CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2023/12/20 8:15 p.m.•12 views

Cross site scripting

Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'checkoutdate' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response...

4.9CVSS6.5AI score0.002EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2023/12/20 7:24 p.m.•12 views

CVE-2023-49271 Hotel Management v1.0 - Multiple Reflected Cross-Site Scripting (XSS)

5.4CVSS5.4AI score0.002EPSS

NVD•added 2023/10/20 7:15 a.m.•11 views

CVE-2023-2325

Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document...

7.3CVSS6.8AI score0.00103EPSS

Exploits0References3

Vulnrichment•added 2023/10/20 6:39 a.m.•19 views

CVE-2023-2325 Stored XSS Vulnerability in M-Files Classic Web

7.3CVSS5.8AI score0.00103EPSS

Cvelist•added 2023/10/20 6:39 a.m.•16 views

CVE-2023-2325 Stored XSS Vulnerability in M-Files Classic Web

7.3CVSS6.8AI score0.00103EPSS

CVE•added 2023/10/20 6:39 a.m.•46 views

CVE-2023-2325

CVE-2023-2325 affects M-Files Classic Web: Stored XSS that allows script execution in a user’s browser via stored HTML documents. Vulnerable on Classic Web before 23.10, LTS SR versions before 23.2 LTS SR4 and before 23.8 LTS SR1. Mitigation: upgrade to 23.10 or later (Classic Web), 23.2 LTS SR4 ...

7.3CVSS5.8AI score0.00103EPSS

Exploits0References3Affected Software1

Packet Storm•added 2023/09/22 12:0 a.m.•381 views

Taskhub 2.8.8 Cross Site Scripting

Title: TASKHUB-2.8.8-XSS-Reflected Author: nu11secur1ty Date: 09/22/2023 Vendor: https://codecanyon.net/user/infinitietech Software: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Reference: https://portswigger.net/web-security/cross-site-scripting Description: T...

7.1AI score

NVD•added 2023/09/20 1:15 p.m.•9 views

CVE-2022-45448

M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed...

6.1CVSS4.7AI score0.00063EPSS

OSV•added 2023/09/20 1:15 p.m.•1 views

CVE-2022-45448

6.1CVSS5.9AI score

Vulnrichment•added 2023/09/20 12:14 p.m.•11 views

CVE-2022-45448 Cross-site Scripting in M4 PDF plugin for Prestashop sites

3.5CVSS6.7AI score0.00063EPSS

Cvelist•added 2023/09/20 12:14 p.m.•12 views

CVE-2022-45448 Cross-site Scripting in M4 PDF plugin for Prestashop sites

3.5CVSS6.4AI score0.00063EPSS

Positive Technologies•added 2023/09/20 12:0 a.m.•2 views

PT-2023-14671 · Prestashop · M4 Pdf Plugin

Name of the Vulnerable Software and Affected Versions: M4 PDF plugin for Prestashop sites versions 3.2.3 and before Description: The M4 PDF plugin for Prestashop sites is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource "/m4pdf/pdf.php" uses templates to dynamically...

6.1CVSS6.1AI score0.00063EPSS

Exploits0References5

Cvelist•added 2023/06/02 12:0 a.m.•17 views

CVE-2023-23604 Creation of duplicate SystemPrincipal from less secure contexts

A duplicate SystemPrincipal object could be created when parsing a non-system html document via DOMParser::ParseFromSafeString. This could have lead to bypassing web security checks. This vulnerability affects Firefox 109...

6.9AI score0.00096EPSS

0day.today•added 2023/05/19 12:0 a.m.•321 views

SEO Friendly Blog CMS 1.0 Cross Site Scripting Vulnerability

Title: SEO-friendly-blog-CMS-system-in-PHP-with-MYSQL-database-1.0-2023 XSS-Reflected Vulnerability Author: nu11secur1ty Vendor: https://technosmarter.com/ Software: https://github.com/technosmarter/SEO-friendly-blog-CMS-system-in-PHP-with-MYSQL-database Reference XSS:...

7.1AI score

Debian•added 2023/05/12 9:29 a.m.•31 views

[SECURITY] [DLA 3419-1] webkit2gtk security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3419-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 12, 2023 https://wiki.debian.org/LTS -...

8.8CVSS9AI score0.00406EPSS

Exploits1

SUSE CVE•added 2023/03/07 3:13 a.m.•2 views

SUSE CVE-2023-25736

An invalid downcast from nsHTMLDocument to nsIContent could have lead to undefined behavior. This vulnerability affects Firefox 110...

9.8CVSS8.5AI score0.00382EPSS

Exploits0References4

0day.today•added 2023/03/06 12:0 a.m.•487 views

Purchase Order Management 1.0 Cross Site Scripting Vulnerability

Purchase Order Management version 1.0 appears to suffer from a cross site scripting vulnerability due to printing errors with a malicious password payload. Title: Purchase Order Management-1.0 - XSS-Reflected - Information-gathering Author: nu11secur1ty Vendor:...

6.7AI score

Packet Storm•added 2023/03/06 12:0 a.m.•308 views

Purchase Order Management 1.0 Cross Site Scripting

Title: Purchase Order Management-1.0 - XSS-Reflected - Information-gathering Author: nu11secur1ty Date: 03.06.2023 Vendor: https://www.sourcecodester.com/user/257130/activity Software: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html...

7.4AI score