Lucene search
K

38 matches found

OSV
OSV
added 2022/12/07 2:15 p.m.3 views

CVE-2022-45217

A cross-site scripting XSS vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under the Add New System User module...

5.4CVSS5.9AI score0.00548EPSS
Exploits1References2
Prion
Prion
added 2022/12/07 2:15 p.m.17 views

Cross site scripting

A cross-site scripting XSS vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under the Add New System User module...

4.9CVSS5.3AI score0.00548EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/12/07 12:0 a.m.2 views

Book Store Management System 跨站脚本漏洞

Book Store Management System is an online bookstore system by Carlo Montero Personal Developer. A security vulnerability exists in Book Store Management System v1.0.0. An attacker can exploit this vulnerability by injecting a specially crafted payload into the Level parameter under the Add New...

5.4CVSS6.2AI score0.00548EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/05/17 12:0 a.m.4 views

Jenkins Promoted Builds (Simple) Plugin 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...

5.4CVSS5.4AI score0.00715EPSS
Exploits0References3
OSV
OSV
added 2022/02/16 12:8 a.m.2 views

GHSA-673J-QM5F-XPV8 pgjdbc Arbitrary File Write Vulnerability

Overview The connection properties for configuring a pgjdbc connection are not meant to be exposed to an unauthenticated attacker. While allowing an attacker to specify arbitrary connection properties could lead to a compromise of a system, that's a defect of an application that allows...

9.8CVSS7.3AI score0.02928EPSS
Exploits0References3
Prion
Prion
added 2019/05/15 8:29 p.m.9 views

Authentication flaw

The Face authentication component in Aware mobile liveness 2.2.1 sdk 2.2.0 for Knomi allows a Biometrical Liveness authentication bypass via parameter tampering of the /knomi/analyze securitylevel field...

5CVSS7.7AI score0.0214EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2019/02/04 7:29 p.m.4 views

UBUNTU-CVE-2019-7339

POST - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log log.php because proper filtration is omitted...

6.1CVSS7AI score0.00874EPSS
Exploits1References3
OSV
OSV
added 2019/02/04 7:29 p.m.3 views

DEBIAN-CVE-2019-7339

POST - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log log.php because proper filtration is omitted...

6.1CVSS8.2AI score0.00874EPSS
Exploits1References1
NVD
NVD
added 2017/03/12 5:59 a.m.17 views

CVE-2017-6823

Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action...

8.8CVSS8.5AI score0.08041EPSS
Exploits2References3
Prion
Prion
added 2017/03/12 5:59 a.m.13 views

Design/Logic Flaw

Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action...

6.5CVSS8.4AI score0.08041EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2017/03/12 4:57 a.m.64 views

CVE-2017-6823

CVE-2017-6823 affects Fiyo CMS 2.0.6.1. A remote authenticated user can gain privileges by manipulating the level parameter in dapur/ (app=user&act=edit), abusing the system’s user-group handling to escalate access. Exploit references exist (Exploit-DB, PRION). No patch details are provided in th...

8.8CVSS8.4AI score0.08041EPSS
Exploits2References3Affected Software1
CNVD
CNVD
added 2017/03/12 12:0 a.m.2 views

SQL Injection Vulnerability in Webservice of Wando ezOFFICE Collaboration Office System

Wando ezOFFICE collaborative management platform is a comprehensive information base application platform. A SQL injection vulnerability exists in the Wando ezOFFICE Collaborative Office System webservice. The lack of filtering of the 'SOAP unitLevel' parameter allows attackers to exploit the...

7.6AI score
Exploits0
UbuntuCve
UbuntuCve
added 2012/11/21 12:0 a.m.35 views

CVE-2012-5833

The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, which allows remote attackers to execute...

9.3CVSS7.4AI score0.0483EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2011/10/09 12:0 a.m.4 views

PT-2011-1866 · Php Fusion · Php-Fusion

Name of the Vulnerable Software and Affected Versions: PHP-Fusion affected versions not specified Description: A directory traversal issue in maincore.php allows remote attackers to include and execute arbitrary local files via a .. dot dot in the folder level parameter. This issue has been...

10CVSS7.5AI score0.16398EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2007/10/05 12:0 a.m.6 views

PT-2007-6317 · Ossigeno · Ossigeno Cms

Name of the Vulnerable Software and Affected Versions: Ossigeno CMS version 2.2 alpha3 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the level parameter in the upload/common/footer.php file. Recommendations: For Ossigeno CMS version 2.2 alpha3, consider...

7.5CVSS7.2AI score0.42308EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2007/09/26 11:17 p.m.20 views

CVE-2007-5109

Cross-site request forgery CSRF vulnerability in index.php in FlatNuke 2.6, and possibly 3, allows remote attackers to change the password and privilege level of arbitrary accounts via the user parameter and modified 1 regpass and 2 level parameters in a noneLogin action, as demonstrated by using...

4.3CVSS6.1AI score0.00556EPSS
Exploits0References1
NVD
NVD
added 2007/09/26 11:17 p.m.18 views

CVE-2007-5109

Cross-site request forgery CSRF vulnerability in index.php in FlatNuke 2.6, and possibly 3, allows remote attackers to change the password and privilege level of arbitrary accounts via the user parameter and modified 1 regpass and 2 level parameters in a noneLogin action, as demonstrated by using...

4.3CVSS7.4AI score0.00556EPSS
Exploits0References5
OSV
OSV
added 2007/09/26 11:17 p.m.3 views

UBUNTU-CVE-2007-5109

Cross-site request forgery CSRF vulnerability in index.php in FlatNuke 2.6, and possibly 3, allows remote attackers to change the password and privilege level of arbitrary accounts via the user parameter and modified 1 regpass and 2 level parameters in a noneLogin action, as demonstrated by using...

4.3CVSS6AI score0.00556EPSS
Exploits0References2
Rows per page
Query Builder