CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

XBMC version 11.0 contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the server fails to properly sanitize URI input, allowing authenticated users to request files outside the intended document root. An attacker can exploit this flaw ...

7.1CVSS5.9AI score0.6478EPSS

Exploits0References6

Packet Storm•added 2024/08/31 12:0 a.m.•175 views

MS15-134 Microsoft Windows Media Center MCL Information Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'cgi' class MetasploitModule 'MS15-134 Microsoft Windows Media Center MCL Information Disclosure', 'Description' = %q This module exploits a vulnerability found ...

4.3CVSS7.4AI score0.72017EPSS

Exploits7

Packet Storm•added 2024/02/21 12:0 a.m.•304 views

OpenOLAT 18.1.5 Cross Site Scripting / Privilege Escalation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Stored Cross-Site Scripting Vulnerabilities product: OpenOLAT Frentix GmbH vulnerable version: = 18.1.4 and = 18.1.5 fixed version: 18.1.6 / 18.2 CVE number:...

7.4AI score0.00226EPSS

Exploits4

OSV•added 2024/02/20 8:15 a.m.•3 views

CVE-2024-25974

The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting XSS vulnerability. It is possible to upload files within the Media Center of OpenOlat version 18.1.5 or lower as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing a...

5.4CVSS4.9AI score

Exploits0References2

NVD•added 2024/02/20 8:15 a.m.•7 views

CVE-2024-25974

5.4CVSS4.8AI score0.00226EPSS

Exploits3References2

Prion•added 2024/02/20 8:15 a.m.•15 views

Cross site scripting

5.1AI score0.00226EPSS

Exploits3References2

Vulnrichment•added 2024/02/20 8:2 a.m.•8 views

CVE-2024-25974 Stored Cross-Site Scripting (XSS) within the Media Center

5AI score0.00226EPSS

Exploits3References2

Cvelist•added 2024/02/20 8:2 a.m.•15 views

CVE-2024-25974 Stored Cross-Site Scripting (XSS) within the Media Center

4.9AI score0.00226EPSS

Exploits3References2

Positive Technologies•added 2024/02/20 12:0 a.m.•3 views

PT-2024-21248 · Openolat · Openolat

Name of the Vulnerable Software and Affected Versions: OpenOlat versions 18.1.5 and lower Description: The issue is a stored Cross-Site Scripting XSS vulnerability. It allows authenticated users to upload files within the Media Center without additional rights. Although file types are limited, an...

5.4CVSS5.2AI score0.00226EPSS

Exploits3References8

CNNVD•added 2024/02/20 12:0 a.m.•1 views

OpenOLAT Cross-Site Scripting Vulnerability

OpenOLAT is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a Learning Management System. A cross-site scripting vulnerability exists in OpenOLAT that stems from allowing files to be uploaded within the Media Center without any other privileges...

5.4CVSS6.2AI score0.00226EPSS

Exploits3References4

OSV•added 2022/06/15 10:15 p.m.•0 views

CVE-2022-30135

Windows Media Center Elevation of Privilege Vulnerability...

7.8CVSS7.2AI score0.00343EPSS

Exploits0References2

ATTACKERKB•added 2022/06/15 10:15 p.m.•0 views

CVE-2022-30135

Windows Media Center Elevation of Privilege Vulnerability...

7.8CVSS7.1AI score0.00343EPSS

Exploits0References3Affected Software9