Lucene search
K

6384 matches found

Nuclei
Nuclei
added yesterday25 views

Membership Database <= 1.0 - Cross-Site Scripting

Membership Database before 1.0 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker t...

6.1CVSS6.9AI score0.0085EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday57 views

WBCE CMS v1.5.4 - Cross Site Scripting (Stored)

A cross-site scripting XSS vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field. id: CVE-2022-45037 info: name: WBCE CMS v1.5.4 - Cross Site Scripting Stored author:...

5.4CVSS6.2AI score0.01024EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday47 views

Tiempo.com <= 0.1.2 - Cross-Site Scripting

Tiempo.com before 0.1.2 is susceptible to cross-site scripting via the page parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to stea...

6.1CVSS6.9AI score0.0085EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday36 views

OURPHP <= 7.2.0 - Cross Site Scripting

OURPHP a...

6.1CVSS6.4AI score0.08115EPSS
Exploits9References5
Nuclei
Nuclei
added yesterday52 views

MyCryptoCheckout < 2.124 - Cross-Site Scripting

The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. id: CVE-2023-1546 info: name: MyCryptoCheckout 2.124 - Cross-Site Scripting author: Harsh severity: medium description: | The...

6.1CVSS6.8AI score0.0085EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday88 views

Simple URLs < 115 - Cross Site Scripting

The plugin does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2023-0099 info: name: Simple URLs 115 - Cross Site Scripting author: r3Y3r53 severit...

6.1CVSS6.4AI score0.01726EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday34 views

MaxSite CMS > V106 - Cross-Site Scripting

A reflected cross-site scripting vulnerability in MaxSite CMS before V106 via product/page/ allows remote attackers to inject arbitrary web script to a page." id: CVE-2021-35265 info: name: MaxSite CMS V106 - Cross-Site Scripting author: pikpikcu severity: medium description: | A reflected...

6.1CVSS6.5AI score0.03436EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday23 views

Jeesns 1.4.2 - Cross-Site Scripting

Jeesns 1.4.2 is vulnerable to reflected cross-site scripting in the /weibo/topic component and allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field. id: CVE-2020-19295 info: name: Jeesns 1.4.2 - Cross-Site Scripting author:...

6.1CVSS6.5AI score0.03509EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday62 views

EPrints 3.4.2 - Cross-Site Scripting

EPrints 3.4.2 contains a reflected cross-site scripting vulnerability via the cgi/cal URI. id: CVE-2021-26475 info: name: EPrints 3.4.2 - Cross-Site Scripting author: geeknik severity: medium description: EPrints 3.4.2 contains a reflected cross-site scripting vulnerability via the cgi/cal URI...

6.1CVSS6.8AI score0.06115EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday41 views

Rukovoditel <= 3.2.1 - Cross Site Scripting

A stored cross-site scripting XSS vulnerability in the Users Alerts feature /index.php?module=usersalerts/usersalerts of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Add". id:...

5.4CVSS6.2AI score0.00929EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday51 views

School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting

School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability via admin/inc/navigation.php:125. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-bas...

6.1CVSS6.4AI score0.03345EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday225 views

WordPress Newspaper < 12 - Cross-Site Scripting

WordPress Newspaper theme before 12 is susceptible to cross-site scripting. The does not sanitize a parameter before outputting it back in an HTML attribute via an AJAX action. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or execute unauthorized...

6.1CVSS6AI score0.00969EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday37 views

WordPress Admin Font Editor <=1.8 - Cross-Site Scripting

WordPress Admin Font Editor 1.8 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.6AI score0.03223EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday76 views

Monstra CMS 3.0.4 - Cross-Site Scripting

Monstra CMS 3.0.4 contains a cross-site scripting vulnerability via the registration form i.e., the login parameter to users/registration. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal...

6.1CVSS6.8AI score0.02273EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday63 views

QCube Cross-Site-Scripting

A reflected cross-site scripting vulnerability in qcubed all versions including 3.1.1 in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users. id: CVE-2020-24912 info: name: QCube Cross-Site-Scripting author: pikpikcu severity: medium...

6.1CVSS6.8AI score0.06289EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday45 views

WBCE CMS v1.5.4 - Cross Site Scripting (Stored)

A cross-site scripting XSS vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field. id: CVE-2022-45038 info: name: WBCE CMS v1.5.4 - Cross Site Scripting Stored author:...

5.4CVSS6.2AI score0.01024EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday73 views

WordPress All-in-One WP Migration <=7.62 - Cross-Site Scripting

WordPress All-in-One WP Migration plugin 7.62 and prior contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials a...

4.7CVSS6AI score0.01204EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday61 views

SEH utnserver Pro/ProMAX/INU-100 20.1.22 - Cross-Site Scripting

A vulnerability was found in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, affecting the device description parameter in the web interface. This flaw allows stored cross-site scripting XSS, enabling attackers to inject JavaScript code. The attack can be executed remote...

8.3CVSS5.8AI score0.055EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday48 views

Rukovoditel <= 3.2.1 - Cross Site Scripting

A stored cross-site scripting XSS vulnerability in the Dashboard Configuration feature index.php?module=dashboardconfigure/index of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Ad...

5.4CVSS6.2AI score0.00874EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday27 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS6AI score0.01331EPSS
Exploits1References2
Rows per page
Query Builder