CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1285 matches found

NVD•added 2024/03/07 2:15 a.m.•11 views

CVE-2024-24389

A cross-site scripting XSS vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter...

6.1CVSS5.6AI score0.00181EPSS

Exploits0References1

Prion•added 2024/03/07 2:15 a.m.•12 views

Cross site scripting

A cross-site scripting XSS vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter...

6AI score0.00181EPSS

Exploits0References1

Vulnrichment•added 2024/03/07 12:0 a.m.•11 views

CVE-2024-24389

A cross-site scripting XSS vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter...

5.9AI score0.00181EPSS

Exploits0References1

Cvelist•added 2024/03/07 12:0 a.m.•12 views

CVE-2024-24389

A cross-site scripting XSS vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter...

5.7AI score0.00181EPSS

Exploits0References1

CNNVD•added 2024/03/07 12:0 a.m.•2 views

XunRuiCMS Security Vulnerability

XunRuiCloud Software Development XunRuiCMS XunRuiCMS is an open source content management system CMS from China's XunRuiCloud Software Development Company. A security vulnerability exists in XunRuiCMS v4.6.2 and earlier versions, which stems from a cross-site scripting XSS vulnerability. An...

6.1CVSS5.7AI score0.00181EPSS

Exploits0References2

OSV•added 2024/03/06 11:6 a.m.•26 views

BIT-SQLITE-2020-9327

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations...

7.5CVSS7.9AI score0.00951EPSS

Exploits0References12

OSV•added 2024/03/06 10:55 a.m.•12 views

BIT-LARAVEL-2020-24941

An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions...

7.5CVSS7.4AI score0.00214EPSS

Exploits0References2

Github Security Blog•added 2024/03/01 8:9 p.m.•22 views

Budibase affected by VM2 Constructor Escape Vulnerability

Impact Previously, budibase used a library called vm2 for code execution inside the Budibase builder and apps, such as the UI below for configuring bindings in the design section. Due to a vulnerability in vm2, any environment that executed the code server side automations and column formulas was...

8AI score

Exploits0References4Affected Software1

Positive Technologies•added 2024/02/07 12:0 a.m.•4 views

PT-2024-20229 · Jsherp · Jsherp

Name of the Vulnerable Software and Affected Versions: jshERP version 3.3 Description: The issue concerns a SQL Injection vulnerability. Specifically, the findInOutMaterialCount function in com.jsh.erp.controller.DepotHeadController does not adequately filter the column and order parameters,...

9.8CVSS9.5AI score0.001EPSS

Exploits1References7

CNNVD•added 2024/02/06 12:0 a.m.•3 views

jshERP SQL Injection Vulnerability

jshERP Huaxia ERP is a homegrown ERP system developed by a Chinese individual developer, Ji Sheng Hua. A SQL injection vulnerability exists in jshERP v3.3, which is caused by insufficient filtering of the "column" and "order" parameters...

9.8CVSS8AI score0.00127EPSS

Exploits1References4

wpexploit•added 2024/01/31 12:0 a.m.•139 views

MapPress < 2.88.17 - Contributor+ Stored XSS via Map Settings

Description The plugin is vulnerable to Stored Cross-Site Scripting via the width and height parameters, allowing with contributor access and above to perform Stored XSS attacks - Go to Plugin’s page /wp-admin/admin.php?page=mappressmaps - Add New Map and search any location you want. - Add XSS...

4.9CVSS5.8AI score0.00119EPSS

Exploits2References2

OSV•added 2024/01/16 1:15 a.m.•2 views

CVE-2023-47460

SQL injection vulnerability in Knovos Discovery v.22.67.0 allows a remote attacker to execute arbitrary code via the /DiscoveryProcess/Service/Admin.svc/getGridColumnStructure component...

8.8CVSS6.1AI score0.13759EPSS

Exploits1References2

CNNVD•added 2024/01/16 12:0 a.m.•3 views

Knovos Discovery Security Vulnerability

Knovos Discovery is a comprehensive legal discovery platform from Knovos. A security vulnerability exists in Knovos Discovery version v.22.67.0, which stems from the presence of a SQL injection vulnerability that allows remote attackers to execute arbitrary code via the...

8.8CVSS8.7AI score0.13759EPSS

Exploits1References3

Veracode•added 2023/12/13 5:41 a.m.•18 views

Cross-site Scripting (XSS)

jfinal is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the column management department of the library, allowing an attacker to inject and execute malicious JavaScript...

5.4CVSS6.5AI score0.00098EPSS

Exploits0References2Affected Software1

Github Security Blog•added 2023/12/08 3:30 p.m.•23 views

Cross-site Scripting in JFinalCMS

JFinalCMS v5.0.0 was discovered to contain a cross-site scripting XSS vulnerability in the column management department...

5.4CVSS6.1AI score0.00098EPSS

Exploits0References3Affected Software1

OSV•added 2023/12/08 3:30 p.m.•2 views

GHSA-F2W8-4M48-5QRQ Cross-site Scripting in JFinalCMS

JFinalCMS v5.0.0 was discovered to contain a cross-site scripting XSS vulnerability in the column management department...

5.4CVSS5.8AI score0.00098EPSS

Exploits0References3