Lucene search
K

161 matches found

WPVulnDB
WPVulnDB
added 2023/08/31 12:0 a.m.12 views

Order Tracking Pro < 3.3.7 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape the order status parameter, which could allow users with a role of Admin to perform Cross-Site Scripting attacks...

4.8CVSS6.2AI score0.003EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2023/03/17 12:0 a.m.3 views

Canteen Management System SQL注入漏洞

Canteen Management System is a cafeteria management system by Mayuri K. Individual developer. A SQL injection vulnerability exists in SourceCodester Canteen Management System version 1.0, which stems from a security issue in the function query in createCategories.php, which causes SQL injection v...

9.8CVSS7.1AI score0.00808EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/05/03 12:0 a.m.4 views

Logitech Options 跨站请求伪造漏洞

Logitech Options is a powerful and easy-to-use application from Logitech that enhances your Logitech mouse, keyboard, and touchpad. Logitech Options suffers from a cross-site request forgery vulnerability that stems from a failure to properly validate the status parameter of Oauth 2.0. An attacke...

8.8CVSS7.8AI score0.0042EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/02/17 12:0 a.m.4 views

PHP-Fusion 跨站脚本漏洞

Php-fusion PHP-Fusion is an open source lightweight content management system based on MySql and PHP from Malaysia's PHP-Fusion Php-fusion. The system contains modules for news, articles and forums. A security vulnerability exists in PHP-Fusion version 7.02.07, which can be exploited by an attack...

6.1CVSS6.5AI score0.00799EPSS
Exploits1References2
OSV
OSV
added 2022/01/24 8:15 a.m.3 views

CVE-2021-25076

The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting...

8.8CVSS5.9AI score0.1712EPSS
Exploits6References3
CNVD
CNVD
added 2021/12/23 12:0 a.m.17 views

Anuko Time Tracker SQL Injection Vulnerability

Anuko Time Tracker is an open source time counting system for individual developers. A platform used to count employee time spent on various tasks, Anuko Time Tracker is vulnerable to a SQL injection vulnerability that stems from the group and status parameters in the groups.php file not being...

8.8CVSS2.4AI score0.01165EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/12/22 12:15 a.m.2 views

CVE-2021-43851

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. SQL injection vulnerability exist in multiple files in Time Tracker version 1.19.33.5606 and prior due to not properly checking of the "group" and "status" parameters in POST requests. Group parameter is...

8.8CVSS7.2AI score0.01165EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2021/12/21 12:0 a.m.3 views

Anuko Time Tracker SQL注入漏洞

Anuko Time Tracker is an open source time counting system for individual developers. A platform used to count employee time spent on various tasks, Anuko Time Tracker is vulnerable to a SQL injection vulnerability that stems from the group and status parameters in the groups.php file not being...

8.8CVSS6AI score0.01165EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2021/12/21 12:0 a.m.8 views

VulnCheck KEV: CVE-2021-25076

The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting...

8.8CVSS7.3AI score0.1712EPSS
Exploits6References1
CNVD
CNVD
added 2021/07/09 12:0 a.m.9 views

QSAN XEVO Command Injection Vulnerability (CNVD-2021-48920)

QSAN XEVO is a flash data management system from QSAN China. Reduces repetitive tasks and provides complete data analysis. A command injection vulnerability exists in QSAN XEVO that stems from the product's Array function's status parameter not properly filtering input data for special characters...

9.8CVSS8AI score0.02309EPSS
Exploits0References1
NVD
NVD
added 2021/07/07 2:15 p.m.20 views

CVE-2021-32530

OS command injection vulnerability in Array function in QSAN XEVO allows remote unauthenticated attackers to execute arbitrary commands via status parameter. The referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0...

9.8CVSS0.02309EPSS
Exploits0References1
OSV
OSV
added 2021/07/07 2:15 p.m.5 views

CVE-2021-32530

OS command injection vulnerability in Array function in QSAN XEVO allows remote unauthenticated attackers to execute arbitrary commands via status parameter. The referred vulnerability has been solved with the updated version of QSAN XEVO v2.1.0...

9.8CVSS7.5AI score0.02309EPSS
Exploits0References1
OSV
OSV
added 2021/04/19 9:15 p.m.4 views

CVE-2020-27240

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The componentStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.8CVSS6.7AI score0.00866EPSS
Exploits1References1
OSV
OSV
added 2021/04/15 2:15 p.m.4 views

CVE-2020-27239

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The assetStatus parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection An attacker can make an authenticated HTTP request to trigger this vulnerability...

9.8CVSS6.8AI score0.00866EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/03/26 12:0 a.m.3 views

Revive Adserver 跨站脚本漏洞

Revive Adserver is an open source ad server under the GNU General Public License license with an integrated banner management interface and a tracking system for collecting statistical information. A reflected cross-site scripting vulnerability exists in the status parameter in...

7.5CVSS5.4AI score0.19811EPSS
Exploits1References4
OSV
OSV
added 2020/08/31 5:15 a.m.3 views

CVE-2020-25033

The Blubrry subscribe-sidebar aka Subscribe Sidebar plugin 1.3.1 for WordPress allows subscribesidebar.php&status= reflected XSS...

6.1CVSS5.8AI score0.00977EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2020/08/31 12:0 a.m.5 views

PT-2020-15901 · Blubrry · Blubrry Subscribe-Sidebar Plugin

Name of the Vulnerable Software and Affected Versions: Blubrry subscribe-sidebar plugin version 1.3.1 Description: The issue allows for reflected XSS in the subscribe-sidebar.php file. This can be exploited through the status parameter. Recommendations: For version 1.3.1, update to a newer versio...

6.1CVSS5.9AI score0.00977EPSS
Exploits1References4
OSV
OSV
added 2020/07/28 5:15 p.m.7 views

CVE-2020-15617

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the status parameter, the...

7.5CVSS7.1AI score0.0383EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/06/25 12:0 a.m.7 views

PT-2020-14540 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to disclose sensitive information on affected installations without requiring authentication. The flaw exists within the ajax list accounts.php file,...

7.8CVSS7.4AI score0.0383EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/03/18 12:0 a.m.5 views

The vulnerability of the OAuth2 extension for the software environment used to implement the MediaWiki hypertext environment allows a hacker to perform cross-site request forgeing attacks.

The vulnerability of the OAuth2 extension for implementing the MediaWiki hypertext environment is related to the absence of a check on the OAuth2 status parameter in the callback function. Exploiting this vulnerability allows a malicious actor to perform cross-site forged requests...

10CVSS7.5AI score0.01164EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder