Lucene search
K

49 matches found

CNNVD
CNNVD
added 2024/01/26 12:0 a.m.5 views

Cups Easy 跨站脚本漏洞

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the currencyid parameter on the /cupseasylive/currencycreate.php page. An attacker coul...

8.2CVSS7AI score0.00437EPSS
Exploits0References2
OSV
OSV
added 2023/10/25 9:13 p.m.23 views

GHSA-GHF6-2F42-MJH9 XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title

Impact In XWiki, it is possible to pass a title to the page creation action that isn't displayed at first but then executed in the second step. This can be used by an attacker to trick a victim to execute code, allowing script execution if the victim has script right or remote code execution...

9CVSS8.8AI score0.01741EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/10/25 7:29 p.m.14 views

CVE-2023-45135 XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In org.xwiki.platform:xwiki-platform-web versions 7.2-milestone-2 until 14.10.12 and org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.12 and 15.5-rc-1, it is possible to...

9CVSS8AI score0.01741EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/10/25 7:8 p.m.17 views

CVE-2023-45134 XWiki Platform XSS vulnerability from account in the create page form via template provider

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. org.xwiki.platform:xwiki-platform-web starting in version 3.1-milestone-1 and prior to 13.4-rc-1, org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.2 and 15.5-rc-1, and...

9CVSS8.1AI score0.01834EPSS
Exploits1References3
Prion
Prion
added 2023/02/03 1:15 a.m.17 views

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF in Academy LMS before v5.10 allows an attacker to arbitrarily create a page...

4.3CVSS5.1AI score0.00408EPSS
Exploits2References5Affected Software1
Veracode
Veracode
added 2022/02/25 4:57 p.m.29 views

Cross Site Scripting(XSS)

intelliants/subrion is vulnerable to cross-site scripting. The vulnerability exists because create page functionality of admin account which allows a malicious attacker to inject and execute arbitrary javascript...

4.8CVSS3.3AI score0.00486EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/02/24 3:15 p.m.2 views

CVE-2021-43724

A Cross Site Scripting XSS vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file...

4.8CVSS5.8AI score0.00486EPSS
Exploits1References2
OSV
OSV
added 2022/02/24 3:15 p.m.10 views

CVE-2021-43724

A Cross Site Scripting XSS vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file...

4.8CVSS5.8AI score
Exploits0References1
Prion
Prion
added 2022/02/24 3:15 p.m.14 views

Cross site scripting

A Cross Site Scripting XSS vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file...

3.5CVSS4.8AI score0.00486EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/02/23 6:31 p.m.29 views

CVE-2021-43724

A Cross Site Scripting XSS vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file...

5.1AI score0.00486EPSS
Exploits1References1
Huntr
Huntr
added 2021/10/25 4:36 p.m.15 views

in marcoax/magutticms

Description RCE via 'upload file image or document' on maguttiCms 8.62 allows remote authenticated administrators to execute arbitrary PHP code Proof of Concept // PoC.req POST /admin/api/uploadifiveSingle HTTP/1.1 Host: 127.0.0.1:8000 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15;...

0.3AI score
Exploits0References3
OSV
OSV
added 2021/07/20 12:15 p.m.4 views

CVE-2021-27338

Faraday Edge before 3.7 allows XSS via the network/create/ page and its network name parameter...

5.4CVSS5.8AI score0.00687EPSS
Exploits0References2
NVD
NVD
added 2021/04/14 2:15 p.m.22 views

CVE-2020-21088

Cross Site Scripting XSS in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fields in "/index.php/contacts/create page"...

4.8CVSS0.0076EPSS
Exploits1References2
Exploit DB
Exploit DB
added 2020/09/29 12:0 a.m.171 views

WebsiteBaker 2.12.2 - Remote Code Execution

Exploit Title: WebsiteBaker 2.12.2 - Remote Code Execution Date: 2020-07-04 Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://websitebaker.org/pages/en/home.php Software Link: https://wiki.websitebaker.org/doku.php/downloads Version: 2.12.2 Tested on: Windows 10 and Ubuntu...

7.4AI score
Exploits0
CNVD
CNVD
added 2018/10/16 12:0 a.m.4 views

LUYA CMS Cross-Site Scripting Vulnerability

LUYA CMS is a scalable content management system CMS. A cross-site scripting vulnerability exists in LUYA CMS version 1.0.12. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via /admin/api-cms-nav/create-page...

6.1CVSS5.9AI score0.00978EPSS
Exploits2References1
OSV
OSV
added 2018/10/15 7:29 p.m.2 views

CVE-2018-18259

Stored XSS has been discovered in version 1.0.12 of the LUYA CMS software via /admin/api-cms-nav/create-page...

6.1CVSS5.7AI score0.00978EPSS
Exploits2References1
Prion
Prion
added 2018/10/15 7:29 p.m.17 views

Cross site scripting

Stored XSS has been discovered in version 1.0.12 of the LUYA CMS software via /admin/api-cms-nav/create-page...

4.3CVSS5.9AI score0.00978EPSS
Exploits2References1Affected Software1
exploitpack
exploitpack
added 2016/11/21 12:0 a.m.35 views

LEPTON 2.2.2 - SQL Injection

LEPTON 2.2.2 - SQL Injection Security Advisory - Curesec Research Team 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://www.lepton-cms.org/posts/ important-lepton-2.3.0-101.php Vendor Website: http://www.lepton-cms.org/ Vulnerability Type: SQL...

8.6AI score
Exploits0
Openbugbounty
Openbugbounty
added 2015/11/09 8:52 p.m.13 views

purlsoho.com XSS vulnerability

Vulnerable URL: http://www.purlsoho.com/create/?s="'--; Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 51879 Google Pagerank| 4 VIP website status:| No Check purlsoho.com SSL...

6.3AI score
Exploits0
Atlassian
Atlassian
added 2014/06/06 7:21 a.m.39 views

Cannot create page/s using "Create Page" Button

We are a large corporation currently in the process of rolling out a complete Atlassian Toolchain Jira, Confluence, Bamboo, Stash within the next 4 weeks. Unfortunately in Confluence, we cannot use the "Create Page" Button, as we get the following issue regardless of when this is done or by whom:...

Exploits0Affected Software1
Rows per page
Query Builder