Lucene search
K

18012 matches found

Nuclei
Nuclei
added 9 hours ago25 views

Simple URLs < 115 - Cross Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2023-0099 info: name: Simple URLs 115 - Cross Site Scripting author: r3Y3r53 severit...

6.1CVSS6.3AI score0.01726EPSS
Exploits6References5
Nuclei
Nuclei
added 9 hours ago119 views

phpIPAM - 1.6 - Cross-Site Scripting

phpIPAM 1.6 contains a cross-site scripting vulnerability via the closeClass parameter at /subnet-masks/popup.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.4AI score0.03904EPSS
Exploits3References2
Nuclei
Nuclei
added 9 hours ago26 views

ZZcms - Cross-Site Scripting

ZZcms 2019 contains a cross-site scripting vulnerability in the user login page. An attacker can inject arbitrary JavaScript code in the referer header via user/login.php, which can allow theft of cookie-based credentials and launch of subsequent attacks. id: CVE-2020-20285 info: name: ZZcms -...

5.4CVSS6.1AI score0.01552EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago29 views

Academy LMS 6.0 - Cross-Site Scripting

Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting XSS vulnerability through query parameter. id: CVE-2023-38964 info: name: Academy LMS 6.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Creative Item Academy LMS 6.0 was discovered to...

6.1CVSS6.2AI score0.01056EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago18 views

Tiempo.com <= 0.1.2 - Cross-Site Scripting

Tiempo.com before 0.1.2 is susceptible to cross-site scripting via the page parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to stea...

6.1CVSS6.8AI score0.0085EPSS
Exploits2References3
Nuclei
Nuclei
added 9 hours ago34 views

Rukovoditel <= 2.7.2 - Cross Site Scripting

A stored cross site scripting XSS vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter. id: CVE-2020-35984 info: name: Rukovoditel = 2.7.2 - Cross Site...

5.4CVSS6AI score0.01333EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago41 views

QCube Cross-Site-Scripting

A reflected cross-site scripting vulnerability in qcubed all versions including 3.1.1 in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users. id: CVE-2020-24912 info: name: QCube Cross-Site-Scripting author: pikpikcu severity: medium...

6.1CVSS6.7AI score0.06289EPSS
Exploits3References5
Nuclei
Nuclei
added 9 hours ago26 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS5.8AI score0.01331EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago19 views

Rukovoditel <= 2.7.2 - Cross-Site Scripting

A stored cross site scripting XSS vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. id: CVE-2020-35987 info: name: Rukovoditel = 2.7.2 - Cross-Site...

5.4CVSS6AI score0.01339EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago40 views

NeDi 1.9C - Cross-Site Scripting

NeDi 1.9C is vulnerable to cross-site scripting because of an incorrect implementation of sanitize in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a...

6.1CVSS6.2AI score0.03442EPSS
Exploits0References4
Nuclei
Nuclei
added 9 hours ago18 views

Jeesns 1.4.2 - Cross-Site Scripting

Jeesns 1.4.2 is vulnerable to reflected cross-site scripting in the /weibo/topic component and allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field. id: CVE-2020-19295 info: name: Jeesns 1.4.2 - Cross-Site Scripting author:...

6.1CVSS6.5AI score0.03319EPSS
Exploits1References4
Nuclei
Nuclei
added 9 hours ago43 views

Brafton WordPress Plugin < 3.4.8 - Cross-Site Scripting

The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php. id: CVE-2016-10973 info: name: Brafton WordPress Plugin 3.4.8 - Cross-Site Scripting author: Harsh severity: medium description: | The Brafton plugin...

7.4CVSS6.4AI score0.0197EPSS
Exploits2References3
Nuclei
Nuclei
added 9 hours ago14 views

ETQ Reliance - Reflected XSS via SQLConverterServlet

A reflected cross-site scripting XSS vulnerability exists in ETQ Reliance CG legacy platform within the SQLConverterServlet component. This vulnerability requires user interaction, such as clicking a crafted link, and may result in execution of unauthorized scripts in the user's context. The...

5.1CVSS6AI score0.01891EPSS
Exploits0References2
Nuclei
Nuclei
added 9 hours ago59 views

AppServ Open Project <=2.5.10 - Cross-Site Scripting

AppServ Open Project 2.5.10 and earlier contains a cross-site scripting vulnerability in index.php which allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter. id: CVE-2008-2398 info: name: AppServ Open Project =2.5.11 or apply the necessary security patches...

4.3CVSS5.8AI score0.06232EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago25 views

WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting

Multiple cross-site scripting vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 notify or 2 blog parameter. id: CVE-2013-2287 info: name: WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting...

4.3CVSS5.8AI score0.09165EPSS
Exploits1References4
Nuclei
Nuclei
added 9 hours ago40 views

Cherokee HTTPD <=0.5 - Cross-Site Scripting

Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated. id: CVE-2006-1681 info:...

4.3CVSS5.8AI score0.06643EPSS
Exploits1References4
Nuclei
Nuclei
added 9 hours ago36 views

WordPress Admin Font Editor <=1.8 - Cross-Site Scripting

WordPress Admin Font Editor 1.8 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.5AI score0.03223EPSS
Exploits2References5
Nuclei
Nuclei
added 9 hours ago23 views

McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting

McAfee Network Data Loss Prevention User-Agent 9.3.x contains a cross-site scripting vulnerability which allows remote attackers to get session/cookie information via modification of the HTTP request. id: CVE-2017-4011 info: name: McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting...

6.1CVSS6.3AI score0.03271EPSS
Exploits0References5
Nuclei
Nuclei
added 9 hours ago33 views

Podcast Channels < 0.28 - Cross-Site Scripting

The Podcast Channels WordPress plugin was affected by an unauthenticated reflected cross-site scripting security vulnerability. id: CVE-2014-4544 info: name: Podcast Channels 0.28 - Cross-Site Scripting author: daffainfo severity: medium description: The Podcast Channels WordPress plugin was...

6.1CVSS6.2AI score0.03779EPSS
Exploits1References4
Nuclei
Nuclei
added 9 hours ago27 views

Movies <= 0.6 - Cross-Site Scripting

A cross-site scripting vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. id: CVE-2014-4539 info: name: Movies = 0.6 - Cross-Site Scripting author: daffainfo...

6.1CVSS6.4AI score0.03983EPSS
Exploits2References4
Rows per page
Query Builder