Lucene search
K

175 matches found

Positive Technologies
Positive Technologies
added 2023/09/29 12:0 a.m.8 views

PT-2023-31990 · Unknown · Sourcecodester Best Courier Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Courier Management System version 1.0 Description: A critical issue has been found in the SourceCodester Best Courier Management System. It affects an unknown function of the file parcel list.php, specifically the componen...

8.8CVSS6.4AI score0.00636EPSS
Exploits1References10
CNNVD
CNNVD
added 2023/01/20 12:0 a.m.13 views

WordPress Plugin The Easy Digital Downloads SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

9.8CVSS8.6AI score0.11172EPSS
Exploits2References2
Github Security Blog
Github Security Blog
added 2022/05/14 3:22 a.m.22 views

thinkphp SQL Injection via the index.php s parameter

thinkphp 3.1.3 has SQL Injection via the index.php s parameter...

9.8CVSS8.2AI score0.01135EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/14 3:22 a.m.19 views

GHSA-XVHR-7Q4Q-QJGP thinkphp SQL Injection via the index.php s parameter

thinkphp 3.1.3 has SQL Injection via the index.php s parameter...

9.8CVSS10AI score0.01135EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/05/11 2:15 p.m.8 views

CVE-2022-28077

Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting XSS vulnerability in the Admin panel via the $GET's' parameter...

6.1CVSS5.8AI score0.00791EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/03/14 12:0 a.m.6 views

WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Persian Woocommerce suffers from a cross-site scripting vulnerability that stems from not escaping the s...

6.1CVSS5.2AI score0.01477EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/03/14 12:0 a.m.7 views

WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Multisite Content Copier/Updater plugin...

6.1CVSS5.7AI score0.00788EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/02/14 12:15 p.m.6 views

CVE-2022-0193

The Complianz WordPress plugin before 6.0.0 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.3AI score0.00876EPSS
Exploits2References3
Prion
Prion
added 2021/12/27 11:15 a.m.19 views

Cross site scripting

The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...

4.3CVSS6AI score0.01868EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2021/11/08 7:15 p.m.5 views

CVE-2021-39420

Multiple Cross Site Scripting XSS vulnerabilities exist in VFront 0.99.5 via the 1 s parameter in searchall.php and the 2 msg parameter in add.attach.php...

6.1CVSS6.4AI score
Exploits0References1
CNNVD
CNNVD
added 2021/11/08 12:0 a.m.5 views

VFront 跨站脚本漏洞

vfront is a free open source front-end for MySQL or PostgreSQL databases written in PHP and Javascript. vfront version 0.99.5 is vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via the s parameter in...

6.1CVSS5.3AI score0.00641EPSS
Exploits1References2
OSV
OSV
added 2021/10/04 12:15 p.m.4 views

CVE-2021-24676

The Better Find and Replace WordPress plugin before 1.2.9 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.4AI score0.008EPSS
Exploits2References1
Prion
Prion
added 2021/07/30 2:15 p.m.13 views

Sql injection

Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php aka p=products via the c or s parameter...

7.5CVSS9.8AI score0.02447EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2021/06/01 2:15 p.m.5 views

CVE-2021-24316

The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue...

6.1CVSS6.4AI score0.06442EPSS
Exploits2References3
OSV
OSV
added 2021/04/12 2:15 p.m.7 views

CVE-2021-24213

The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET parameter on the Donors page...

6.1CVSS6.4AI score0.0137EPSS
Exploits4References2
Vulnerability Lab
Vulnerability Lab
added 2020/05/06 12:0 a.m.36 views

Wordpress Theme Dosimple v2.0 - XSS Web Vulnerability

Document Title: =============== Wordpress Theme Dosimple v2.0 - XSS Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2251 Release Date: ============= 2020-05-06 Vulnerability Laboratory ID VL-ID: ==================================== 225...

7.4AI score
Exploits0
WPVulnDB
WPVulnDB
added 2020/05/04 12:0 a.m.14 views

wpForo < 1.7.0 - Reflected Cross-Site Scripting (XSS) via s Parameter

The plugin did not escape, validate or escape the 's' GET parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in admin PoC https://example.com/wp-admin/admin.php?page=wpforo-phrases="...

3.5CVSS0.9AI score0.00709EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2020/04/23 3:15 p.m.5 views

CVE-2020-12054

The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter a search query. Also affected are 16 themes if the plugin is enabled by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise...

6.1CVSS6.4AI score0.03611EPSS
Exploits2References2
Prion
Prion
added 2020/04/23 3:15 p.m.12 views

Cross site scripting

The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter a search query. Also affected are 16 themes if the plugin is enabled by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise...

4.3CVSS6AI score0.03611EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2019/10/23 5:15 p.m.15 views

CVE-2015-9504

The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter...

6.1CVSS6.1AI score0.00934EPSS
Exploits2References1
Rows per page
Query Builder