

The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send authenticated post-http requests to add / content and inject arbitrary web scripts or HTML through...

6.1CVSS5.7AI score
Exploits0References1
OSV
OSV
added 2021/08/03 7:15 p.m.22 views

CVE-2021-36703

The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send an authenticated post HTTP request to admin/config and inject arbitrary web script or HTML through a special website...

6.1CVSS5.6AI score
Exploits0References1
Prion
Prion
added 2021/08/03 7:15 p.m.17 views

Cross site scripting

The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send authenticated post-http requests to add / content and inject arbitrary web scripts or HTML through...

4.3CVSS5.9AI score0.00931EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/08/03 7:15 p.m.15 views

Cross site scripting

The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send an authenticated post HTTP request to admin/config and inject arbitrary web script or HTML through a special website...

4.3CVSS5.9AI score0.00931EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/08/03 6:3 p.m.23 views

CVE-2021-36702

The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send authenticated post-http requests to add / content and inject arbitrary web scripts or HTML through...

6.1AI score0.00931EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/08/03 12:0 a.m.6 views

HTMLy 跨站脚本漏洞

HTMLy is a PHP-based open source blogging platform. A cross-site scripting vulnerability exists in htmly version 2.8.1, which can be exploited by remote attackers to send an authenticated post request to admin/config and inject arbitrary web script or HTML...

6.1CVSS5.8AI score0.00931EPSS
Exploits1References1
CNNVD
CNNVD
added 2020/12/10 12:0 a.m.7 views

Netflix Spinnaker Code Issue Vulnerability

Netflix Spinnaker is a continuous delivery platform from the American company Netflix. The platform serves as a cloud platform deployment tool that supports Google, Microsoft, Pivotal, and other cloud platforms, providing out-of-the-box cluster management and deployment capabilities. Netflix...

8.8CVSS7.5AI score0.01504EPSS
Exploits0References2
wpexploit
wpexploit
added 2020/09/29 12:0 a.m.699 views

Slider by 10Web < 1.2.36 - Multiple Authenticated SQL Injection

The bulkaction, exportfull and savesliderdb functionalities of the plugin were vulnerable, allowing a high privileged user Admin, or medium one such as Contributor+ if "Role Options" is turn on for other users to perform a SQL Injection attacks. Vulnerable param: check Vulnerable function:...

1.7AI score0.02586EPSS
Exploits2References1
OSV
OSV
added 2020/03/11 10:27 p.m.6 views

CVE-2019-5160

An exploitable improper host validation vulnerability exists in the Cloud Connectivity functionality of WAGO PFC200 Firmware versions 03.02.0214, 03.01.0713, and 03.00.3912. A specially crafted HTTPS POST request can cause the software to connect to an unauthorized host, resulting in unauthorized...

9.1CVSS7.3AI score0.02672EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/10/31 2:55 a.m.22 views

CVE-2019-17551

In Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5, an attacker can send an authenticated POST request with a malicious payload to /WFS/agreementView.faces allowing a stored XSS via the mainForm:loanNotesnotes:0:richtexteditornotetext parameter in the Notes section. Although versions...

5.9AI score0.00655EPSS
Exploits0References2
OSV
OSV
added 2018/12/03 10:29 p.m.3 views

CVE-2018-4020

An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated...

7.2CVSS6.1AI score0.48721EPSS
Exploits1References1
NVD
NVD
added 2018/12/03 10:29 p.m.15 views

CVE-2018-4020

An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated...

7.2CVSS7.4AI score0.48721EPSS
Exploits1References1
OSV
OSV
added 2018/12/03 10:29 p.m.2 views

CVE-2018-4019

An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated...

7.2CVSS6.1AI score0.48721EPSS
Exploits1References1
NVD
NVD
added 2018/12/03 10:29 p.m.16 views

CVE-2018-4019

An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated...

7.2CVSS7.4AI score0.48721EPSS
Exploits1References1
OSV
OSV
added 2018/12/03 10:29 p.m.4 views

CVE-2018-4021

An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated...

7.2CVSS6.1AI score0.7221EPSS
Exploits1References1
Rows per page
Query Builder