Lucene search
K

37 matches found

Cvelist
Cvelist
added 2024/04/17 12:0 a.m.23 views

CVE-2024-32746

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the MENU parameter under the Menu module...

5.7AI score0.00454EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2023/11/14 12:0 a.m.20 views

Webpushr < 4.35.0 - LFI via CSRF

Description The plugin does not have CSRF check in its wppsavesettings function, and does not validate the menu parameter, allowing attackers to make logged in users admins perform LFI attacks via CSRF...

8.8CVSS7AI score0.00316EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.2 views

WordPress Plugin Advanced Menu Widget Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.4CVSS5.9AI score0.00352EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/08/18 12:0 a.m.4 views

D-Link DAP-2020 安全漏洞

The D-Link DAP-2020 is a wireless N access point. The D-Link DAP-2020 is vulnerable to a stack buffer overflow vulnerability caused by incorrect boundary checking of the var:menu parameter in the webproc endpoint, which could be exploited by an attacker to cause a buffer overflow and execute...

8.8CVSS6.7AI score0.00794EPSS
Exploits0References4
NVD
NVD
added 2020/05/06 7:15 p.m.11 views

CVE-2020-12669

core/getmenudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter...

8.8CVSS8.2AI score0.01955EPSS
Exploits0References2
OSV
OSV
added 2020/05/06 7:15 p.m.15 views

CVE-2020-12669

core/getmenudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter...

8.8CVSS6.5AI score
Exploits0References2
OSV
OSV
added 2020/05/06 7:15 p.m.1 views

UBUNTU-CVE-2020-12669

core/getmenudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter...

8.8CVSS7.3AI score0.01955EPSS
Exploits0References4
CNVD
CNVD
added 2019/01/03 12:0 a.m.2 views

Cagintranet Networks GetSimple CMS Cross-Site Scripting Vulnerability (CNVD-2019-00386)

Cagintranet Networks GetSimple CMS is an XML-based content management system CMS from Cagintranet Networks, USA. The system includes a theme selector and editor, component editor, image and file managers, and more. A cross-site scripting vulnerability exists in Cagintranet Networks GetSimple CMS...

5.4CVSS6.3AI score0.0057EPSS
Exploits1References1
CNVD
CNVD
added 2017/10/31 12:0 a.m.3 views

Zomato Clone Script SQL Injection Vulnerability

Zomato Clone Script is a clone script. A SQL injection vulnerability exists in the restaurant-menu.php resid parameter of Zomato Clone Script, which can be exploited by an attacker to access or modify database data...

9.8CVSS8.1AI score0.02652EPSS
Exploits5References1
Openbugbounty
Openbugbounty
added 2017/07/04 11:20 a.m.10 views

parcol.com XSS vulnerability

Vulnerable URL: http://parcol.com/index.asp?menu=1"...

6.9AI score
Exploits0
Prion
Prion
added 2012/12/19 11:55 a.m.12 views

Sql injection

SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 fixed in Centreon web 2.6.0 allows remote authenticated users to execute arbitrary SQL commands via the menu parameter...

6.5CVSS8.4AI score0.0331EPSS
Exploits4References3Affected Software1
NVD
NVD
added 2009/07/05 4:30 p.m.20 views

CVE-2009-2330

Cross-site scripting XSS vulnerability in admin/adminmenu.php in CMS Chainuk 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter...

4.3CVSS5.7AI score0.02331EPSS
Exploits0References2
Prion
Prion
added 2009/03/02 4:30 p.m.13 views

Sql injection

SQL injection vulnerability in home.html in Xpoze Pro 4.10 allows remote attackers to execute arbitrary SQL commands via the menu parameter...

7.5CVSS9.1AI score0.00973EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2007/04/10 11:19 p.m.15 views

Directory traversal

Directory traversal vulnerability in index.php in witshare 0.9 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the menu parameter...

7.5CVSS7.6AI score0.02938EPSS
Exploits0References6Affected Software1
0day.today
0day.today
added 2007/04/08 12:0 a.m.20 views

WitShare 0.9 (index.php menu) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ================================================================ WitShare 0.9 index.php menu Local File Inclusion Vulnerability ================================================================ """"""""""""""""""""""""""""""""""""""""""""""...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2006/12/26 12:0 a.m.4 views

PT-2006-7341 · Unknown · Phpprofiles

Name of the Vulnerable Software and Affected Versions: phpProfiles versions 3.1.2b and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter to various PHP files, including "include/body.inc.php" and "include/body admin.inc.php", or a...

7.5CVSS7.4AI score0.091EPSS
Exploits1References22
Cvelist
Cvelist
added 2006/06/22 10:0 p.m.13 views

CVE-2006-3151

Cross-site scripting XSS vulnerability in index.php in AssoCIateD aka ACID 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter...

5.7AI score0.01845EPSS
Exploits0References6
Rows per page
Query Builder