Lucene search
+L

321 matches found

Vulnrichment
Vulnrichment
added 2026/02/01 12:15 p.m.3 views

CVE-2021-47911 Affiliate Pro 1.7 Reflected Cross-Site Scripting via Index Module

Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests...

5.4CVSS5.1AI score0.00171EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/01 12:15 p.m.5 views

EUVD-2021-34760

Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests...

5.4CVSS5.9AI score0.00171EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/01 12:15 p.m.4 views

CVE-2021-47911

Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests...

5.4CVSS5.9AI score0.00171EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/01/30 5:16 p.m.7 views

CVE-2020-36998

Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent cross-site scripting vulnerability in multiple course and profile parameters. Attackers can inject malicious scripts in course code, name, description fields, and email parameter to execute arbitrary JavaScript without proper input...

6.4CVSS0.00252EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/30 4:16 p.m.33 views

CVE-2020-36998 forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting

Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent cross-site scripting vulnerability in multiple course and profile parameters. Attackers can inject malicious scripts in course code, name, description fields, and email parameter to execute arbitrary JavaScript without proper input...

6.4CVSS0.00252EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/30 4:16 p.m.3 views

CVE-2020-36998

Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent cross-site scripting vulnerability in multiple course and profile parameters. Attackers can inject malicious scripts in course code, name, description fields, and email parameter to execute arbitrary JavaScript without proper input...

6.4CVSS6AI score0.00252EPSS
Exploits0References4
OSV
OSV
added 2026/01/15 4:16 p.m.4 views

CVE-2021-47765

AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating username and error report fields. Attackers can trigger the crash by inserting 1000 characters into the username or email address fields, causing the application to...

5.5CVSS5.8AI score0.00174EPSS
Exploits1References2
NVD
NVD
added 2026/01/15 4:16 p.m.11 views

CVE-2021-47765

AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating username and error report fields. Attackers can trigger the crash by inserting 1000 characters into the username or email address fields, causing the application to...

6.7CVSS0.00174EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/15 3:52 p.m.5 views

EUVD-2026-2772

AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating username and error report fields. Attackers can trigger the crash by inserting 1000 characters into the username or email address fields, causing the application to...

6.7CVSS6AI score0.00174EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/15 3:52 p.m.27 views

CVE-2021-47765 AbsoluteTelnet 11.24 - 'Username' Denial of Service (PoC)

AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating username and error report fields. Attackers can trigger the crash by inserting 1000 characters into the username or email address fields, causing the application to...

6.7CVSS0.00174EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/15 3:52 p.m.5 views

CVE-2021-47765 AbsoluteTelnet 11.24 - 'Username' Denial of Service (PoC)

AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating username and error report fields. Attackers can trigger the crash by inserting 1000 characters into the username or email address fields, causing the application to...

6.7CVSS6.1AI score0.00174EPSS
Exploits1References2
CVE
CVE
added 2026/01/15 3:52 p.m.15 views

CVE-2021-47765

AbsoluteTelnet 11.24 is affected by a local denial-of-service vulnerability where sending strings of about 1000 characters in the username field (and related error reporting fields) crashes the application. The Root Cause is improper handling/validation of long input in username and email/error f...

6.7CVSS6.1AI score0.00174EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 11:48 a.m.7 views

CVE-2009-4894

Multiple cross-site scripting XSS vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 password or 2 e-mail...

4.3CVSS6.2AI score0.00855EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/01 12:0 a.m.13 views

CVE-2025-63531

A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the remail and rpassword fields, a...

10CVSS0.00587EPSS
Exploits1References3
Hacker One
Hacker One
added 2025/11/12 10:46 p.m.16 views

Cloudflare Public Bug Bounty: [Variation of #3321406] YetAnother 1-Click Chaining of Self-XSS, Cookie Tossing and AntiCSRF Token Prediction leads to auto approval in AccessTempAuth

A vulnerability in Cloudflare Access involving the Browser Isolation email field was discovered, which could allow for unauthorized approvals within the Temporary Auth workflow. The issue has been fully remediated...

5.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/06 6:37 p.m.13 views

CVE-2025-57244

OpenKM Community Edition 6.3.12 is vulnerable to stored cross-site scripting XSS in the user account creation interface. The Name field accepts script tags and the Email field is vulnerable when the POST request is modified to include encoded script tags, by passing frontend validation...

5.4CVSS5.8AI score0.00197EPSS
Exploits1References1
NVD
NVD
added 2025/11/05 5:15 p.m.8 views

CVE-2025-57244

OpenKM Community Edition 6.3.12 is vulnerable to stored cross-site scripting XSS in the user account creation interface. The Name field accepts script tags and the Email field is vulnerable when the POST request is modified to include encoded script tags, by passing frontend validation...

5.4CVSS0.00197EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/05 12:0 a.m.13 views

CVE-2025-57244

OpenKM Community Edition 6.3.12 is vulnerable to stored cross-site scripting XSS in the user account creation interface. The Name field accepts script tags and the Email field is vulnerable when the POST request is modified to include encoded script tags, by passing frontend validation...

0.00197EPSS
Exploits1References2
CVE
CVE
added 2025/11/05 12:0 a.m.13 views

CVE-2025-57244

OpenKM Community Edition 6.3.12 is listed as vulnerable to a stored cross-site scripting (XSS) flaw in the user account creation interface. The affected component is the registration form where the Name field accepts script tags and the Email field is vulnerable when a POST request is modified to...

5.4CVSS5.5AI score0.00197EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/11/05 12:0 a.m.3 views

CVE-2025-57244

OpenKM Community Edition 6.3.12 is vulnerable to stored cross-site scripting XSS in the user account creation interface. The Name field accepts script tags and the Email field is vulnerable when the POST request is modified to include encoded script tags, by passing frontend validation...

5.4CVSS5.9AI score0.00197EPSS
Exploits1References4
Rows per page
Query Builder