Lucene search
K

75 matches found

CNNVD
CNNVD
added 2022/12/13 12:0 a.m.3 views

PHP-Calendar 跨站脚本漏洞

PHP-Calendar is a calendar application by Sean Proctor Individual Developer. PHP-Calendar suffers from a code injection vulnerability that originates in an unknown section of the component index.php, where manipulation of the parameter $SERVER PHPSELF can lead to cross-site scripting...

6.1CVSS4.4AI score0.00571EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/12/13 12:0 a.m.5 views

PT-2022-27234

Name of the Vulnerable Software and Affected Versions sproctor php-calendar affected versions not specified Description A problematic vulnerability was found in sproctor php-calendar, affecting an unknown part of the file index.php. The manipulation of the argument $ SERVER'PHP SELF' leads to cro...

6.1CVSS3.2AI score0.00571EPSS
Exploits0References9
Snyk
Snyk
added 2022/05/17 2:31 a.m.3 views

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via crafted PATHINFO in a URL. An attacker can inject arbitrary code by manipulating the unsanitized $SERVER'PHPSELF' used to generate URLs. Details Cross-site scriptin...

6.1CVSS5.4AI score0.01754EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/05/16 3:15 p.m.5 views

CVE-2022-1216

The Advanced Image Sitemap WordPress plugin through 1.2 does not sanitise and escape the PHPSELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting...

6.1CVSS6.3AI score0.00757EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/05/16 12:0 a.m.2 views

WordPress plugin Custom TinyMCE Shortcode Button 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. WordPress Custom TinyMCE Shortcode Buttons plugin version 1.1 and earlier is vulnerable to a...

6.1CVSS6.3AI score0.00757EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/05/16 12:0 a.m.3 views

WordPress plugin Advanced Image Sitemap 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Advanced Image Sitemaps plugin 1.2 and earlier versions are vulnerable to a cross-site scripting...

6.1CVSS6.3AI score0.00757EPSS
Exploits2References2
OSV
OSV
added 2021/09/10 2:15 p.m.3 views

CVE-2021-38327

The YouTube Video Inserter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /adminUI/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.1.0...

6.1CVSS6.4AI score0.00908EPSS
Exploits1References2
OSV
OSV
added 2021/09/10 2:15 p.m.6 views

CVE-2021-38332

The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1...

6.1CVSS6.4AI score0.00866EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/09/10 12:0 a.m.3 views

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin WP Scrippets 1.5.1 and earlier versions, which stems from a lack of valid validation and escaping of the $SERVER"PHPSELEF" value in /wp-scrippets. An attacker...

6.1CVSS5.5AI score0.00908EPSS
Exploits1References4
OSV
OSV
added 2021/09/02 5:15 p.m.8 views

CVE-2021-39322

The Easy Social Icons plugin = 3.0.8 for WordPress echoes out the raw value of $SERVER'PHPSELF' in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path...

6.1CVSS5.8AI score0.0236EPSS
Exploits2References2
OSV
OSV
added 2021/08/16 7:15 p.m.5 views

CVE-2021-34663

The jQuery Tagline Rotator WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /jquery-tagline-rotator.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1.5...

6.1CVSS6.4AI score0.00895EPSS
Exploits1References2
CNVD
CNVD
added 2018/04/13 12:0 a.m.2 views

Cacti cross-site scripting vulnerability (CNVD-2018-08667)

Cacti is an open source, web-based network monitoring and mapping tool, a front-end application designed for the data logging tool RRDtool. Cacti suffers from a cross-site scripting vulnerability. The vulnerability arises because the getcurrentpage function in lib/functions.php relies on...

5.4CVSS6.7AI score0.01156EPSS
Exploits1References1
CNVD
CNVD
added 2016/07/05 12:0 a.m.4 views

phpMyAdmin Injection Attack Vulnerability

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security vulnerability exists in phpMyAdmin 4.6.3...

4.3CVSS7.7AI score0.01689EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2011/06/08 3:55 p.m.2 views

CVE-2009-5077

CRE Loaded before 6.2.14 allows remote attackers to bypass authentication and gain administrator privileges via vectors related to a modified PHPSELF variable, which is not properly handled by 1 includes/applicationtop.php and 2 admin/includes/applicationtop.php...

7.5CVSS5.6AI score0.01486EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2011/06/08 12:0 a.m.4 views

PT-2011-1331 · Cre Loaded · Cre Loaded

Name of the Vulnerable Software and Affected Versions: CRE Loaded versions prior to 6.2.14 Description: The issue allows remote attackers to bypass authentication and gain administrator privileges. This is related to a modified PHP SELF variable, which is not properly handled by includes in the...

7.5CVSS7AI score0.01486EPSS
Exploits1References2
Rows per page
Query Builder