Lucene search
K

67 matches found

CNNVD
CNNVD
added 2022/02/01 12:0 a.m.3 views

RosarioSis 跨站脚本漏洞

RosarioSis is a student information system. It is used to manage students, create reports and make the right decisions. A cross-site scripting vulnerability exists in RosarioSIS version 8.2.1, which stems from a lack of data validation filtering on user-supplied data and output. An attacker can...

6.1CVSS5.5AI score0.03002EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2020/06/25 12:0 a.m.6 views

PT-2020-14549 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to disclose sensitive information on affected installations without requiring authentication. The flaw exists within the ajax dashboard.php file,...

7.8CVSS7.4AI score0.0383EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/03/16 12:0 a.m.5 views

PT-2020-11987 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel versions for CentOS 6 and 7 Description: The issue allows SQL Injection via the "/cwp SESSION HASH/admin/loader ajax.php" API endpoint, specifically through the term parameter. This enables potential attackers to inject...

9.8CVSS9.8AI score0.14668EPSS
Exploits3References4
CNVD
CNVD
added 2019/03/22 12:0 a.m.2 views

wp-live-chat-support cross-site scripting vulnerability

WP Live Chat Support is feature-rich live chat plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress wp-live-chat-support plugin prior to version 8.0.18, which stems from the program failing to properly encode parameters. A remote attacker can exploit this vulnerabili...

6.1CVSS6.5AI score0.01377EPSS
Exploits1References1
NVD
NVD
added 2018/10/18 6:29 a.m.31 views

CVE-2018-18460

XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request...

6.1CVSS6.1AI score0.01022EPSS
Exploits1References2
CVE
CVE
added 2018/10/18 6:0 a.m.51 views

CVE-2018-18460

CVE-2018-18460 affects the WordPress plugin wp-live-chat-support version 8.0.15 . The vulnerability is a Cross-Site Scripting (XSS) flaw in the file modules/gdpr.php that can be triggered via the parameter term in requests to the admin endpoint /wp-admin/admin.php on the page wplivechat-menu-gdpr...

6.1CVSS6AI score0.01022EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2018/10/18 12:0 a.m.7 views

PT-2018-14475 · WordPress · Wp-Live-Chat-Support

Name of the Vulnerable Software and Affected Versions: wp-live-chat-support version 8.0.15 Description: A security issue exists in the wp-live-chat-support plugin for WordPress. The problem is related to the term parameter in the "modules/gdpr.php" file. This issue can be exploited through a...

6.1CVSS6.1AI score0.01022EPSS
Exploits1References4
OSV
OSV
added 2018/09/28 12:29 a.m.3 views

CVE-2018-17377

SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter...

9.8CVSS5.8AI score0.03213EPSS
Exploits5References2
CNVD
CNVD
added 2018/09/10 12:0 a.m.4 views

FUEL CMS SQL Injection Vulnerability

FUEL CMS is a content management system based on CodeIgniter. FUEL CMS 1.4.1 suffers from a SQL injection vulnerability that can be exploited by an attacker via the layout, published or searchterm parameters of pages/items...

9.8CVSS9.9AI score0.01421EPSS
Exploits0References1
CNVD
CNVD
added 2018/08/14 12:0 a.m.3 views

OpenEMR SQL Injection Vulnerability (CNVD-2019-10146)

OpenEMR is a medical practice management software that also supports electronic medical records EMR. A SQL injection vulnerability exists in interface/deidentificationforms/finddrugpopup.php in OpenEMR versions prior to 5.0.1.4, which can be exploited by remote attackers to execute arbitrary SQL...

8.8CVSS9.3AI score0.01845EPSS
Exploits0References1
OSV
OSV
added 2018/03/29 5:29 a.m.5 views

CVE-2018-9122

In Crea8social 2018.2, there is Reflected Cross-Site Scripting via the term parameter to the /search URI...

5.4CVSS5.8AI score
Exploits0References2
CNVD
CNVD
added 2018/03/29 12:0 a.m.2 views

Crea8Social cross-site scripting vulnerability (CNVD-2018-07586)

Crea8social is a PHP-based social networking platform developed by Nigerian software developer Tiamiyu Waliu Kola. A cross-site scripting vulnerability exists in Crea8social version 2018.2. A remote attacker can exploit the vulnerability by sending the 'term' parameter to the /search URI to injec...

5.4CVSS6.2AI score0.00575EPSS
Exploits3References1
NVD
NVD
added 2017/09/13 3:29 a.m.17 views

CVE-2017-14403

The EyesOfNetwork web interface aka eonweb 5.1-0 has SQL injection via the term parameter to module/admingroup/search.php...

9.8CVSS9.9AI score0.01454EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/09/13 3:0 a.m.15 views

CVE-2017-14403

The EyesOfNetwork web interface aka eonweb 5.1-0 has SQL injection via the term parameter to module/admingroup/search.php...

9.9AI score0.01454EPSS
Exploits1References1
OSV
OSV
added 2017/01/12 6:59 a.m.17 views

CVE-2017-5345

SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute arbitrary SQL commands via the term parameter to the default URI...

8.8CVSS8.3AI score
Exploits0References3
CNVD
CNVD
added 2016/11/16 12:0 a.m.4 views

OIC Exponent CMS SQL Injection Vulnerability (CNVD-2016-11262)

OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from the American OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. An SQL injection vulnerabilit...

9.8CVSS8.3AI score0.0149EPSS
Exploits0References1
NVD
NVD
added 2012/10/09 3:55 p.m.15 views

CVE-2011-5209

Cross-site scripting XSS vulnerability in search/ in GraphicsClone Script, possibly 1.11, allows remote attackers to inject arbitrary web script or HTML via the term parameter...

4.3CVSS5.8AI score0.01648EPSS
Exploits1References5
Prion
Prion
added 2012/10/09 3:55 p.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in search/ in GraphicsClone Script, possibly 1.11, allows remote attackers to inject arbitrary web script or HTML via the term parameter...

4.3CVSS6.2AI score0.01648EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2012/10/09 3:0 p.m.24 views

CVE-2011-5209

Cross-site scripting XSS vulnerability in search/ in GraphicsClone Script, possibly 1.11, allows remote attackers to inject arbitrary web script or HTML via the term parameter...

5.8AI score0.01648EPSS
Exploits1References5
NVD
NVD
added 2008/12/17 5:30 p.m.10 views

CVE-2008-5628

SQL injection vulnerability in index.php in CMS little 0.0.1 allows remote attackers to execute arbitrary SQL commands via the term parameter...

6.8CVSS8.4AI score0.00909EPSS
Exploits1References4
Rows per page
Query Builder