Lucene search
K

59567 matches found

Nuclei
Nuclei
added 9 hours ago105 views

AppCMS - Cross-Site Scripting

AppCMS 2.0.101 has a cross-site scripting vulnerability in \templates\m\inchead.php. id: CVE-2021-45380 info: name: AppCMS - Cross-Site Scripting author: pikpikcu severity: medium description: AppCMS 2.0.101 has a cross-site scripting vulnerability in \templates\m\inchead.php. impact: | Successfu...

6.1CVSS6.4AI score0.02542EPSS
Exploits1References4
Nuclei
Nuclei
added 9 hours ago109 views

MeterSphere < 2.5.0 SSRF

MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in...

7.2CVSS6.3AI score0.01607EPSS
Exploits1References4
Nuclei
Nuclei
added 9 hours ago56 views

Admidio - Cross-Site Scripting

A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The reflected cross-site scripting vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious...

8.8CVSS6.4AI score0.05784EPSS
Exploits0References5
Nuclei
Nuclei
added 9 hours ago80 views

WordPress Loco Translate < 2.6.1 - Cross-Site Scripting

Loco Translate WordPress plugin before 2.6.1 contains a stored cross-site scripting vulnerability caused by improper removal of inline events from source translation strings, allowing authenticated users to inject arbitrary JavaScript payloads. id: CVE-2022-0765 info: name: WordPress Loco Transla...

5.4CVSS6.2AI score0.03932EPSS
Exploits4References3
Nuclei
Nuclei
added 9 hours ago17 views

WordPress < 4.9.1 - Authenticated JavaScript File Upload

WordPress before 4.9.1 contains a cross-site scripting caused by not requiring unfilteredhtml capability for uploading .js files in functions.php, letting remote attackers execute scripts via crafted files, exploit requires upload permissions. id: CVE-2017-17092 info: name: WordPress 4.9.1 -...

5.4CVSS6.7AI score0.04132EPSS
Exploits0References5
Nuclei
Nuclei
added 9 hours ago137 views

Limit Login Attempts - Stored Cross-Site Scripting

Limit Login Attempts WordPress plugin 4.0.72 contains a stored cross-site scripting caused by unsanitized and unescaped settings, letting malicious administrators inject Javascript code, exploit requires administrator privileges. id: CVE-2022-1029 info: name: Limit Login Attempts - Stored...

4.8CVSS6AI score0.00848EPSS
Exploits2References1
Nuclei
Nuclei
added 9 hours ago56 views

Fortinet FortiOS < 5.6.0 - Cross-Site Scripting

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. id: CVE-2017-3133 info: name: Fortinet FortiOS 5.6.0 - Cross-Site Scripting author: ritikchaddha severity:...

6.1CVSS6.5AI score0.10677EPSS
Exploits5References2
Nuclei
Nuclei
added 9 hours ago73 views

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure

Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system. id: CVE-2024-3742 info: name: Electrolink FM/DAB/TV Transmitter controlloLogin.js - Credentials Disclosure author: Farish severity: high description: | Electrolink...

8.7CVSS6.1AI score0.0143EPSS
Exploits2References4
Nuclei
Nuclei
added 9 hours ago70 views

XWiki >= 3.4-milestone-1 - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.4AI score0.02182EPSS
Exploits0References2
Nuclei
Nuclei
added 9 hours ago20 views

KodExplorer - Cross-Site Scripting

KodExplorer is susceptible to a reflected cross-site scripting XSS vulnerability in the file view functionality.The vulnerability exists in app/template/api/view.html where user-supplied input in the 'path' parameter is directly echoed without proper sanitization.This allows attackers to inject...

6.1CVSS6.4AI score0.00705EPSS
Exploits0References2
Nuclei
Nuclei
added 9 hours ago13 views

XWiki Platform - Cross-Site Scripting

XWiki Platform versions = 4.2-milestone-3 and = 16.5.0-rc-1 and = 17.0.0-rc-1 and = 4.2-milestone-3 and = 16.5.0-rc-1 and = 17.0.0-rc-1 and 17.3.0-rc-1 are vulnerable to reflected XSS in two templates. The vulnerability allows an attacker to execute malicious JavaScript code in the context of the...

6.5CVSS7.2AI score0.00634EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago23 views

TP-Link Archer A20 v3 Router - Cross-site Scripting

The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting XSS due to improper handling of directory listing paths in the web interface. When a specially crafted URL is visited, the router's web page renders the directory listing and executes arbitrary JavaScript embedded in the URL...

4.8CVSS7.2AI score0.00875EPSS
Exploits0References2
Nuclei
Nuclei
added 9 hours ago63 views

osTicket < v1.16.6 - Cross-Site Scripting

Cross-site Scripting XSS - Generic in GitHub repository osticket/osticket prior to v1.16.6. id: CVE-2023-1318 info: name: osTicket v1.16.6 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross-site Scripting XSS - Generic in GitHub repository osticket/osticket prior to...

5.4CVSS6.2AI score0.01015EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago107 views

Adobe ColdFusion - Cross-Site Scripting

Adobe Coldfusion versions 2016 update 16 and earlier, 2018 update 10 and earlier and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code...

5.4CVSS6.7AI score0.37095EPSS
Exploits0References5
Nuclei
Nuclei
added 9 hours ago48 views

AvantFAX 3.3.3 - Cross-Site Scripting

AvantFAX 3.3.3 contains a cross-site scripting vulnerability via an arbitrary parameter name submitted to the default URL, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1. id: CVE-2017-18024 info: name: AvantFAX 3.3.3 - Cross-Site Scripting author: pikpikc...

6.1CVSS6.4AI score0.04531EPSS
Exploits2References5
Nuclei
Nuclei
added 9 hours ago82 views

osTicket < 1.12.1 - Cross-Site Scripting

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the...

6.1CVSS6.7AI score0.11687EPSS
Exploits4References5
Nuclei
Nuclei
added 9 hours ago45 views

WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting

WordPress amty-thumb-recent-post plugin 8.1.3 contains a cross-site scripting vulnerability via the query string to amtyThumbPostsAdminPg.php. id: CVE-2017-17059 info: name: WordPress amtyThumb Posts 8.1.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress...

6.1CVSS6.4AI score0.03419EPSS
Exploits1References4
Nuclei
Nuclei
added 9 hours ago52 views

FineCMS <=5.0.10 - Cross-Site Scripting

FineCMS through 5.0.10 contains a cross-site scripting vulnerability in controllers/api.php via the function parameter in a c=api&m=data2 request. id: CVE-2017-11629 info: name: FineCMS =5.0.11 which includes a fix for this vulnerability. reference: -...

6.1CVSS6.4AI score0.01937EPSS
Exploits1References4
Nuclei
Nuclei
added 9 hours ago81 views

Gryphon Tower - Cross-Site Scripting

Gryphon Tower router web interface contains a reflected cross-site scripting vulnerability in the url parameter of the /cgi-bin/luci/siteaccess/ page. An attacker can exploit this issue by tricking a user into following a specially crafted link, granting the attacker JavaScript execution in the...

6.1CVSS6.4AI score0.02557EPSS
Exploits1References4
Nuclei
Nuclei
added 9 hours ago78 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS6.1AI score0.01331EPSS
Exploits1References2
Rows per page
Query Builder