CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

50 matches found

CNVD•added 2018/09/10 12:0 a.m.•3 views

FUEL CMS SQL Injection Vulnerability

FUEL CMS is a content management system based on CodeIgniter. FUEL CMS 1.4.1 suffers from a SQL injection vulnerability that can be exploited by an attacker via the layout, published or searchterm parameters of pages/items...

9.8CVSS9.9AI score0.0025EPSS

Exploits0References1

NVD•added 2018/09/09 9:29 p.m.•12 views

CVE-2018-16762

FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or searchterm parameter to pages/items...

9.8CVSS9.9AI score0.0025EPSS

Exploits0References1

Prion•added 2018/04/24 2:29 a.m.•10 views

Design/Logic Flaw

Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layoutname parameter, aka Edit Layout...

3.5CVSS4.8AI score0.00235EPSS

Exploits1References1Affected Software1

NVD•added 2014/01/29 6:55 p.m.•12 views

CVE-2013-4888

Cross-site scripting XSS vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page...

4.3CVSS5.5AI score0.00757EPSS

Exploits3References1

ATTACKERKB•added 2014/01/29 6:55 p.m.•2 views

CVE-2013-4888

Cross-site scripting XSS vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page...

4.3CVSS5.4AI score0.00757EPSS

Exploits3References2

Prion•added 2014/01/29 6:55 p.m.•11 views

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page...

4.3CVSS6AI score0.00757EPSS

Exploits3References1Affected Software1

CVE•added 2014/01/29 6:0 p.m.•49 views

CVE-2013-4888

CVE-2013-4888 (Digital Signage Xibo 1.4.2) is a documented XSS in index.php via the layout parameter on the layout page; CVE-2013-4889 describes CSRF that can hijack admin actions (e.g., AddUser) and, as noted, can enable XSS through the same page. Exploitation details are present (e.g., CSRF exp...

4.3CVSS5.7AI score0.00757EPSS

Exploits3References1Affected Software1

Cvelist•added 2014/01/29 6:0 p.m.•15 views

CVE-2013-4888

Cross-site scripting XSS vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page...

5.5AI score0.00757EPSS

Exploits3References1

Positive Technologies•added 2014/01/29 12:0 a.m.•2 views

PT-2014-2877

Name of the Vulnerable Software and Affected Versions Digital Signage Xibo version 1.4.2 Description A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page. This could potentially lead to unauthorized...

4.3CVSS5.5AI score0.00757EPSS

Exploits3References5

Prion•added 2010/03/15 9:30 p.m.•9 views

Directory traversal

Directory traversal vulnerability in index.php in SkaDate Dating allows remote attackers to read arbitrary files via a .. dot dot in the layout parameter...

5CVSS7.2AI score0.06131EPSS

Exploits1References5Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by