Lucene search
K

153 matches found

Cvelist
Cvelist
added 2023/02/02 12:0 a.m.16 views

CVE-2022-48082

Easyone CRM v5.50.02 was discovered to contain a SQL Injection vulnerability via the text parameter at /Services/Misc.asmx/SearchTag...

10AI score0.00602EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/02/02 12:0 a.m.2 views

Easyone CRM SQL注入漏洞

Easyone CRM is a customer relationship management system from Easyone. Manage your business relationships and access your data, from sales to marketing, wherever you are, directly from your management. A security vulnerability exists in Easyone CRM version v5.50.02, which stems from a SQL injecti...

9.8CVSS8.6AI score0.00602EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/01/19 12:0 a.m.7 views

PT-2023-15095 · Nexusphp · Nexusphp

Name of the Vulnerable Software and Affected Versions: NexusPHP versions prior to 1.7.33 Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to reflective cross-site scripting XSS attacks. This can be achieved by injecting malicious input int...

6.1CVSS6.2AI score0.01543EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/01/13 12:0 a.m.4 views

Dovgalyuk AIBattle SQL注入漏洞

AIBattle is a platform for creating AI contests by Pavel Dovgalyuk Personal Developer. Dovgalyuk AIBattle suffers from a SQL injection vulnerability that originates in the function sendComments in the file site/procedures.php, where manipulating the text of the parameter results in SQL injection...

9.8CVSS6.6AI score0.00745EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/12/28 12:0 a.m.2 views

A PyPI for Yola 跨站脚本漏洞

A PyPI for Yola is a simple django application in the Yola open source. A PyPI for Yola suffers from a cross-site scripting vulnerability that stems from incorrect manipulation of the parameter text leading to cross-site scripting...

6.1CVSS4.2AI score0.00494EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/11/23 12:0 a.m.4 views

PT-2022-27153 · Totolink · Totolink Lr350

Name of the Vulnerable Software and Affected Versions: TOTOLINK LR350 version 9.3.5u.6369 B20220309 Description: The issue is a post-authentication buffer overflow that occurs via the text parameter in the setSmsCfg function. This allows for potential exploitation after authentication has been...

8.8CVSS7.6AI score0.0211EPSS
Exploits1References5
CNVD
CNVD
added 2022/10/08 12:0 a.m.2 views

TOTOLINK NR1800X setSmsCfg method text parameter buffer overflow vulnerability

TOTOLINK NR1800X is a 5G NR indoor Wi-Fi and SIP CPE broadband access device from China's Gion Electronics TOTOLINK, which is mainly used for the deployment of NR fixed data services in homes and offices to support 5G NR network connectivity. The TOTOLINK NR1800X suffers from a buffer overflow...

8.8CVSS8AI score0.00865EPSS
Exploits1References1
OSV
OSV
added 2022/10/06 7:15 p.m.2 views

CVE-2022-41528

TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function...

8.8CVSS5.8AI score0.00865EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/10/06 7:15 p.m.2 views

CVE-2022-41528

TOTOLINK NR1800X V9.1.0u.6279B20210910 was discovered to contain an authenticated stack overflow via the text parameter in the setSmsCfg function...

8.8CVSS7.4AI score0.00865EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/10/06 12:0 a.m.6 views

TOTOLINK NR1800X 缓冲区错误漏洞

TOTOLINK NR1800X is a 5G NR indoor Wi-Fi and SIP CPE broadband access device from China's Gion Electronics TOTOLINK, which is mainly used for the deployment of NR fixed data services in homes and offices to support 5G NR network connectivity. The TOTOLINK NR1800X suffers from a buffer overflow...

8.8CVSS8AI score0.00865EPSS
Exploits1References2
OSV
OSV
added 2022/09/12 4:15 a.m.4 views

CVE-2022-36258

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt"...

7.5CVSS6AI score0.00786EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/09/12 4:15 a.m.7 views

CVE-2022-36258

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt"...

7.5CVSS7.5AI score0.00786EPSS
Exploits1References4
OSV
OSV
added 2022/08/18 2:15 a.m.6 views

CVE-2022-35601

A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt...

9.8CVSS6AI score0.00758EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/18 2:15 a.m.3 views

CVE-2022-35601

A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt...

9.8CVSS7.7AI score0.00758EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/08/18 2:15 a.m.3 views

CVE-2022-35603

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt...

9.8CVSS7.7AI score0.00716EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/08/18 12:0 a.m.5 views

PT-2022-22917 · Unknown · Sazanrjb Inventorymanagementsystem

Name of the Vulnerable Software and Affected Versions: sazanrjb InventoryManagementSystem version 1.0 Description: A SQL injection issue in SupplierDAO.java allows attackers to execute arbitrary SQL commands via the searchTxt parameter. This enables unauthorized access and manipulation of databas...

9.8CVSS10AI score0.00758EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/08/18 12:0 a.m.26 views

InventoryManagementSystem SQL注入漏洞

InventoryManagementSystem is an inventory management system by Sajan Rajbhandari, an individual developer. It provides an easy way to track products, suppliers, customers, and purchasing and sales information. A SQL injection vulnerability exists in InventoryManagementSystem version 1.0, which...

9.8CVSS9AI score0.00716EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/06/23 5:15 p.m.2 views

CVE-2022-34194

Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

5.4CVSS6.2AI score0.00602EPSS
Exploits0References2
CNVD
CNVD
added 2022/04/28 12:0 a.m.21 views

nopCommerce Cross-Site Scripting Vulnerability (CNVD-2022-70103)

nopCommerce is an open source general-purpose e-commerce platform. nopCommerce version 4.50.1 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied and output data in the "Text" parameter when creating a new post. An attacker...

3.5CVSS2.7AI score0.00681EPSS
Exploits1Affected Software1
OSV
OSV
added 2022/04/26 9:15 p.m.14 views

CVE-2022-28450

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS via the "Text" parameter forums when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser...

5.4CVSS6.4AI score
Exploits0References1
Rows per page
Query Builder