Lucene search
K

93 matches found

NVD
NVD
added 2025/12/23 8:15 p.m.6 views

CVE-2021-47716

Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CSmessage', and 'name' to execute arbitrary JavaScript code in victim's browse...

5.4CVSS0.00194EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/23 7:35 p.m.2 views

CVE-2021-47716 Orangescrum 1.8.0 Cross-Site Scripting via Authenticated Endpoints

Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CSmessage', and 'name' to execute arbitrary JavaScript code in victim's browse...

5.4CVSS6.3AI score0.00194EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/23 7:35 p.m.22 views

CVE-2021-47716 Orangescrum 1.8.0 Cross-Site Scripting via Authenticated Endpoints

Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CSmessage', and 'name' to execute arbitrary JavaScript code in victim's browse...

5.4CVSS0.00194EPSS
Exploits1References3
CVE
CVE
added 2025/12/23 7:34 p.m.13 views

CVE-2021-47720

Orangescrum 1.8.0 is affected by an authenticated SQL injection via multiple parameters (old_project_id, project_id, uuid, uniqid). The root cause is insufficient validation of input parameters, allowing attackers with authorization to manipulate database queries and potentially extract or modify...

8.7CVSS7.6AI score0.003EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/12/23 7:34 p.m.36 views

CVE-2021-47720 Orangescrum 1.8.0 Authenticated SQL Injection via Multiple Parameters

Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like oldprojectid, projectid, uuid, and uniqid to potentially extract...

8.7CVSS0.003EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/23 12:0 a.m.4 views

PT-2025-52829

Name of the Vulnerable Software and Affected Versions Orangescrum version 1.8.0 Description Orangescrum version 1.8.0 has an authenticated SQL injection issue. Authorized users can manipulate database queries through vulnerable parameters. Specifically, attackers can inject malicious SQL code int...

8.7CVSS7.6AI score0.003EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-11832

Malware in sbrugna...

4.8CVSS5AI score0.00637EPSS
Exploits2References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-2917

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00389EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/08/12 4:32 a.m.19 views

CVE-2025-8794

A vulnerability, which was classified as problematic, has been found in LitmusChaos Litmus up to 3.19.0. Affected by this issue is some unknown functionality of the component LocalStorage Handler. The manipulation of the argument projectID leads to authorization bypass. Local access is required t...

7.8CVSS7AI score0.00236EPSS
Exploits1References1
CVE
CVE
added 2025/08/10 6:2 a.m.27 views

CVE-2025-8796

LitmusChaos up to 3.19.0 is affected by a vulnerability in the Delete Request Handler, specifically the /auth/delete_project/ path. Manipulating the projectID parameter leads to missing authorization, enabling a remote attack. Exploitation details have been publicly disclosed, and vendor contact ...

5.5CVSS7.2AI score0.00372EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/08/10 5:15 a.m.5 views

CVE-2025-8794

A vulnerability, which was classified as problematic, has been found in LitmusChaos Litmus up to 3.19.0. Affected by this issue is some unknown functionality of the component LocalStorage Handler. The manipulation of the argument projectID leads to authorization bypass. Local access is required t...

7.8CVSS4.9AI score0.00236EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 8:18 a.m.5 views

CVE-2024-10423

A vulnerability, which was classified as critical, was found in Project Worlds Student Project Allocation System 1.0. Affected is an unknown function of the file /student/projectselection/projectselection.php of the component Project Selection Page. The manipulation of the argument projectid lead...

9.8CVSS7.1AI score0.00508EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:24 p.m.4 views

CVE-2021-24920

The StatCounter WordPress plugin before 2.0.7 does not sanitise and escape the Project ID and Secure Code settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS6.1AI score0.00637EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:39 a.m.9 views

CVE-2024-1626

An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows authenticated users to modify the name of any project within the system without proper authorization checks, by directly...

9.1CVSS7.8AI score0.00479EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/01/04 12:0 a.m.7 views

WordPress plugin WP Project Manager SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

6.5CVSS8.8AI score0.00426EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/27 12:0 a.m.9 views

PT-2024-16268 · Unknown · Project Worlds Student Project Allocation System

Name of the Vulnerable Software and Affected Versions: Project Worlds Student Project Allocation System version 1.0 Description: A critical issue was found in the Project Selection Page component, specifically in the /student/project selection/project selection.php file. The manipulation of the...

9.8CVSS7.1AI score0.00508EPSS
Exploits1References8
NVD
NVD
added 2024/10/24 9:15 p.m.10 views

CVE-2024-47880

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the export-rows command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page th...

8.1CVSS0.00361EPSS
Exploits1References2
NVD
NVD
added 2024/10/24 9:15 p.m.15 views

CVE-2024-47879

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can...

8.8CVSS0.00389EPSS
Exploits1References2
CVE
CVE
added 2024/10/24 8:21 p.m.72 views

CVE-2024-47880

OpenRefine vulnerable prior to version 3.8.3 to a reflected cross-site scripting issue in the export-rows command. An attacker could lure a user to a malicious page that submits a POST containing embedded JavaScript, which could be echoed in the response along with an attacker-controlled Content-...

8.1CVSS7.5AI score0.00361EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/10/24 8:17 p.m.13 views

CVE-2024-47879 OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF)

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross-site request forgery protection on the preview-expression command means that visiting a malicious website could cause an attacker-controlled expression to be executed. The expression can...

7.6CVSS6.8AI score0.00389EPSS
Exploits1References4
Rows per page
Query Builder