CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

58 matches found

NVD•added 2022/03/21 10:15 p.m.•7 views

CVE-2022-27090

Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter...

5.4CVSS0.00134EPSS

Exploits1References1

OSV•added 2022/03/21 10:15 p.m.•2 views

CVE-2022-27090

Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter...

5.4CVSS6.1AI score0.00134EPSS

Exploits1References1

Prion•added 2022/03/21 10:15 p.m.•11 views

Design/Logic Flaw

Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter...

4.9CVSS5.5AI score0.00134EPSS

Exploits1References1Affected Software1

Cvelist•added 2022/03/21 9:5 p.m.•8 views

CVE-2022-27090

Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter...

5.8AI score0.00134EPSS

Exploits1References1

CNNVD•added 2022/03/21 12:0 a.m.•1 views

CScms 输入验证错误漏洞

CScms is a content management system CMS developed on a CI framework. A security vulnerability exists in CScms Music Portal System v4.2, which stems from a backurl parameter that causes a redirect. No details of the vulnerability are available at this time...

5.4CVSS5.5AI score0.00134EPSS

Exploits1References2

NVD•added 2021/11/03 5:15 p.m.•7 views

CVE-2020-20982

Cross Site Scripting XSS vulnerability in shadoweb wdja v1.5.1, allows attackers to execute arbitrary code and gain escalated privileges, via the backurl parameter to /php/passport/index.php...

9.6CVSS0.31953EPSS

Exploits0References1

OSV•added 2021/11/03 5:15 p.m.•2 views

CVE-2020-20982

Cross Site Scripting XSS vulnerability in shadoweb wdja v1.5.1, allows attackers to execute arbitrary code and gain escalated privileges, via the backurl parameter to /php/passport/index.php...

9.6CVSS7.5AI score

Exploits0References1

Prion•added 2021/11/03 5:15 p.m.•13 views

Cross site scripting

Cross Site Scripting XSS vulnerability in shadoweb wdja v1.5.1, allows attackers to execute arbitrary code and gain escalated privileges, via the backurl parameter to /php/passport/index.php...

6.8CVSS8.6AI score0.31953EPSS

Exploits0References1Affected Software1

CNNVD•added 2021/11/03 12:0 a.m.•3 views

shadow 跨站脚本漏洞

shadow is a suite of tools for maintaining Debian systems. A cross-site scripting vulnerability exists in shadow web wdja, which stems from the product's /php/passport/index.php file failing to properly handle data in the backurl parameter. An attacker could use this vulnerability to execute...

9.6CVSS8.1AI score0.31953EPSS

Exploits0References2

Hacker One•added 2018/05/31 1:22 p.m.•18 views

Mail.ru: [account.mail.ru] XSS на странице удаления аккаунта через backUrl

Недостаточная валидация параметра backUrl даёт возможность указать javascript-ссылку: https://account.mail.ru/user/delete?backUrl=javascript:alertdocument.domain javascript getBackUrl: function url return /^http/.testurl ? url : this.urlData.backUrl || this.config.get'backUrl' ||...

7.2AI score

Exploits0

Packet Storm•added 2015/05/28 12:0 a.m.•40 views

IBM Cognos Business Intelligence Developer 10.2.1 Open Redirect

IBM Cognos Business Intelligence Developer 10.2.1 backURL Open Redirect Vendor: IBM Corporation Product web page: http://www.ibm.com Affected version: 10.2.1 Build 10.2.5000.267 Trial Summary: IBM Cognos Business Intelligence is a web-based, integrated business intelligence suite by IBM. It...

0.2AI score

Exploits0

Tenable Nessus•added 2014/10/17 12:0 a.m.•34 views

Oracle Identity Manager (October 2014 CPU

The remote host is missing the October 2014 Critical Patch Update for Oracle Identity Manager. It is, therefore, affected by multiple vulnerabilities : - The application is affected by a vulnerability in Apache Commons BeanUtils in which ClassLoader objects can be set via the class attribute of a...

7.5CVSS7.1AI score0.92332EPSS

Exploits4References4

OSV•added 2011/08/19 9:55 p.m.•1 views

DEBIAN-CVE-2011-2904

Cross-site scripting XSS vulnerability in acknow.php in Zabbix before 1.8.6 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter...

4.3CVSS5.7AI score0.00765EPSS

Exploits1References1

NVD•added 2011/08/19 9:55 p.m.•12 views

CVE-2011-2904

Cross-site scripting XSS vulnerability in acknow.php in Zabbix before 1.8.6 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter...

4.3CVSS5.5AI score0.00765EPSS

Exploits1References11

UbuntuCve•added 2011/08/19 9:55 p.m.•24 views

CVE-2011-2904

Cross-site scripting XSS vulnerability in acknow.php in Zabbix before 1.8.6 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter...

4.3CVSS6AI score0.00765EPSS

Exploits1References1

Cvelist•added 2011/08/19 9:0 p.m.•17 views

CVE-2011-2904

Cross-site scripting XSS vulnerability in acknow.php in Zabbix before 1.8.6 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter...

5.4AI score0.00765EPSS

Exploits1References11

Cvelist•added 2010/05/11 11:0 p.m.•12 views

CVE-2010-1905

Multiple cross-site scripting XSS vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to...

5.8AI score0.03287EPSS

Exploits1References7

Cvelist•added 2007/11/15 12:0 a.m.•16 views

CVE-2007-5979

Cross-site scripting XSS vulnerability in downloadplugin.php3 in F5 Firepass 4100 SSL VPN 5.4 through 5.5.2 and 6.0 through 6.0.1 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter...

5.7AI score0.13212EPSS

Exploits0References10

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by