Lucene search
K

103 matches found

CNVD
CNVD
added 2020/12/01 12:0 a.m.3 views

Synology SafeAccess Cross-Site Scripting Vulnerability

Synology SafeAccess is an appliance from China-based Synology Inc. that can configure the security of your network environment. The appliance can monitor users' Internet behavior, set Internet schedules and time quotas, apply web filters to protect specific users, and protect all devices in the...

8.4CVSS6AI score0.05138EPSS
Exploits1References1
OSV
OSV
added 2020/11/30 10:15 a.m.4 views

CVE-2020-27659

Multiple cross-site scripting XSS vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the 1 domain or 2 profile parameter...

4.8CVSS6.7AI score0.05138EPSS
Exploits1References3
NVD
NVD
added 2020/11/30 10:15 a.m.27 views

CVE-2020-27659

Multiple cross-site scripting XSS vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the 1 domain or 2 profile parameter...

8.4CVSS7.4AI score0.05138EPSS
Exploits1References3
CNNVD
CNNVD
added 2020/11/30 12:0 a.m.10 views

Synology SafeAccess 跨站脚本漏洞

Synology SafeAccess is an appliance from China-based Synology Inc. that can configure the security of your network environment. The appliance can monitor users' Internet behavior, set Internet schedules and time quotas, apply web filters to protect specific users, and protect all devices in the...

8.4CVSS6.7AI score0.05138EPSS
Exploits1References4
OSV
OSV
added 2018/02/23 1:29 p.m.4 views

CVE-2018-6867

Cross Site Scripting XSS exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile parameter...

5.4CVSS5.8AI score0.00674EPSS
Exploits4References2
Cvelist
Cvelist
added 2018/02/23 1:0 p.m.30 views

CVE-2018-6867

Cross Site Scripting XSS exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile parameter...

5.3AI score0.00674EPSS
Exploits4References2
CNVD
CNVD
added 2018/01/02 12:0 a.m.3 views

Muslim Matrimonial Script SQL Injection Vulnerability

Muslim Matrimonial Script is a community matrimonial script for matrimonial websites by PHP Scripts Mall. PHP Scripts Mall Muslim Matrimonial Script has a SQL injection vulnerability. The vulnerability can be exploited to conduct SQL injection attacks via the view-profile.php memid parameter...

8.8CVSS8.2AI score0.0094EPSS
Exploits1References1
NVD
NVD
added 2017/12/30 4:29 a.m.22 views

CVE-2017-17983

PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php memid parameter...

8.8CVSS9.2AI score0.0094EPSS
Exploits1References1
OSV
OSV
added 2017/12/27 5:8 p.m.3 views

CVE-2017-17893

Readymade Video Sharing Script has XSS via the searchvideo.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter...

6.1CVSS5.8AI score0.00683EPSS
Exploits1References1
CNVD
CNVD
added 2017/12/15 12:0 a.m.4 views

FS Freelancer Clone SQL Injection Vulnerability

FS Freelancer Clone is a set of PHP and MySQL based scripts for freelancer online job search and recruitment websites. A SQL injection vulnerability exists in FS Freelancer Clone version 1.0. The vulnerability can be exploited by remote attackers to inject SQL commands by sending the 'u' paramete...

9.8CVSS8.2AI score0.02978EPSS
Exploits1References1
Prion
Prion
added 2017/12/13 9:29 a.m.14 views

Sql injection

FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or companydetails.php id parameter...

7.5CVSS9.9AI score0.02978EPSS
Exploits1References2Affected Software1
0day.today
0day.today
added 2017/09/09 12:0 a.m.29 views

WordPress Training Membership 1.0.8 Cross Site Scripting Vulnerability

WordPress Fitness Trainer - Training Membership plugin versions 1.0.8 and below suffer from a cross site scripting vulnerability. Exploit Title: Wordpress Fitness Trainer - Training Membership Plugin ================== 8bitsec - https://twitter.com/8bitsec 0day.today 2018-04-09...

6.6AI score
Exploits0
Packet Storm
Packet Storm
added 2017/09/08 12:0 a.m.31 views

WordPress Training Membership 1.0.8 Cross Site Scripting

Exploit Title: Wordpress Fitness Trainer - Training Membership Plugin ================== 8bitsec - https://twitter.com/8bitsec...

7.4AI score
Exploits0
Veracode
Veracode
added 2017/07/30 5:37 a.m.20 views

Cross-site Scripting (XSS)

Magmi is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary webscript through the profile parameter of web/magmi.php or through querystring to web/magmiimportrun.php...

4.3CVSS5.8AI score0.1404EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2015/02/28 12:0 a.m.4 views

Magento Server MAGMI plugin cross-site scripting vulnerability

Magento is the United States Magento company's set of professional open source PHP e-commerce system , it provides rights management , search engine and payment gateway features such as Magento Server is the Magento server . MAGMI aka Magento Mass Importer is one of the product catalogs used to...

4.3CVSS6.2AI score0.1404EPSS
Exploits1References1
Prion
Prion
added 2015/02/19 3:59 p.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Google Doc Embedder plugin before 2.5.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the profile parameter in an edit action in the gde-settings page to wp-admin/options-general.php...

4.3CVSS6.2AI score0.02073EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2014/10/16 12:0 a.m.5 views

PT-2014-8461 · Sap · Sap Netweaver As Abap

Name of the Vulnerable Software and Affected Versions: SAP Netweaver AS ABAP version 7.31 Description: The issue allows remote authenticated users to obtain sensitive information by making a request to the RSDU CCMS GET PROFILE PARAM RFC function. Recommendations: For SAP Netweaver AS ABAP versio...

3.5CVSS5.9AI score0.02103EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2014/01/11 12:0 a.m.7 views

PT-2014-2542 · Red Hat +1 · Red Hat Cloudforms +1

Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms 2.0 Management Engine CFME versions 5.1 and earlier ManageIQ Enterprise Virtualization Manager versions 5.0 and earlier Description: The issue allows remote authenticated users to execute arbitrary SQL commands. This is...

7.5CVSS6.7AI score0.15659EPSS
Exploits3References7
RedHat Linux
RedHat Linux
added 2013/10/31 2:18 p.m.4 views

2: miq_policy/explorer SQL injection

SQL injection vulnerability in the miqpolicy controller in Red Hat CloudForms 2.0 Management Engine CFME 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile parameter in an explorer action...

7.5CVSS6.2AI score0.15659EPSS
Exploits3References4
CVE
CVE
added 2012/02/12 10:0 p.m.43 views

CVE-2011-4340

Symphony CMS CVE-2011-4340 affects Symphony CMS 2.2.3 and potentially earlier versions up to just before 2.2.4. The vulnerability is due to cross-site scripting (XSS) in two areas: (1) profile parameter handling in extensions/profiledevkit/content/content.profile.php (triggered via default URI, a...

3.5CVSS5.6AI score0.01866EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder