Lucene search
K

217 matches found

NVD
NVD
added 2015/02/25 10:59 p.m.24 views

CVE-2015-2083

Cross-site request forgery CSRF vulnerability in Ilch CMS allows remote attackers to hijack the authentication of administrators for requests that add a value to a profile field via a profilefields request to admin.php...

6.8CVSS7AI score0.00641EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2015/02/25 10:59 p.m.3 views

CVE-2015-2083

Cross-site request forgery CSRF vulnerability in Ilch CMS allows remote attackers to hijack the authentication of administrators for requests that add a value to a profile field via a profilefields request to admin.php...

6.8CVSS5.6AI score0.00641EPSS
Exploits1References3
Drupal
Drupal
added 2015/01/14 12:0 a.m.22 views

SA-CONTRIB-2015-022 - nodeauthor - Cross Site Scripting (XSS) - Unsupported

This module displays node author information in a jQuery slider. The module doesn't sufficiently sanitize Profile2 fields in a provided block. This vulnerability is mitigated by the fact that an attacker must have a user account allowed to edit profile fields. CVE identifiers issued CVE-2015-3365...

3.5CVSS6AI score0.00954EPSS
Exploits0References8
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

CustomCMS Persistent XSS Vulnerability

No description provided by source. 1 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 vendor URL :http://customcms.net/ Price:55$ Author : Sid3^effects aKa HaRi special thanks to : r0073r inj3ct0r.com,L0rd...

7.1AI score
Exploits0
NVD
NVD
added 2007/10/18 8:17 p.m.13 views

CVE-2007-5564

Multiple cross-site scripting XSS vulnerabilities in NSSboard formerly Simple PHP Forum 6.1 allow remote attackers to inject arbitrary web script or HTML via 1 HTML tags when BBcode is disabled; or the 2 user, 3 email, or 4 Real Name fields in a profile...

2.6CVSS5.8AI score0.01028EPSS
Exploits0References4
Cvelist
Cvelist
added 2007/10/18 8:0 p.m.18 views

CVE-2007-5564

Multiple cross-site scripting XSS vulnerabilities in NSSboard formerly Simple PHP Forum 6.1 allow remote attackers to inject arbitrary web script or HTML via 1 HTML tags when BBcode is disabled; or the 2 user, 3 email, or 4 Real Name fields in a profile...

5.8AI score0.01028EPSS
Exploits0References4
Cvelist
Cvelist
added 2007/09/17 5:0 p.m.20 views

CVE-2007-4912

Cross-site scripting XSS vulnerability in ipskernel/classajax.php in Invision Power Board IPB or IP.Board 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8...

5.6AI score0.01065EPSS
Exploits0References5
NVD
NVD
added 2007/02/24 1:28 a.m.14 views

CVE-2006-7059

Multiple cross-site scripting XSS vulnerabilities in Scriptsez.net E-Dating System allow remote attackers to inject arbitrary web script or HTML via encoded entities &0000039 in IMG tags to 1 messages, 2 profile fields, or 3 the id parameter in a dologin operation to cindex.php...

4.3CVSS5.8AI score0.01107EPSS
Exploits1References5
Cvelist
Cvelist
added 2007/02/24 1:0 a.m.19 views

CVE-2006-7059

Multiple cross-site scripting XSS vulnerabilities in Scriptsez.net E-Dating System allow remote attackers to inject arbitrary web script or HTML via encoded entities &0000039 in IMG tags to 1 messages, 2 profile fields, or 3 the id parameter in a dologin operation to cindex.php...

5.8AI score0.01107EPSS
Exploits1References5
Cvelist
Cvelist
added 2007/02/15 2:0 a.m.19 views

CVE-2006-7023

Multiple cross-site scripting XSS vulnerabilities in fx-APP 0.0.8.1 allow remote attackers to inject arbitrary HTML or web script via 1 the search box, and the 2 url, 3 website, 4 comment, and 5 signature fields in the profile, and possibly 6 a menu item...

6AI score0.01065EPSS
Exploits0References5
NVD
NVD
added 2006/12/29 11:28 a.m.17 views

CVE-2006-6820

myprofile.asp in Enthrallweb eCoupons does not properly validate the MMrecordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MMrecordId parameter...

3.5CVSS6.2AI score0.01662EPSS
Exploits0References4
Cvelist
Cvelist
added 2006/12/29 11:0 a.m.22 views

CVE-2006-6821

myprofile.asp in Enthrallweb eNews does not properly validate the MMrecordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MMrecordId parameter...

6.2AI score0.01662EPSS
Exploits0References4
Cvelist
Cvelist
added 2006/12/29 11:0 a.m.19 views

CVE-2006-6822

myprofile.asp in Enthrallweb eClassifieds does not properly validate the MMrecordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MMrecordId parameter...

6.2AI score0.01652EPSS
Exploits0References3
NVD
NVD
added 2006/06/30 11:5 p.m.17 views

CVE-2006-3327

Cross-site scripting XSS vulnerability in Custom dating biz dating script 1.0 allows remote attackers to inject arbitrary web script or HTML via the 1 sn20specialcases parameter "Special Cases" field in profile/mini.php, 2 tyxx01albumname parameter "Album Name" field in profile/photocreate.php, a...

4.3CVSS5.7AI score0.01275EPSS
Exploits0References6
NVD
NVD
added 2006/04/18 10:2 a.m.14 views

CVE-2006-1810

Multiple cross-site scripting XSS vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to inject arbitrary web script or HTML via the 1 ICQ, 2 AIM, 3 MSN, 4 Google Talk, 5 Website Name, 6 Website Address, 7 Email Address, 8 Location, 9 Signature, and 10 Sub-Titles fields in the user profil...

1.9CVSS5.8AI score0.00433EPSS
Exploits0References2
NVD
NVD
added 2004/08/16 4:0 a.m.21 views

CVE-2004-1716

Cross-site scripting XSS vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the 1 IRC Server or 2 AIM ID fields in the user profile...

6.8CVSS5.7AI score0.0235EPSS
Exploits1References7
exploitpack
exploitpack
added 2002/08/24 12:0 a.m.13 views

PHPReactor 1.2.7 - Style Attribute HTML Injection

PHPReactor 1.2.7 - Style Attribute HTML Injection source: https://www.securityfocus.com/bid/5569/info phpReactor does not sufficiently sanitize HTML from various fields such as in the body of a message or in profile fields. It is possible to inject arbitrary HTML and script code into these fields...

0.1AI score
Exploits0
Rows per page
Query Builder