Lucene search
+L

68 matches found

wpexploit
wpexploit
added 2021/08/02 12:0 a.m.591 views

Business Hours Indicator < 2.3.5 - Authenticated Stored XSS

The plugin does not sanitise or escape its 'Now closed message" setting when outputting it in the backend and frontend, leading to an Authenticated Stored Cross-Site Scripting issue Put the following payload in the "Now closed message" setting and save them: alert/XSS/ Then refresh the setting...

5.4CVSS0.1AI score0.0062EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/26 12:0 a.m.641 views

WPFront Scroll Top < 2.0.6.07225 - Authenticated Stored XSS

The plugin does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed. Put the one of the payload below in the Image ALT setting of the plugin: The XSS will...

3.5CVSS5.3AI score0.0062EPSS
Exploits2
Prion
Prion
added 2021/07/07 2:15 p.m.26 views

Design/Logic Flaw

The QSAN SANOS setting page does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0...

7.5CVSS9.7AI score0.01924EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/07/07 12:0 a.m.9 views

QSAN SANOS 操作系统命令注入漏洞

QSAN SANOS is the SAN storage management operating system from QSAN China. It comes with a refreshingly easy-to-use Web GUI and can be easily deployed into any infrastructure. An injection vulnerability exists in QSAN SANOS, which stems from the product's setting page not filtering user-entered...

9.8CVSS6.2AI score0.01924EPSS
Exploits0References2
CNVD
CNVD
added 2018/11/13 12:0 a.m.4 views

JPress Cross-Site Scripting Vulnerability

JPress is a set of blogging platform developed using the Java language. A cross-site scripting vulnerability exists in JPress version 1.0-rc.5, which can be exploited to inject arbitrary web script or HTML by sending the site name, site title, or site subtitle fields to the...

4.8CVSS4.7AI score0.0064EPSS
Exploits1References1
NVD
NVD
added 2018/09/18 1:29 p.m.17 views

CVE-2018-7991

Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110C00 have a Factory Reset Protection FRP bypass vulnerability. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to the computer and then perform some specific...

4.6CVSS4.7AI score0.00235EPSS
Exploits0References1
CVE
CVE
added 2018/09/18 1:0 p.m.51 views

CVE-2018-7991

CVE-2018-7991 concerns Huawei Mate10 smartphones (versions earlier than ALP-AL00B 8.0.0.110(C00)) with a Factory Reset Protection (FRP) bypass vulnerability. The issue arises because the system does not sufficiently verify permissions when a device is connected via a data cable to a computer and ...

4.6CVSS4.7AI score0.00235EPSS
Exploits0References1Affected Software1
exploitpack
exploitpack
added 2013/06/11 12:0 a.m.48 views

WordPress Plugin WP-SendSms 1.0 - Multiple Vulnerabilities

WordPress Plugin WP-SendSms 1.0 - Multiple Vulnerabilities ============================================================= \ \ / / | | / \ / | | \ \ V / | | | | | | | | | / \ | ' \ | | | | | | | | | | | | '| | / / . \ | | | | | | || | | | | | | | | | // \ | ./ || / || || |/ || | | ||...

0.3AI score
Exploits0
Rows per page
Query Builder