Lucene search
K

328 matches found

Huntr
Huntr
โ€ขadded 2023/04/22 4:43 a.m.โ€ข6 views

Cross-site Scripting (XSS) - Stored

Description The stored XSS vulnerability found in the caliber-web application is a security flaw that allows an attacker to execute malicious code in a user's browser. The vulnerability affects the "/ajax/pathchooser/" endpoint and is present in the "path" parameter, which is sent via the GET...

6.4AI score
Exploits0
SUSE CVE
SUSE CVE
โ€ขadded 2023/02/15 5:5 a.m.โ€ข3 views

SUSE CVE-2016-2812

Race condition in the get implementation in the ServiceWorkerManager class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow and application crash via a crafted web site...

7.5CVSS7.8AI score0.02401EPSS
Exploits0References4
Packet Storm
Packet Storm
โ€ขadded 2023/01/24 12:0 a.m.โ€ข316 views

Inout Search Engine 10.1.3 Cross Site Scripting

โ”Œโ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚โ”‚ C r a C k E r โ”Œโ”˜ โ”Œโ”˜ T H E C R A C K O F E T E R N A L M I G H T โ”‚โ”‚ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜โ”˜ โ”Œโ”€โ”€โ”€โ”€ From The Ashes and Dust Rises An...

7.4AI score
Exploits0
Veracode
Veracode
โ€ขadded 2023/01/19 3:47 a.m.โ€ข31 views

Cross-Site Request Forgery (CSRF)

apache-superset is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists due to the use of the HTTP GET method for the legacy REST API endpoints in the requestaccess and approve functions of core.py, allowing an attacker to redirect to the malicious URL through the GET request...

8.8CVSS8.4AI score0.00567EPSS
Exploits0References5Affected Software2
Prion
Prion
โ€ขadded 2022/11/24 8:15 a.m.โ€ข21 views

Security feature bypass

Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4.15 allows an attacker to control the target host by calling any function in leadshop.php via the GET method...

7.5CVSS9.3AI score0.00936EPSS
Exploits1References2Affected Software1
Packet Storm
Packet Storm
โ€ขadded 2022/10/04 12:0 a.m.โ€ข242 views

Joomla RAXO All-Mode PRO 2.01 Cross Site Scripting

โ”Œโ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚โ”‚ C r a C k E r โ”Œโ”˜ โ”Œโ”˜ T H E C R A C K O F E T E R N A L M I G H T โ”‚โ”‚ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜โ”˜ โ”Œโ”€โ”€โ”€โ”€ From The Ashes and Dust Rises An...

7.4AI score
Exploits0
0day.today
0day.today
โ€ขadded 2022/10/03 12:0 a.m.โ€ข241 views

Joomla jMarket 5.15 Cross Site Scripting Vulnerability

โ”Œโ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”Œโ”˜ Exploits โ”Œโ”˜ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜โ”˜ : Author : CraCkEr : โ”‚ Website : extensions.joomla.org โ”‚ โ”‚ Vendor : Joobi โ”‚ โ”‚ Software : jMarket 5.1...

0.2AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2022/10/03 12:0 a.m.โ€ข227 views

Joomla Easy Shop 1.4.1 Cross Site Scripting

โ”Œโ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚โ”‚ C r a C k E r โ”Œโ”˜ โ”Œโ”˜ T H E C R A C K O F E T E R N A L M I G H T โ”‚โ”‚ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜โ”˜ โ”Œโ”€โ”€โ”€โ”€ From The Ashes and Dust Rises An...

0.1AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2022/09/29 12:0 a.m.โ€ข204 views

Joomla EDocman 1.23.3 Cross Site Scripting

โ”Œโ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚โ”‚ C r a C k E r โ”Œโ”˜ โ”Œโ”˜ T H E C R A C K O F E T E R N A L M I G H T โ”‚โ”‚ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜โ”˜ โ”Œโ”€โ”€โ”€โ”€ From The Ashes and Dust Rises An...

7.4AI score
Exploits0
0day.today
0day.today
โ€ขadded 2022/07/26 12:0 a.m.โ€ข258 views

Marty Marketplace Multi Vendor Ecommerce Script 1.2 SQL Injection Vulnerability

โ”Œโ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚โ”‚ C r a C k E r โ”Œโ”˜ โ”Œโ”˜ T H E C R A C K O F E T E R N A L M I G H T โ”‚โ”‚ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜โ”˜ โ”Œโ”€โ”€โ”€โ”€ From The Ashes and Dust Rises An...

