Lucene search
+L

34 matches found

OSV
OSV
added 2023/03/19 8:15 p.m.6 views

CVE-2023-1500

A vulnerability, which was classified as problematic, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file adminHome.php. The manipulation of the argument aboutinfo leads to cross site scripting. The attack may be launched...

6.1CVSS3.9AI score0.00519EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/03/19 12:0 a.m.6 views

PT-2023-17036 · Code Projects · Code-Projects Simple Art Gallery

Name of the Vulnerable Software and Affected Versions: code-projects Simple Art Gallery version 1.0 Description: A problematic issue has been found in the file adminHome.php, where the manipulation of the about info argument leads to cross site scripting. The attack can be launched remotely...

6.1CVSS6.4AI score0.00519EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2022/03/20 12:0 a.m.12 views

PT-2022-17318

Name of the Vulnerable Software and Affected Versions: ThinkPHP Framework version 5.0.24 Description: The ThinkPHP Framework was discovered to be configured without the PATHINFO parameter, allowing attackers to access all system environment parameters from index.php. It is noted that this issue i...

7.5CVSS7.6AI score0.04748EPSS
Exploits1References9
Prion
Prion
added 2022/01/24 8:15 p.m.18 views

Cross site scripting

ShortDescription is a MediaWiki extension that provides local short description support. A cross-site scripting XSS vulnerability exists in versions prior to 2.3.4. On a wiki that has the ShortDescription enabled, XSS can be triggered on any page or the page with the action=info parameter, which...

4.3CVSS5.8AI score0.01EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2021/10/15 12:0 a.m.3 views

Mitsubishi Electric smartRTU 跨站脚本漏洞

The Mitsubishi Electric smartRTU is an intelligent Remote Terminal Unit RTU from Mitsubishi Electric Japan. A cross-site scripting vulnerability exists in the Mitsubishi Electric SmartRTU device that stems from the lack of valid validation and escaping of the username and PATHINFO parameters in t...

6.1CVSS5.9AI score0.04032EPSS
Exploits4References4
Prion
Prion
added 2020/10/05 12:15 p.m.17 views

Unrestricted file upload

The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. This can occur during creation of a ticket, project, or task...

3.5CVSS5.3AI score0.00849EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2019/09/14 4:15 p.m.2 views

CVE-2019-16311

NIUSHOP V1.11 has CSRF via searchinfo to index.php...

8.8CVSS7.3AI score0.00603EPSS
Exploits1References1
OSV
OSV
added 2018/12/26 3:29 a.m.5 views

CVE-2018-20479

An issue was discovered in S-CMS 1.0. It allows SQL Injection via the wapindex.php?type=newsinfo Sid parameter...

9.8CVSS5.8AI score0.01135EPSS
Exploits1References1
OSV
OSV
added 2018/06/11 11:29 a.m.1 views

CVE-2018-12095

A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php...

5.4CVSS5.7AI score0.05634EPSS
Exploits5References2
CNVD
CNVD
added 2015/01/06 12:0 a.m.5 views

Social Microblogging PRO Cross-Site Scripting Vulnerability

Social Microblogging PRO is a social microblogging. A cross-site scripting vulnerability in Social Microblogging PRO version 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO parameter to the default URL...

4.3CVSS6AI score0.01465EPSS
Exploits1References1
NVD
NVD
added 2011/06/09 7:55 p.m.25 views

CVE-2011-1706

Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted iprint-client-config-info parameter in a printer-url...

9.3CVSS7.9AI score0.05869EPSS
Exploits0References8
CVE
CVE
added 2006/06/13 1:0 a.m.42 views

CVE-2006-2989

ASP ListPics 4.3 and earlier contains a Cross-site scripting (XSS) flaw in listpics.asp that can be exploited by supplying an info parameter value. The vulnerability allows remote attackers to inject arbitrary web script or HTML. Affected component: listpics.asp in ASP ListPics 4.3 and earlier. R...

4.3CVSS5.9AI score0.0118EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2006/06/13 1:0 a.m.19 views

CVE-2006-2989

Cross-site scripting XSS vulnerability in listpics.asp in ASP ListPics 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the info parameter...

5.7AI score0.0118EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2002/08/27 1:58 p.m.8 views

security flaw

Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the 1 adminpw or 2 info parameters to the ml-name feature...

7.5CVSS5.9AI score0.06105EPSS
Exploits1References4
Rows per page
Query Builder