CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

356 matches found

OSV•added 2023/07/19 2:15 a.m.•0 views

CVE-2023-3753

A vulnerability classified as problematic has been found in Creativeitem Mastery LMS 1.2. This affects an unknown part of the file /browse. The manipulation of the argument search/featured/recommended/skill leads to cross site scripting. It is possible to initiate the attack remotely. The...

6.1CVSS3.9AI score0.00075EPSS

Exploits0References2

Packet Storm•added 2023/07/19 12:0 a.m.•241 views

Chipsa CMS 1.0.2 Cross Site Scripting

==================================================================================================================================== | Title : Chipsa CMS v1.0.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vendor ...

7.1AI score

Exploits0

The Hacker News•added 2023/06/28 7:24 a.m.•3 views

Critical SQL Injection Flaws Expose Gentoo Soko to Remote Code Execution

Multiple SQL injection vulnerabilities have been disclosed in Gentoo Soko that could lead to remote code execution RCE on vulnerable systems. "These SQL injections happened despite the use of an Object-Relational Mapping ORM library and prepared statements," SonarSource researcher Thomas...

9.8CVSS8.4AI score0.01058EPSS

Exploits0

The Hacker News•added 2023/06/28 7:24 a.m.•57 views

Critical SQL Injection Flaws Expose Gentoo Soko to Remote Code Execution

9.8CVSS8.3AI score0.01058EPSS

Exploits0

Positive Technologies•added 2023/04/28 12:0 a.m.•1 views

PT-2023-21744 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS previously concrete5 versions 9.0 through 9.1.3 Concrete CMS previously concrete5 versions prior to 9.2 Description: The issue is related to Stored XSS on Saved Presets on search. This means that an attacker can store malicious...

5.4CVSS5.2AI score0.01927EPSS

Exploits0References11

Exploit DB•added 2023/03/30 12:0 a.m.•222 views

WPForms 1.7.8 - Cross-Site Scripting (XSS)

Exploit Title: WPForms 1.7.8 - Cross-Site Scripting XSS Date: 2022-12-05 Author: Milad karimi Software Link: https://wordpress.org/plugins/wpforms-lite Version: 1.7.8 Tested on: Windows 10 CVE: N/A 1. Description: This plugin creates a WPForms from any post types. The slider import search feature...

7.4AI score

Exploits0

SUSE CVE•added 2023/02/15 3:53 a.m.•0 views

SUSE CVE-2020-26935

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query...

9.8CVSS9.6AI score0.89641EPSS

Exploits1References5

OSV•added 2022/05/24 5:30 p.m.•20 views

GHSA-7FF4-CV53-4CJQ phpMyAdmin SQL injection vulnerability

9.8CVSS9.5AI score0.89641EPSS

Exploits1References12

Github Security Blog•added 2022/05/24 5:7 p.m.•11 views

Liferay Portal Vulnerable to Persistent Cross-Site Scripting (XSS) in MyAccountPortlet

In LifeRay Portal CE 7.1.0 through 7.2.1, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will...

5.4CVSS5.7AI score0.03286EPSS

Exploits3References5Affected Software1

OSV•added 2022/05/17 3:0 a.m.•18 views

GHSA-84JM-CPC5-C7G7 Plone XSS in Zope ZMI

Cross-site scripting XSS vulnerability in the managefindResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the objids:tokens parameter...

6.1CVSS6AI score0.00299EPSS

Exploits2References7

OSV•added 2022/05/13 1:13 a.m.•3 views

GHSA-5FGV-CVR8-XG48 Moodle vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 the Login-As feature or 2 when the global search feature is enabled, unspecified global search forms in the...

5.3CVSS5.8AI score0.00254EPSS

Exploits0References4

0day.today•added 2022/03/30 12:0 a.m.•219 views

Drupal avatar_uploader v7.x-1.0-beta8 - Cross Site Scripting Vulnerability

Exploit Title: Drupal avataruploader v7.x-1.0-beta8 - Cross Site Scripting XSS Author: Milad karimi Software Link: https://www.drupal.org/project/avataruploader Version: v7.x-1.0-beta8 Tested on: Windows 10 CVE: N/A 1. Description: This plugin creates a avataruploader from any post types. The...

7.4AI score

Exploits0

Exploit DB•added 2022/03/30 12:0 a.m.•275 views

Drupal avatar_uploader v7.x-1.0-beta8 - Cross Site Scripting (XSS)

Exploit Title: Drupal avataruploader v7.x-1.0-beta8 - Cross Site Scripting XSS Date: 2022-03-22 Author: Milad karimi Software Link: https://www.drupal.org/project/avataruploader Version: v7.x-1.0-beta8 Tested on: Windows 10 CVE: N/A 1. Description: This plugin creates a avataruploader from any po...

7.4AI score

Exploits0

Packet Storm•added 2022/03/23 12:0 a.m.•224 views

Drupal Avatar Upload 7.x-1.0-beta8 Cross Site Scripting

7.4AI score

Exploits0

wpexploit•added 2022/03/21 12:0 a.m.•535 views

Salon booking system < 7.6.3 - Unauthenticated Sensitive Data Disclosure

The plugin does not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it. Although the API only retur...

5.3CVSS0.2AI score0.00981EPSS

Exploits2

0day.today•added 2022/02/10 12:0 a.m.•233 views

WordPress Jetpack 9.1 Plugin - Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin Jetpack 9.1 - Cross Site Scripting XSS Author: Milad karimi Software Link: https://wordpress.org/plugins/jetpack Version: 9.1 Tested on: Windows 11 CVE: N/A 1. Description: This plugin creates a Jetpack from any post types. The slider import search feature and tab...

Exploits0

0day.today•added 2022/02/02 12:0 a.m.•253 views

WordPress Product Slider for WooCommerce 1.13.21 Plugin - Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin Product Slider for WooCommerce 1.13.21 - Cross Site Scripting XSS Author: 0xB9 Software Link: https://wordpress.org/plugins/woocommerc...ts-slider/ Version: 1.13.21 Tested on: Windows 10 CVE: CVE-2021-24300 1. Description: This plugin is a easy carousel slider for...

6.1CVSS6.3AI score0.03405EPSS

Exploits5

OSV•added 2021/08/25 8:56 p.m.•14 views

GHSA-GX5W-RRHP-F436 XSS in mdBook

This is a cross-post of the official security advisoryml. The official post contains a signed version with our PGP key, as well. ml: https://groups.google.com/g/rustlang-security-announcements/c/3-sO6of29O0 The Rust Security Response Working Group was recently notified of a security issue affecti...

8.2CVSS6.9AI score0.0033EPSS

Exploits0References7