Lucene search
+L

276 matches found

OSV
OSV
added 2023/02/07 11:15 p.m.3 views

CVE-2023-23026

Cross site scripting XSS vulnerability in sourcecodester oretnom23 sales management system 1.0, allows attackers to execute arbitrary code via the productname and productprice inputs in file print.php...

6.1CVSS6.5AI score0.00534EPSS
Exploits1References1
NVD
NVD
added 2023/01/26 9:15 p.m.22 views

CVE-2020-22327

An issue was discovered in HFish 0.5.1. When a payload is inserted where the name is entered, XSS code is triggered when the administrator views the information...

6.1CVSS6.1AI score0.00551EPSS
Exploits1References1
OSV
OSV
added 2023/01/20 5:15 p.m.7 views

CVE-2021-26644

SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running...

9.8CVSS6.4AI score0.00891EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/01/18 12:0 a.m.5 views

Sewio Real-Time Location System (RTLS) Studio 操作系统命令注入漏洞

Sewio Real-Time Location System RTLS Studio is a real-time location system from Sewio, Inc. An operating system command injection vulnerability exists in Sewio Real-Time Location System RTLS Studio versions 2.0.0 through 2.6.2, which originates from not properly validating an input module name to...

9.1CVSS7.4AI score0.01236EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/07 12:0 a.m.3 views

Event Management System 跨站脚本漏洞

Event Management System is an event management system. A cross-site scripting XSS vulnerability exists in SourceCodester Royale Event Management System version 1.0, which originates from an unknown function in the file /royalevent/companyprofile.php, where manipulation of the parameters...

6.1CVSS3.9AI score0.00657EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/12/30 12:0 a.m.5 views

TRENDnet TEW-755AP 缓冲区错误漏洞

The TRENDnet TEW-755AP is a router from TRENDnet. The TRENDnet TEW-755AP suffers from a stack overflow vulnerability that stems from a lack of size checking of input data in the loginname parameter of the dographauth sub4061E0 function, which can be exploited by an attacker to execute arbitrary...

9.8CVSS7.9AI score0.00873EPSS
Exploits1References2
Huntr
Huntr
added 2022/12/19 4:3 p.m.19 views

Stored XSS in admin panel (users page)

Description Stored XSS in admin panel in users page via inject XSS payload in Name input field by any user to affect the admin panel Proof of Concept https://drive.google.com/file/d/1EsYq3R6GRAdEbpZxp2RwQwGr4G8fJGB7/view?usp=sharing...

4.9CVSS5.2AI score0.00487EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2022/12/02 8:0 a.m.3 views

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.

...

7.8CVSS7.7AI score0.0063EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2022/10/18 12:0 a.m.12 views

PT-2022-22980 · Unknown · Sourcecodester Simple Cold Storage Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Cold Storage Management System version 1.0 Description: A vulnerability was found in the My Account component, where the manipulation of the First Name argument leads to cross-site scripting. The attack can be launched...

5.4CVSS5.2AI score0.00459EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/10/13 12:0 a.m.5 views

Liferay DXP 跨站脚本漏洞

Liferay DXP is a digital experience collaboration platform from Liferay, Inc. A security vulnerability exists in Liferay DXP version 7.3.10 SP3, Liferay Portal versions 7.3.0 through 7.4.0, which originates from a vulnerability that could allow a remote attacker to inject arbitrary JS script or...

5.4CVSS5.9AI score0.00535EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2022/10/06 12:0 a.m.9 views

The vulnerability of the router.php implementation of the POST Parameter Handler in the Food Ordering Management System allows a perpetrator to execute arbitrary SQL code.

The vulnerability in the implementation of the router.php script of the POST Parameter Handler component of the Food Ordering Management System’s control system is related to insufficient cleaning of special elements during the processing of the user name parameter. Exploiting this vulnerability...

6.5CVSS8.2AI score0.00593EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/09/19 12:0 a.m.5 views

Tenda AC21 缓冲区错误漏洞

Tenda AC21 is a wireless router from Tenda China. Tenda AC21 version V16.03.08.15 contains a buffer overflow vulnerability, which originates from the lack of length checking of the formSetDeviceName function in /bin/httpd for input data, and can be exploited to cause httpd to restart via the...

7.5CVSS7.4AI score0.00857EPSS
Exploits1References2
OSV
OSV
added 2022/05/24 7:18 p.m.63 views

GHSA-CV24-VH45-4HJM Foxlor cross-site scripting (XSS) vulnerability

Multiple cross-site scripting XSS vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields...

5.4CVSS5.4AI score0.00576EPSS
Exploits1References3
OSV
OSV
added 2022/05/16 2:32 p.m.22 views

CVE-2022-1718 The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in polonel/trudesk

The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service DoS via a crafted HTTP request in GitHub repository polonel/trudesk prior to 1.2.2. This can lead to Denial of service...

7.2CVSS7AI score0.01007EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/05/13 1:28 a.m.26 views

SQL Injection in Zenario 7.1-7.6

Zenario v7.1 - v7.6 has SQL injection via the Name input field of organizer.php or adminboxes.ajax.php in the Categories - Edit module...

8.8CVSS8.1AI score0.00934EPSS
Exploits4References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/02/16 12:0 a.m.6 views

The vulnerability of the ChgSambaUserSettings() function implementation in D-Link DIR-823-Pro wireless router software allows a hacker to execute arbitrary commands.

The vulnerability of the ChgSambaUserSettings function in the microprogramming software for D-Link DIR-823-Pro wireless routers is related to insufficient cleaning of input data during the processing of the sambaname parameter. Exploiting this vulnerability allows a remote attacker to execute...

10CVSS8.1AI score0.03818EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/12/06 4:15 p.m.4 views

CVE-2021-24930

The WordPress Online Booking and Scheduling Plugin WordPress plugin before 20.3.1 does not escape the Staff Full Name field before outputting it back in a page, which could lead to a Stored Cross-Site Scripting issue...

5.4CVSS6.1AI score0.00604EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2021/11/15 12:0 a.m.11 views

The vulnerability in the software web interface of F-Secure Internet Gatekeeper allows a hacker to trigger a service failure.

The vulnerability of the F-Secure Internet Gatekeeper software’s web interface relates to the use of the assert function or similar operators when processing user name parameters. Exploiting this vulnerability allows a malicious actor to trigger a service failure by sending a specially crafted HT...

5.5CVSS7.2AI score0.00588EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2021/10/25 3:15 p.m.17 views

CVE-2020-20908

Akaunting v1.3.17 was discovered to contain a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field...

5.4CVSS0.00596EPSS
Exploits1References1
OSV
OSV
added 2021/10/25 3:15 p.m.6 views

CVE-2020-20908

Akaunting v1.3.17 was discovered to contain a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field...

5.4CVSS5.8AI score
Exploits0References1
Rows per page
Query Builder