Lucene search
K

11 matches found

CVE
CVE
added 2026/06/21 1:26 p.m.16 views

CVE-2026-56383

CVE-2026-56383 : Craft CMS contains a stored XSS in the editableTable.twig component via the Row Heading column type. The vulnerability arises from unsanitized input in row heading default values, enabling an attacker with an administrator account (when allowAdminChanges is enabled) to inject arb...

4.8CVSS5.8AI score0.00177EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-47872

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00894EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 12:15 a.m.11 views

CVE-2022-44945

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the headingfieldid parameter...

9.8CVSS8.3AI score0.00894EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/12/18 12:0 a.m.5 views

Shoplazza LifeStyle 跨站脚本漏洞

Shoplazza LifeStyle is an e-commerce website by Shoplazza, Inc. A security vulnerability exists in Shoplazza LifeStyle version 1.1, which stems from cross-site scripting due to incorrect manipulation of the parameters Subheading/Heading/Text/Button Text/Label...

5.4CVSS5.3AI score0.00503EPSS
Exploits0References4
OSV
OSV
added 2022/12/02 8:15 p.m.4 views

CVE-2022-44945

Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the headingfieldid parameter...

9.8CVSS5.8AI score0.00894EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/12/02 12:0 a.m.6 views

PT-2022-27344 · Unknown · Rukovoditel

Name of the Vulnerable Software and Affected Versions: Rukovoditel version 3.2.1 Description: A SQL injection issue was discovered via the heading field id parameter. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world...

9.8CVSS9.7AI score0.00894EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/12/02 12:0 a.m.6 views

Rukovoditel SQL注入漏洞

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software features project management, customer relationship management, and more. Rukovoditel v3.2.1 version of a security vulnerability , the vulnerability stems from through the headingfield...

9.8CVSS8.5AI score0.00894EPSS
Exploits1References3
OSV
OSV
added 2021/08/26 6:15 p.m.4 views

CVE-2020-18468

Cross Site Scripting XSS vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the General menu via a crafted website name by doing an authenticated POST HTTP request to /qdPM9.1/index.php/configuration...

5.4CVSS6.1AI score0.00413EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/08/26 5:28 p.m.23 views

CVE-2020-18468

Cross Site Scripting XSS vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the General menu via a crafted website name by doing an authenticated POST HTTP request to /qdPM9.1/index.php/configuration...

5.1AI score0.00413EPSS
Exploits1References1
OSV
OSV
added 2021/08/17 8:15 p.m.5 views

CVE-2020-13588

An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The headingfieldid parameter in ‘‘entities/fields’ page is vulnerable to authenticated SQL injection. An attacker can make authenticated HTTP requests to trigger this...

8.8CVSS6.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/08/17 12:0 a.m.7 views

PT-2021-9654 · Unknown · Rukovoditel Project Management App

Name of the Vulnerable Software and Affected Versions: Rukovoditel Project Management App version 2.7.2 Description: An exploitable SQL injection issue exists in the 'entities/fields' page. The heading field id parameter in this page is vulnerable to authenticated SQL injection. An attacker can...

8.8CVSS6.2AI score0.00968EPSS
Exploits1References2
Rows per page
Query Builder