Lucene search
K

152 matches found

UbuntuCve
UbuntuCve
added 2022/11/19 12:15 a.m.371 views

CVE-2022-4055

When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attac...

7.4CVSS7.1AI score0.00652EPSS
Exploits1References1
Openbugbounty
Openbugbounty
added 2022/07/04 3:14 a.m.14 views

urlaub-und-kurzreisen.de Cross Site Scripting vulnerability OBB-2717721

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
wpexploit
wpexploit
added 2022/05/17 12:0 a.m.156 views

Advanced Admin Search < 1.1.6 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting. Affected parameters: keyword, user, metaKey, and metaValue https://example.com/wp-admin/admin.php?page=advanced-admin-search&keyword="...

6.1CVSS0.3AI score0.00757EPSS
Exploits2
wpexploit
wpexploit
added 2022/02/16 12:0 a.m.263 views

Flexi - Guest Submit < 4.20 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape various parameters before outputting them back in some pages such as the user dashboard, leading to a Reflected Cross-Site Scripting Open the following URL when authenticated as any user: https://example.com/user-dashboard/?search=keyword:...

6.1CVSS6.2AI score0.00788EPSS
Exploits2
CVE
CVE
added 2021/05/28 9:0 p.m.145 views

CVE-2021-29492

Envoy versions up to 1.18.2 contain a URL-path decoding flaw: escaped slashes (%2F, %5C) are not decoded, allowing an attacker to craft paths like /something%2F..%2Fadmin to bypass access controls and escalate privileges when RBAC/JWT filters enforce path-based policies. This can let a backend se...

8.3CVSS8AI score0.68383EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2021/05/14 10:2 a.m.22 views

Sifchain: Session Token in URL

Hello Sifchain Finance Team - Greetings to you! Hope you are well and safe. MAIN URL - https://sifchain.finance/master/ URL That has to be fixed -...

6.6AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/23 12:0 a.m.301 views

WordPress GiveWP 2.9.7 Cross Site Scripting

Exploit Title: GiveWP 2.9.7 Reflected Cross-Site Scripting Date: 3/23/2021 Exploit Author: Austin Bentley Vendor Homepage: https://givewp.com/ Software Link: https://wordpress.org/plugins/give/ Version: 2.9.7 Tested on: Windows 7 CVE: CVE-2021-24213 Exploitation requirements: Admin must visit...

6.3AI score0.0137EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/12/24 12:0 a.m.225 views

Apartment Visitors Management System 1.0 - Authentication Bypass

Exploit Title: Apartment Visitors Management System 1.0 - Authentication Bypass Date: 2020-12-24 Exploit Author: Kshitiz Rajmanitorpotterk Vendor Homepage: https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/ Software Link:...

7.4AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/09/26 10:47 a.m.6 views

corporate.xoxochef.in Cross Site Scripting vulnerability OBB-1365792

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.3AI score
Exploits0
Atlassian
Atlassian
added 2020/09/23 5:14 p.m.31 views

Embedded Crowd passes sensitive paramaters in the URL when adding a new or editing an existing user directory.

h3. Issue Summary While adding a new directory or editing an existing one the embedded crowd passes directoryId, xsrfTokenName and xsrfTokenValue parameters to the URL. h3. Environment Bitbucket 6.9.X, 7.4.X, 7.5.X, 7.6.X h3. Steps to Reproduce In Bitbucket navigate to Gear Icon User Directories;...

2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/09/10 8:16 a.m.10 views

woodstockfarmersmarket.com Improper Access Control vulnerability OBB-1320079

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

0.6AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/08/19 2:3 p.m.13 views

nurse-senka.jp Cross Site Scripting vulnerability OBB-1265805

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

0.7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/07/27 12:29 p.m.15 views

doc.cgal.org Improper Access Control vulnerability OBB-1240092

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

0.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/06/26 8:53 a.m.10 views

biopp.univ-montp2.fr Improper Access Control vulnerability OBB-1207208

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

0.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/06/12 10:55 a.m.8 views

wasteconcern.com Cross Site Scripting vulnerability OBB-1194147

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/06/11 11:53 p.m.7 views

industrialworld.com Improper Access Control vulnerability OBB-1193318

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

7.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/06/10 11:16 a.m.12 views

hakanpettersson.se Cross Site Scripting vulnerability OBB-1191333

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/05/04 5:20 p.m.8 views

comune.miglianico.ch.it Cross Site Scripting vulnerability OBB-1155990

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/03/30 8:21 p.m.9 views

omanairports.co.om Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1129275 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

0.6AI score
Exploits0
Openbugbounty
Openbugbounty
added 2019/12/16 5:3 p.m.7 views

proakademija.si Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1040636 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

6.2AI score
Exploits0
Rows per page
Query Builder