Lucene search
K

46 matches found

Positive Technologies
Positive Technologies
added 2023/06/19 12:0 a.m.8 views

PT-2023-24701 · Huawei · Hms Core

Name of the Vulnerable Software and Affected Versions: HMS Core affected versions not specified Description: The issue is related to a version update determination vulnerability in the user profile module. Successful exploitation of this vulnerability may cause repeated HMS Core updates and lead ...

7.5CVSS6.8AI score0.00437EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/06/19 12:0 a.m.11 views

CVE-2023-34162

Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail...

6.8AI score0.00437EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/06/05 12:0 a.m.4 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS has a security vulnerability that originates from a version upgrade judgment vulnerability in the user profile module, which can be exploite...

7.5CVSS7.3AI score0.00437EPSS
Exploits0References3
NVD
NVD
added 2022/03/29 6:15 a.m.22 views

CVE-2022-1087

A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The manipulation of the field Title with script tags leads to persistent cross site scripting. The attack may be initiated remotely and requires an authentication. A...

5.4CVSS0.00921EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/03/29 5:50 a.m.8 views

CVE-2022-1087 htmly Edit Profile Module cross site scripting

A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The manipulation of the field Title with script tags leads to persistent cross site scripting. The attack may be initiated remotely and requires an authentication. A...

3.5CVSS5.5AI score0.00921EPSS
Exploits1References3
CVE
CVE
added 2022/03/29 5:50 a.m.71 views

CVE-2022-1087

CVE-2022-1087 affects htmly 5.3, specifically the Edit Profile Module. The vulnerability enables persistent cross-site scripting by manipulating the Title field with script tags. Exploitation is remote and requires authentication; a POC has been publicly disclosed. Multiple connected sources corr...

5.4CVSS4.5AI score0.00921EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2022/03/29 12:0 a.m.4 views

htmly 跨站脚本漏洞

HTMLy is a PHP-based open source blogging platform. A security vulnerability exists in the Edit Profile Module of htmly version 5.3, which can lead to persistent cross-site scripting attacks...

5.4CVSS5.4AI score0.00921EPSS
Exploits1References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/08/02 7:42 a.m.4 views

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1782 Cross-site scripting vulnerability in Scheduler CWE-79 - CVE-2021-20753 CyVDB-2029 Improper input validation vulnerability in Workflow CWE-20 - CVE-2021-20754 CyVDB-2071 Viewing restrictions...

8CVSS6.5AI score0.00993EPSS
Exploits0References52
OSV
OSV
added 2021/07/23 6:15 p.m.3 views

CVE-2021-25791

Multiple stored cross site scripting XSS vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields...

5.4CVSS5.6AI score0.02535EPSS
Exploits3References3
CVE
CVE
added 2021/07/23 5:44 p.m.110 views

CVE-2021-25791

CVE-2021-25791 affects Online Doctor Appointment System 1.0 and describes multiple stored XSS in the Update Profile module. Vulnerable component: First Name, Last Name, and Address fields where user input is stored and later rendered. Impact: authenticated users can execute arbitrary web scripts ...

5.4CVSS5.5AI score0.02535EPSS
Exploits3References3Affected Software1
CNNVD
CNNVD
added 2021/07/23 12:0 a.m.7 views

Online Doctor Appointment System 跨站脚本漏洞

Online Doctor Appointment System is an online doctor appointment system developed using PHP, JavaScript and CSS. A cross-site scripting vulnerability exists in Online Doctor Appointment System 1.0 that allows an authenticated attacker to execute arbitrary web script or HTML via a crafted payload ...

5.4CVSS5.7AI score0.02535EPSS
Exploits3References4
CNNVD
CNNVD
added 2021/03/11 12:0 a.m.5 views

ImpressCMS 跨站脚本漏洞

ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums and photo albums. A cross-site scripting vulnerability exists in ImpressCMS profile version 1.4.2, which stems from a Display Name field that is not validly filtered for inpu...

5.4CVSS5.4AI score0.00867EPSS
Exploits1References3
0day.today
0day.today
added 2020/05/19 12:0 a.m.51 views

forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting Exploit Author: Daniel Ortiz Vendor Homepage: https://sourceforge.net/projects/forma/ Software link:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2020/05/18 12:0 a.m.163 views

Forma.LMS The E-Learning Suite 2.3.0.2 Cross Site Scripting

Exploit Title: forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting Date: 2020-05-15 Exploit Author: Daniel Ortiz Vendor Homepage: https://sourceforge.net/projects/forma/ Software link: https://sourceforge.net/projects/forma/files/latest/download Tested on: XAMPP for Linux 64b...

7.4AI score
Exploits0
OSV
OSV
added 2020/02/19 5:22 p.m.2 views

DRUPAL-CONTRIB-2020-004

The Profile module enables you to allow users to have configurable user profiles. The module doesn't sufficiently check access when creating a user profile. Users with the "create profiles" permission could create profiles for any users...

6.6AI score
Exploits0References1
OSV
OSV
added 2017/08/02 5:29 a.m.13 views

CVE-2017-12138

XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter...

6.1CVSS6.6AI score
Exploits0References2
CNVD
CNVD
added 2017/08/02 12:0 a.m.3 views

XOOPS Core /modules/profile/index.php redirection vulnerability

XOOPS is XOOPS team development and maintenance of a set of open source PHP and MySQL based content management system . XOOPS /modules/profile/index.php file has a redirection vulnerability that allows attackers to construct malicious URIs, entice users to parse, redirect users to any WEB site fo...

6.1CVSS6.7AI score0.03406EPSS
Exploits0References1
CNVD
CNVD
added 2015/11/19 12:0 a.m.3 views

Drupal UC Profile Module Information Disclosure Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.UC Profile is one of the modules used to create and configure user profiles and files. An information disclosure vulnerability exists in the Drupal UC Profile module in versions 6.x-1.x...

4.3CVSS6.3AI score0.01087EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2014/12/16 12:0 a.m.47 views

Elefant CMS 1.3.9 Cross Site Scripting

Document Title: =============== Elefant CMS v1.3.9 - Persistent Name Update Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1365 Release Date: ============= 2014-12-03 Vulnerability Laboratory ID VL-ID: ====================================...

0.2AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2014/12/03 12:0 a.m.51 views

Elefant CMS v1.3.9 - Persistent Name Update Vulnerability

Document Title: =============== Elefant CMS v1.3.9 - Persistent Name Update Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1365 Release Date: ============= 2014-12-03 Vulnerability Laboratory ID VL-ID: ====================================...

7.1AI score
Exploits0
Rows per page
Query Builder