Lucene search
K

198 matches found

OSV
OSV
added 2023/05/30 10:15 p.m.3 views

CVE-2023-33734

BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php...

9.8CVSS5.8AI score0.00752EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/05/30 12:0 a.m.9 views

CVE-2023-33734

BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php...

8.3AI score0.00752EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/05/30 12:0 a.m.5 views

BlueCMS SQL注入漏洞

BlueCMS is a content management system CMS based on PHP and MySQL. A security vulnerability exists in BlueCMS v1.6, which can be exploited for SQL injection via the keywords parameter in search.php...

9.8CVSS8.7AI score0.00752EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/05/30 12:0 a.m.6 views

PT-2023-24462 · Bluecms · Bluecms

Name of the Vulnerable Software and Affected Versions: BlueCMS version 1.6 Description: A SQL injection issue was found in BlueCMS via the keywords parameter at the "search.php" endpoint. Recommendations: For BlueCMS version 1.6, avoid using the keywords parameter in the "search.php" endpoint unt...

9.8CVSS8.3AI score0.00752EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/05/30 12:0 a.m.22 views

CVE-2023-33734

BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php...

10AI score0.00752EPSS
Exploits1References1
OSV
OSV
added 2023/04/04 6:15 p.m.7 views

CVE-2023-27091

An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameters...

7.2CVSS5.8AI score0.00702EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/04/04 12:0 a.m.11 views

CVE-2023-27091

An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameters...

7.1AI score0.00702EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/04/04 12:0 a.m.22 views

CVE-2023-27091

An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameters...

7.3AI score0.00702EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/04/04 12:0 a.m.6 views

XiaoBingby TeaCMS 授权问题漏洞

XiaoBingBy TeaCMS is a blog system by xiaobingby personal developer. A security vulnerability exists in XiaoBingby TeaCMS 2.3.3, which stems from an unauthorized access issue in the system that can be exploited by an attacker to elevate privileges via the id and keywords parameters...

7.2CVSS7AI score0.00702EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/03/03 12:0 a.m.5 views

Zhongbang CRMEB SQL注入漏洞

Zhongbang CRMEB is an open source e-commerce management system from Zhongbang Networks Zhongbang in Xi'an, China. Zhong Bang CRMEB Java version 1.3.4 suffers from a SQL injection vulnerability, which stems from the operation of the parameter keywords can lead to sql injection...

7.2CVSS6.3AI score0.00763EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/03/03 12:0 a.m.3 views

PT-2023-16793 · Zhong Bang · Zhong Bang Crmeb Java

Name of the Vulnerable Software and Affected Versions: Zhong Bang CRMEB Java version 1.3.4 Description: A critical issue has been found, affecting the /api/admin/system/store/order/list endpoint. The manipulation of the keywords argument leads to SQL injection. The exploit has been disclosed to t...

7.2CVSS6.3AI score0.00763EPSS
Exploits1References6
OSV
OSV
added 2022/12/05 11:15 p.m.12 views

CVE-2022-45019

SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter...

7.5CVSS8.2AI score
Exploits0References1
NVD
NVD
added 2022/12/05 11:15 p.m.14 views

CVE-2022-45019

SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter...

7.5CVSS0.00751EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/12/05 12:0 a.m.4 views

SLiM SQL注入漏洞

SLiM Simple Login Manager is a simple, lightweight and easy to configure login manager. A security vulnerability exists in SLiM 9 Bulian v9.5.0, which originates from SQL injection via the keywords parameter...

7.5CVSS7.6AI score0.00751EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/12/05 12:0 a.m.21 views

CVE-2022-45019

SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter...

8AI score0.00751EPSS
Exploits1References1
Snyk
Snyk
added 2022/05/24 7:10 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the keywords parameter in the management toolbar search. An attacker can execute arbitrary web scripts or inject HTML by supplying crafted input. Details Cross-site scripting or XSS is a code vulnerability...

6.1CVSS5.4AI score0.0075EPSS
Exploits0References2
OSV
OSV
added 2022/03/04 12:0 a.m.1 views

GHSA-9536-M86R-Q297 Liferay Portal vulnerable to cross-site scripting (XSS) via the keywords parameter

Liferay Portal v7.4.1 and below was discovered to contain a cross-site scripting XSS vulnerability via the keywords parameter under the Frontend Taglib module before 7.1.15...

6.1CVSS6AI score0.00721EPSS
Exploits0References4
Prion
Prion
added 2022/03/03 12:15 a.m.24 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 and 7.4.1 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the keywords parameter. This issue is caused by an incomplete fix in CVE-2021-35463...

4.3CVSS6AI score0.0075EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/03/02 11:6 p.m.33 views

CVE-2021-38264

Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 and 7.4.1 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the keywords parameter. This issue is caused by an incomplete fix in CVE-2021-35463...

6.2AI score0.00721EPSS
Exploits0References1
CVE
CVE
added 2022/03/02 11:6 p.m.98 views

CVE-2021-38264

CVE-2021-38264 affects Liferay Portal’s Frontend Taglib module in versions 7.4.0 and 7.4.1 , enabling XSS via the management toolbar search keywords parameter . The issue stems from an incomplete fix in CVE-2021-35463. The Connected documents confirm the affected product/version and the underlyin...

6.1CVSS6AI score0.00721EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder