CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7210 matches found

Exploit DB•added 2018/09/25 12:0 a.m.•31 views

Joomla! Component Music Collection 3.0.3 - SQL Injection

Exploit Title: Joomla! Component Music Collection 3.0.3 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: http://joomlathat.com/ Software Link: https://extensions.joomla.org/extensions/extension/multimedia/multimedia-players/music-collection/ Version: 3.0.3 Category: Webapps Tested on:...

9.8CVSS9.7AI score0.0328EPSS

Exploits5

OSV•added 2018/09/23 6:29 p.m.•9 views

CVE-2018-17361

Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php because $SERVER'PHPSELF' is mishandled...

6.1CVSS6.1AI score

Exploits0References1

NVD•added 2018/09/23 6:29 p.m.•18 views

CVE-2018-17361

Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php because $SERVER'PHPSELF' is mishandled...

6.1CVSS6.2AI score0.0083EPSS

Exploits1References1

CVE•added 2018/09/23 6:0 p.m.•39 views

CVE-2018-17361

CVE-2018-17361 affects WeaselCMS v0.3.6 (PHP). Multiple XSS vulnerabilities allow remote attackers to inject arbitrary web script or HTML via PATH_INFO to index.php; root cause is mishandling of $_SERVER['PHP_SELF']. Public exploit details are not provided in the connected documents; no remediati...

6.1CVSS6AI score0.0083EPSS

Exploits1References1Affected Software1

NVD•added 2018/09/21 5:29 p.m.•11 views

CVE-2018-17003

In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discovered in the appendix via the surveylstitle parameter to /index.php?r=admin/survey/sa/insert...

6.1CVSS6.2AI score0.01009EPSS

Exploits2References1

CVE•added 2018/09/18 9:0 p.m.•53 views

CVE-2018-16820

Monstra CMS 3.0.4 is affected by a directory-traversal in admin/index.php, exploitable via id=filesmanager&path=uploads/… requests to list arbitrary directories. Root cause is improper handling of the path parameter that enables traversal. Impact per NVD: High (CVSSv3 7.5) for confidentiality los...

7.5CVSS7.7AI score0.01973EPSS

Exploits1References2Affected Software1

Cvelist•added 2018/09/14 7:0 a.m.•20 views

CVE-2018-17034

UCMS 1.4.6 has XSS via the install/index.php mysqldbname parameter...

6.1AI score0.00675EPSS

Exploits1References1

CVE•added 2018/09/14 7:0 a.m.•40 views

CVE-2018-17035

The vulnerability CVE-2018-17035 affects UCMS 1.4.6, where an SQL injection can occur during installation via the install/index.php mysql_dbname parameter. Affected component is UCMS (PHP-based CMS); root cause is unsafely handled mysql_dbname input during setup, enabling potential SQL command ex...

9.8CVSS9.8AI score0.01135EPSS

Exploits1References1Affected Software1

CVE•added 2018/09/14 7:0 a.m.•38 views

CVE-2018-17034

UCMS 1.4.6 contains a Cross-Site Scripting (XSS) vulnerability controllable via the mysql_dbname parameter in install/index.php. Multiple connected sources (NVD entry CVE-2018-17034 and CNVD/CVE listings) confirm an XSS flaw capable of injecting arbitrary scripts/HTML in affected users’ browsers....

6.1CVSS6AI score0.00675EPSS

Exploits1References1Affected Software1

Cvelist•added 2018/09/14 7:0 a.m.•16 views

CVE-2018-17036

An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo call into /inc/config.php...

9.7AI score0.01658EPSS

Exploits1References1

OSV•added 2018/09/13 8:29 p.m.•15 views

CVE-2018-17024

admin/index.php in Monstra CMS 3.0.4 allows XSS via the pagemetatitle parameter in an addpage action...

4.8CVSS5.8AI score

Exploits0References2

CVE•added 2018/09/13 8:0 p.m.•44 views

CVE-2018-17025

CVE-2018-17025 affects Monstra CMS 3.0.4. The issue is an XSS in admin/index.php via the page_meta_title parameter in an edit_page action for pages with no special role. Documented impact is XSS; no exploitation details are provided in the sources. CVSS scores listed: CVSS v2 base 4.3 (Medium) an...

6.1CVSS6.2AI score0.00899EPSS

Exploits1References1Affected Software1

NVD•added 2018/09/12 4:29 p.m.•8 views

CVE-2018-16728

feindura 2.0.7 allows XSS via the tags field of a new page created at index.php?category=0&page=new...

5.4CVSS5.3AI score0.00616EPSS

Exploits0References1

OSV•added 2018/09/12 4:29 p.m.•10 views

CVE-2018-16728

feindura 2.0.7 allows XSS via the tags field of a new page created at index.php?category=0&page=new...

5.4CVSS5.8AI score

Exploits0References1

Openbugbounty•added 2018/09/10 10:7 a.m.•18 views

mrklingo.freeshell.org XSS vulnerability

Open Bug Bounty ID: OBB-675088 Description| Value ---|--- Affected Website:| mrklingo.freeshell.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0