Lucene search
+L

277 matches found

nvd
nvd
added 2024/05/21 3:15 p.m.18 views

CVE-2024-33527

A Stored Cross-site Scripting XSS vulnerability in the "Import of Users and login name of user" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload...

5.4CVSS5.2AI score0.00473EPSS
Exploits1References2
cvelist
cvelist
added 2024/05/21 2:52 p.m.31 views

CVE-2024-33526

A Stored Cross-site Scripting XSS vulnerability in the "Import of user role and title of user role" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload...

5.2AI score0.00503EPSS
Exploits1References2
cve
cve
added 2024/05/21 2:44 p.m.90 views

CVE-2024-33528

CVE-2024-33528 is a Stored Cross-site Scripting (XSS) vulnerability in ILIAS 7.x before 7.30 and 8.x before 8.11. Remote authenticated attackers with tutor privileges can inject arbitrary web script or HTML via XML file uploads. Root cause relates to how XML uploads are processed (stored XSS). Im...

4.7CVSS5.4AI score0.00478EPSS
Exploits1References2Affected Software1
cve
cve
added 2024/04/16 8:12 a.m.75 views

CVE-2024-3871

CVE-2024-3871 affects Delta Electronics DVW-W02W2-E2 web administration interface, with versions up to 2.5.2. The issue stems from command injections and stack overflows in the web UI, enabling remote attackers to achieve remote code execution with elevated privileges. The NVD entry states this c...

9.8CVSS8.3AI score0.01699EPSS
Exploits0References1
nvd
nvd
added 2024/04/02 1:15 p.m.14 views

CVE-2024-29514

File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file...

8.8CVSS7.3AI score0.01281EPSS
Exploits1References1
osv
osv
added 2024/03/06 11:11 a.m.15 views

BIT-SUITECRM-2020-14208

SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting XSS in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML...

5.4CVSS5AI score0.00636EPSS
Exploits0References2
cvelist
cvelist
added 2024/01/31 12:0 a.m.16 views

CVE-2023-31505

An arbitrary file upload vulnerability in Schlix CMS v2.2.8-1, allows remote authenticated attackers to execute arbitrary code and obtain sensitive information via a crafted .phtml file...

7.2AI score0.01158EPSS
Exploits1References1
cvelist
cvelist
added 2024/01/27 12:0 a.m.25 views

CVE-2023-48201

Cross Site Scripting XSS vulnerability in Sunlight CMS v.8.0.1, allows remote authenticated attackers to execute arbitrary code and escalate privileges via a crafted script to the Content text editor component...

5.7AI score0.0055EPSS
Exploits1References1
cvelist
cvelist
added 2023/12/12 12:0 a.m.16 views

CVE-2023-36654

Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to download host server SSH private keys associated with a Linux root user by injecting paths inside REST API endpoint parameters...

6.4AI score0.01241EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2023/08/23 2:51 a.m.16 views

CVE-2023-40158

Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and...

7AI score0.00928EPSS
Exploits0References3
openvas
openvas
added 2023/06/19 12:0 a.m.17 views

Synology Router Manager (SRM) 1.1.x DoS Vulnerability (Synology-SA-17:49)

Synology Router Manager SRM is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.9CVSS5.2AI score0.01433EPSS
Exploits0References1
prion
prion
added 2023/05/23 2:15 a.m.15 views

Command injection

OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated attackers to execute an arbitrary OS command...

6.5CVSS8.7AI score0.01908EPSS
Exploits0References3Affected Software2
cvelist
cvelist
added 2023/05/23 12:0 a.m.36 views

CVE-2023-27521

OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated attackers to execute an arbitrary OS command...

8.9AI score0.01908EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2023/05/08 12:0 a.m.5 views

CVE-2021-28998

File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file...

6.8AI score0.01294EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2023/04/11 12:0 a.m.9 views

PT-2023-19054 · Unknown · Conprosys M2M Gateway +2

Name of the Vulnerable Software and Affected Versions: CONPROSYS M2M Gateway versions 3.7.10 and earlier CONPROSYS M2M Controller Integrated Type versions 3.7.6 and earlier CONPROSYS M2M Controller Configurable Type versions 3.8.8 and earlier Description: An improper access control issue allows a...

4.3CVSS7AI score0.00694EPSS
Exploits0References8
cvelist
cvelist
added 2023/02/03 12:0 a.m.38 views

CVE-2021-36538

Cross Site Scripting XSS vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports...

5.4AI score0.00551EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2023/01/19 12:0 a.m.8 views

CVE-2022-46889

A persistent cross-site scripting XSS vulnerability in NexusPHP before 1.7.33 allows remote authenticated attackers to permanently inject arbitrary web script or HTML via the title parameter used in /subtitles.php...

5.2AI score0.60115EPSS
Exploits0References2
nvd
nvd
added 2022/12/07 4:15 a.m.22 views

CVE-2022-43660

Improper neutralization of Server-Side Includes SSW within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable...

7.2CVSS0.00972EPSS
Exploits0References2
huntr
huntr
added 2022/12/01 9:56 p.m.21 views

File Upload Filter Bypass

Description A sanitization filter bypass in plupload.php in MicroweberCMS v1.3.1 allows remote authenticated attackers to upload files outside the restricted location. The target $path for the image is being sanitized here: php $pathrestirct = userfilespath; if isset$REQUEST'path' and...

5.8CVSS0.3AI score0.38236EPSS
Exploits1
huntr
huntr
added 2022/11/25 2:42 p.m.10 views

Authenticated SQL Injection in OpenSIS Classic v9.0 and earlier

Description SQL injection in OpenSIS Classic v9.0 and earlier allows remote authenticated attackers to execute SQL code via the id parameter in MassScheduleModal.php leading to full database information disclosure. Version At the time of reporting, the most up-to-date version of the master branch...

0.3AI score
Exploits0
Rows per page
Query Builder