Lucene search
K

354 matches found

CNNVD
CNNVD
added 2026/03/11 12:0 a.m.6 views

weimai-wetapp SQL注入漏洞

Weimai-Wetapp is a movie ticket purchasing mini-program and backend management system developed by MO-KE individuals. Weimai-Wetapp has a SQL injection vulnerability, which stems from incorrect handling of the keyword parameter in the getAdmins function of the...

5.8CVSS5.9AI score0.00202EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.5 views

CVE-2019-25445

Fiverr Clone Script 1.2.2 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft URLs with script tags in the keyword parameter of search-results.php to execute arbitrary JavaScript...

6.1CVSS5.6AI score0.00212EPSS
Exploits1References1
OSV
OSV
added 2026/02/20 7:23 p.m.5 views

CVE-2019-25445

Fiverr Clone Script 1.2.2 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft URLs with script tags in the keyword parameter of search-results.php to execute arbitrary JavaScript...

6.1CVSS5.9AI score0.00212EPSS
Exploits1References2
NVD
NVD
added 2026/02/20 7:23 p.m.9 views

CVE-2019-25445

Fiverr Clone Script 1.2.2 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft URLs with script tags in the keyword parameter of search-results.php to execute arbitrary JavaScript...

6.1CVSS0.00212EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/20 6:18 p.m.25 views

CVE-2019-25445 Fiverr Clone Script 1.2.2 Cross-Site Scripting via search-results.php

Fiverr Clone Script 1.2.2 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft URLs with script tags in the keyword parameter of search-results.php to execute arbitrary JavaScript...

6.1CVSS0.00212EPSS
Exploits1References2
CVE
CVE
added 2026/02/20 6:18 p.m.12 views

CVE-2019-25445

Fiverr Clone Script 1.2.2 contains a cross-site scripting (XSS) vulnerability in the keyword parameter of search-results.php. Unauthenticated attackers can craft URLs with script tags in the keyword parameter to execute arbitrary JavaScript in users’ browsers. CVSS data provided: CVSS v4.0 base s...

6.1CVSS5.6AI score0.00212EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/20 6:18 p.m.6 views

CVE-2019-25445 Fiverr Clone Script 1.2.2 Cross-Site Scripting via search-results.php

Fiverr Clone Script 1.2.2 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft URLs with script tags in the keyword parameter of search-results.php to execute arbitrary JavaScript...

6.1CVSS5.5AI score0.00212EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.10 views

Phpscriptsmall Fiverr Clone Script 跨站脚本漏洞

Phpscriptsmall Fiverr Clone Script is a set of software scripts developed by Phpscriptsmall. The Phpscriptsmall Fiverr Clone Script 1.2.2 version contains a cross-site scripting vulnerability. This vulnerability stems from the keyword parameter being susceptible to cross-site scripting attacks,...

6.1CVSS5.9AI score0.00212EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.5 views

PT-2026-21284

Fiverr Clone Script 1.2.2 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft URLs with script tags in the keyword parameter of search-results.php to execute arbitrary JavaScript...

6.1CVSS5.5AI score0.00212EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.9 views

JeecgBoot SQL注入漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier contain an SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter “keyword” in the...

8.8CVSS6.7AI score0.00361EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/19 7:28 a.m.6 views

CVE-2026-1931

The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' parameter in all versions up to, and including, 0.32.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated attackers to...

7.2CVSS5.7AI score0.00313EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/18 7:37 a.m.6 views

WordPress Rent Fetch plugin <= 0.32.4 - Unauthenticated Stored Cross-Site Scripting via 'keyword' Parameter vulnerability

Unauthenticated Stored Cross-Site Scripting via 'keyword' Parameter vulnerability discovered by WordFence in WordPress Plugin Rent Fetch versions = 0.32.6...

7.2CVSS5.5AI score0.00313EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/18 5:16 a.m.5 views

CVE-2026-1931

The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' parameter in all versions up to, and including, 0.32.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated attackers to...

7.2CVSS5.8AI score
Exploits0References5
NVD
NVD
added 2026/02/18 5:16 a.m.4 views

CVE-2026-1931

The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' parameter in all versions up to, and including, 0.32.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated attackers to...

7.2CVSS0.00313EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/18 4:35 a.m.3 views

CVE-2026-1931 Rent Fetch <= 0.32.4 - Unauthenticated Stored Cross-Site Scripting via 'keyword' Parameter

The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' parameter in all versions up to, and including, 0.32.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated attackers to...

7.2CVSS5.7AI score0.00313EPSS
Exploits0References5
CVE
CVE
added 2026/02/18 4:35 a.m.9 views

CVE-2026-1931

The affected software is the Rent Fetch plugin for WordPress. The CVE describes a Stored Cross‑Site Scripting flaw via the keyword parameter in all versions up to 0.32.4 caused by insufficient input sanitization and output escaping on user-supplied attributes. Unauthenticated attackers can inject...

7.2CVSS5.7AI score0.00313EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/18 4:35 a.m.23 views

CVE-2026-1931 Rent Fetch <= 0.32.4 - Unauthenticated Stored Cross-Site Scripting via 'keyword' Parameter

The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' parameter in all versions up to, and including, 0.32.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated attackers to...

7.2CVSS0.00313EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.6 views

PT-2026-20292

Name of the Vulnerable Software and Affected Versions Rent Fetch plugin for WordPress versions up to and including 0.32.4 Description The Rent Fetch plugin for WordPress is susceptible to Stored Cross-Site Scripting through the keyword parameter. This is due to inadequate input sanitization and...

7.2CVSS5.7AI score0.00313EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.7 views

PT-2026-5957

Name of the Vulnerable Software and Affected Versions TOTOLINK A950RG version 4.1.2cu.5204 B20210112 Description A buffer overflow issue exists in the setParentalRules interface. The urlKeyword parameter does not undergo proper validation. The system concatenates multiple user-supplied values int...

6.5CVSS6.3AI score0.00425EPSS
Exploits1References3
CVE
CVE
added 2026/02/03 12:0 a.m.9 views

CVE-2025-67189

CVE-2025-67189 affects TOTOLINK A950RG, specifically the setParentalRules interface where the urlKeyword parameter is not properly validated. The vulnerability arises from concatenating multiple user-supplied fields into a fixed-size stack buffer without boundary checks, enabling a remote attacke...

6.5CVSS6.3AI score0.00425EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder