Lucene search
+L

193 matches found

susecve
susecve
added 2023/02/15 6:13 a.m.5 views

SUSE CVE-2006-6077

The 1 Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the 2 Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a...

5CVSS8.9AI score0.0196EPSS
Exploits1References7
vulncheck_kev
vulncheck_kev
added 2023/01/11 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-24183

The tutorquizbuildergetquestionform AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students...

6.5CVSS6.7AI score0.01742EPSS
Exploits2References1
wpexploit
wpexploit
added 2022/10/10 12:0 a.m.474 views

Newspaper < 12 - Reflected Cross-Site Scripting

Description The theme does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting. " / document.forms0.submit;...

6.1CVSS6.3AI score0.00969EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/15 12:0 a.m.187 views

Fast Flow < 1.2.12 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting ' https://example.com/wp-admin/admin.php?page=fast-flow&p="...

1.2AI score
Exploits0
wpexploit
wpexploit
added 2022/07/04 12:0 a.m.130 views

Name Directory < 1.25.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS as well alert/XSS/" /...

6.1CVSS6.1AI score0.00569EPSS
Exploits2
wpexploit
wpexploit
added 2022/05/18 12:0 a.m.183 views

Themify - WooCommerce Product Filter < 1.3.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting ' /...

6.1CVSS0.2AI score0.00815EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/26 12:0 a.m.94 views

Donate Extra <= 2.02 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting ' document.form1.submit;...

6.1CVSS0.1AI score0.00757EPSS
Exploits2
wpexploit
wpexploit
added 2022/04/04 12:0 a.m.84 views

Menubar < 5.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the command parameter before outputting it back in the response via the menubar AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting " /...

5.4CVSS0.6AI score0.00591EPSS
Exploits2
nvd
nvd
added 2022/02/28 4:15 p.m.25 views

CVE-2022-26156

An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places...

6.1CVSS0.00713EPSS
Exploits0References2
attackerkb
attackerkb
added 2022/02/28 4:15 p.m.4 views

CVE-2022-26156

An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places...

6.1CVSS6AI score0.00713EPSS
Exploits0References3
osv
osv
added 2022/02/28 4:15 p.m.5 views

CVE-2022-26156

An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places...

6.1CVSS6.4AI score0.00713EPSS
Exploits0References2
prion
prion
added 2022/02/28 4:15 p.m.19 views

Input validation

An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places...

5.8CVSS6.5AI score0.00713EPSS
Exploits0References2Affected Software1
cve
cve
added 2022/02/28 3:24 p.m.69 views

CVE-2022-26156

CVE-2022-26156 affects Cherwell Service Management (CSM) web application, version 10.2.3. The issue is an injection of a malicious payload into the RelayState= parameter of the HTTP request body, causing form-action hijacking by altering the form submission URL to an attacker-controlled endpoint....

6.1CVSS6.4AI score0.00713EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2022/02/28 3:24 p.m.36 views

CVE-2022-26156

An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places...

6.7AI score0.00713EPSS
Exploits0References2
cnnvd
cnnvd
added 2022/02/28 12:0 a.m.5 views

Cherwell Service Management 输入验证错误漏洞

Cherwell Service Management is flexible, feature-rich ITSM software that is easy to use, configure and maintain. An input validation error vulnerability exists in Cherwell Service Management because the product does not validate special characters in data corresponding to the RelayState parameter...

6.1CVSS6.3AI score0.00713EPSS
Exploits0References4
veracode
veracode
added 2022/01/24 8:39 a.m.26 views

Cross-Site Scripting (XSS)

phpmyadmin is vulnerable to cross-site scripting. The vulnerability exists due to a lack of escape of the config-form's action attribute...

6.1CVSS2.4AI score0.07936EPSS
Exploits2References5Affected Software1
wpexploit
wpexploit
added 2021/12/28 12:0 a.m.121 views

Dynamic Widgets <= 1.5.16 - Reflected Cross-Site Scripting

The plugin does not escape the prefix parameter before outputting it back in an attribute when using the termtree AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting issue var form1 = document.getElementById'hack'; form1.submit;...

5.3AI score0.00591EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.171 views

Shiny Buttons <= 1.1.0 - Unauthenticated Stored Cross-Site Scripting

The plugin does not have any authorisation and CSRF in place when saving a template wpbtnsavetemplate function hooked to the init action, nor sanitise and escape them before outputting them in the admin dashboard, which allow unauthenticated users to add a malicious template and lead to Stored...

6.1CVSS5.9AI score0.01167EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/03 12:0 a.m.103 views

Email Tracker < 5.2.6 - Reflected Cross-Site Scripting

The plugin does not escape user input before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue alert/XSS/' /...

6.2AI score
Exploits0
wpexploit
wpexploit
added 2021/10/06 12:0 a.m.692 views

Redirect 404 Error Page to Homepage or Custom Page with Logs < 1.7.9 - Log Deletion via CSRF

The plugin does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete them via a CSRF attack csrf.submit...

6.5CVSS0.5AI score0.00531EPSS
Exploits2
Rows per page
Query Builder