0.4AI score
Exploits0
Kitploit
Kitploit
โ€ขadded 2022/06/04 12:30 p.m.โ€ข45 views

CRLFsuite - Fast CRLF Injection Scanning Tool

CRLFsuite is a fast tool specially designed to scan CRLF injection. Installation $ git clone https://github.com/Nefcore/CRLFsuite.git $ cd CRLFsuite $ sudo python3 setup.py install $ crlfsuite -h Features Single URL scanning Multiple URL scanning Stdin supported GET & POST method supported...

7.3AI score
Exploits0References2
Huntr
Huntr
โ€ขadded 2022/05/18 9:51 a.m.โ€ข10 views

Cross Site Request Forgery in acknowledging Toast

Description Hi there linkding maintainers, I would like to report a Cross site request forgery in acknowledging toast. This is due to the use of GET method. Proof of Concept 1. Install a local instance of linkding 2. Create admin user admin 3. Log in as admin and create a new toast 4. Go back to...

1.5AI score
Exploits0
Snyk
Snyk
โ€ขadded 2022/05/13 1:30 a.m.โ€ข2 views

Cross-site Request Forgery (CSRF)

Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the HTTP GET method. An attacker can hijack the authentication of administrators by exploiting the vulnerability through crafted...

8.8CVSS7.2AI score0.02395EPSS
Exploits0References2
OSV
OSV
โ€ขadded 2022/05/13 1:26 a.m.โ€ข20 views

GHSA-799H-QR84-PCRP Kallithea Routes CSRF Bypass

Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method...

8.8CVSS8.8AI score0.00587EPSS
Exploits0References3
Positive Technologies
Positive Technologies
โ€ขadded 2022/04/18 12:0 a.m.โ€ข2 views

PT-2022-16937 ยท Unknown ยท Http-Swagger

Name of the Vulnerable Software and Affected Versions: http-swagger versions prior to 1.2.6 Description: The issue allows an attacker to perform a denial of service attack consisting of memory exhaustion on the host system due to improper handling of HTTP methods. This can also lead to other...

7.8CVSS6AI score0.02333EPSS
Exploits1References16
Huntr
Huntr
โ€ขadded 2021/12/17 8:47 a.m.โ€ข16 views

Cross-Site Request Forgery (CSRF) in janeczku/calibre-web

Description CSRF on various endpoints Summary Pretty recently CSRF protection in calibre-web was implemented. However, there are some state-changing endpoints that accept GET requests instead of POST. The most impactful route so far, that allows to completely shutdown the server:...

6.8CVSS0.5AI score0.0054EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/12/10 2:21 a.m.โ€ข23 views

Cross-Site Request Forgery (CSRF) in patrowl/patrowlmanager

Description Hi there, there is a CSRF in duplicating rule due to the usage of GET method. Proof of Concept 1. Install a local instance of PatrowlManager 2. Go to list rule and create a new rule 3. Access this link http://localhost:8083/rules/api/v1/alerting/duplicate/1 and see that the rule is...

0.3AI score
Exploits0
CNNVD
CNNVD
โ€ขadded 2021/08/20 12:0 a.m.โ€ข7 views

TotoLink A702r ๅฎ‰ๅ…จๆผๆดž

TOTOLINK A702r is a router device from China-based Gion Electronics TOTOLINK.A security vulnerability exists in TOTOLINK A702r, which stems from the product's login page that does not add effective permission control for directory access. An attacker can access the /add/, /img/, /js/, /mobile...

5.3CVSS5.6AI score0.00815EPSS
Exploits1References2
OSV
OSV
โ€ขadded 2021/07/14 3:15 p.m.โ€ข3 views

CVE-2020-27379

Cross Site Request Forgery CSRF vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 . The CSRF token is not being validated when the request is sent as a GET method. This results in an unauthorized change in the user's email ID, which can later be used to reset the password...

6.5CVSS5.8AI score0.00485EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
โ€ขadded 2021/07/12 3:10 p.m.โ€ข2 views

CVE-2021-23389

The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set and U.get functions...

9.8CVSS5.5AI score0.03603EPSS
Exploits1References4
Rows per page
Query Builder