Lucene search
K

11 matches found

EUVD
EUVD
added yesterday8 views

EUVD-2026-42009

The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.12.7 via the 'postData' parameter parameter. This is due to unsanitized write of attacker-controlled postData values...

9.8CVSS6.3AI score0.00745EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/05/21 5:10 p.m.9 views

CVE-2026-48230

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdbimport.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters mdbhost, mdbdb, mdbuser, mdbpassword, mdbprefix,...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/13 8:58 p.m.9 views

CVE-2026-44418 Incomplete fix for CVE-2026-35184: SQL Injection in phili67/ecclesiacrm

EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL queries via strreplace without any sanitization, enabling SQL injection through query parameters th...

8.7CVSS5.9AI score0.00285EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/04/13 12:0 a.m.71 views

📄 Pachno 1.0.6 Cross Site Scripting

Pachno version 1.0.6 suffers from persistent cross site scripting vulnerabilities. Pachno 1.0.6 Stored Cross-Site Scripting Vendor: Daniel André Eikeland Product web page: https://github.com/pachno/pachno Affected version: 1.0.6 Summary: Pachno is an open-source collaboration platform formerly...

5.2AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/15 6:34 p.m.1 views

CVE-2013-20006 Qool CMS Multiple Persistent Cross-Site Scripting Vulnerabilities

Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST parameters are not properly sanitized before being stored and returned to users. Attackers can inject malicious JavaScript code through parameters like 'title', 'name', 'email',...

8.7CVSS5.9AI score0.00356EPSS
Exploits1References3
NVD
NVD
added 2026/02/05 5:16 p.m.7 views

CVE-2020-37137

PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...

9.8CVSS0.00541EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/05 4:13 p.m.3 views

CVE-2020-37137

PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...

8.6CVSS6.7AI score0.00541EPSS
Exploits1References3Affected Software1
Packet Storm
Packet Storm
added 2026/02/04 12:0 a.m.122 views

📄 Blesta 5.13.1 Admin Interface PHP Object Injection

Blesta versions 3.0.0 through 5.13.1 suffer from an administrative interface PHP object injection vulnerability. The vulnerabilities exist because user input passed through the vars and orderinfo POST parameters when dispatching the /app/controllers/adminclients.php script, and through the...

7.2CVSS6.3AI score0.00454EPSS
Exploits1
OSV
OSV
added 2022/02/21 11:15 a.m.2 views

CVE-2021-25101

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.94 does not sanitise and escape the POST data before outputting it back in attributes of an admin page, leading to a Reflected Cross-Site scripting. Due to the presence of specific parameter value, available to admin...

4.8CVSS5.5AI score
Exploits0References1
OSV
OSV
added 2021/05/24 11:15 a.m.2 views

CVE-2021-24294

The dsgvoaiowritelog AJAX action of the DSGVO All in one for WP WordPress plugin before 4.0 did not sanitise or escape some POST parameter submitted before outputting them in the Log page in the administrator dashboard wp-admin/admin.php?page=dsgvoaiofree-show-log. This could allow unauthenticate...

6.1CVSS5.8AI score
Exploits0References1
Exploit DB
Exploit DB
added 2003/12/01 12:0 a.m.29 views

Jason Maloney's Guestbook 3.0 - Remote Command Execution

// source: https://www.securityfocus.com/bid/9139/info A vulnerability has been reported in Jason Maloney's Guestbook that could result in remote command execution with the privileges of the web server. The problem occurs due to the application failing to sanitize sensitive script variables after...

7.4AI score
Exploits0
Rows per page
Query Builder