Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
šŸ”„ Daily Hot!
šŸ’ŖšŸ½ CPE Enhanced Advisories
šŸ•¶ Shadow Exploits
šŸ•µšŸ¼ Vulners CPE
šŸ” Security news
šŸ’» Exploit updates
šŸ“‘ Blogs review
šŸ§ Linux vulnerabilities
šŸž Bugbounty
šŸ¤– AI High Score
šŸ“° CVE Feed
show all

376 matches found

NVD
NVDā€¢added 2020/07/14 3:15 p.m.ā€¢11 views

CVE-2020-15721

RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php...

6.1CVSS0.00432EPSS
Exploits0References3
OSV
OSVā€¢added 2020/07/14 3:15 p.m.ā€¢10 views

CVE-2020-15721

RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php...

6.1CVSS6.2AI score
Exploits0References3
Prion
Prionā€¢added 2020/07/14 3:15 p.m.ā€¢11 views

Design/Logic Flaw

RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php...

4.3CVSS6AI score0.00432EPSS
Exploits0References3Affected Software1
CVE
CVEā€¢added 2020/07/14 2:26 p.m.ā€¢51 views

CVE-2020-15721

CVE-2020-15721 affects RosarioSIS up to 6.8-beta. A cross-site scripting (XSS) issue is caused by the href attributes in modules/Custom/NotifyParents.php affecting AddStudents.php and User.php. The connected documents do not provide a patch version, workaround, or explicit exploitation details. N...

6.1CVSS6AI score0.00432EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistā€¢added 2020/07/14 2:26 p.m.ā€¢17 views

CVE-2020-15721

RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php...

6.1AI score0.00432EPSS
Exploits0References3
NVD
NVDā€¢added 2020/06/04 3:15 p.m.ā€¢8 views

CVE-2020-13827

phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php...

6.1CVSS6.1AI score0.0024EPSS
Exploits1References2
Prion
Prionā€¢added 2020/06/04 3:15 p.m.ā€¢7 views

Design/Logic Flaw

phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/admin/users.php...

4.3CVSS6AI score0.0024EPSS
Exploits1References2Affected Software1
NVD
NVDā€¢added 2020/03/12 2:15 p.m.ā€¢13 views

CVE-2020-10410

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/edit-user.php by adding a question mark ? followed by the payload...

4.8CVSS5AI score0.00321EPSS
Exploits1References2
Prion
Prionā€¢added 2020/03/12 2:15 p.m.ā€¢13 views

Cross site scripting

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/report-user.php by adding a question mark ? followed by the payload...

3.5CVSS4.9AI score0.00321EPSS
Exploits1References2Affected Software1
Prion
Prionā€¢added 2020/03/12 2:15 p.m.ā€¢13 views

Cross site scripting

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-user.php by adding a question mark ? followed by the payload...

3.5CVSS4.9AI score0.00321EPSS
Exploits1References2Affected Software1
CVE
CVEā€¢added 2020/03/12 1:5 p.m.ā€¢39 views

CVE-2020-10451

CVE-2020-10451 affects Chadha PHPKB Standard Multiā€‘Language 9. The issue is in URI handling in admin/header.php, enabling Reflected XSS in admin/report-user.php when a ? payload is appended; documentation also notes similar URI handling XSS patterns in related Red Hat advisories (e.g., add-articl...

4.8CVSS4.9AI score0.00321EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistā€¢added 2020/03/12 1:4 p.m.ā€¢14 views

CVE-2020-10410

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/edit-user.php by adding a question mark ? followed by the payload...

5AI score0.00321EPSS
Exploits1References2
Cvelist
Cvelistā€¢added 2020/03/12 1:3 p.m.ā€¢23 views

CVE-2020-10399

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/add-user.php by adding a question mark ? followed by the payload...

5AI score0.00321EPSS
Exploits1References2
CVE
CVEā€¢added 2019/10/28 1:55 p.m.ā€¢42 views

CVE-2019-18195

TerraMaster FS-210 (firmware 4.0.19) contains an elevation-of-privilege flaw where normal users can leverage 1.user.php to gain higher privileges. Documented impact is network-accessible via the vulnerability with high severity (CVSS 3.1 base score 8.8, HIGH). Root cause details are not elaborate...

8.8CVSS8.7AI score0.00387EPSS
Exploits1References1Affected Software1
NVD
NVDā€¢added 2019/10/24 5:15 p.m.ā€¢12 views

CVE-2019-12094

Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=updatef&username= or admin/user.php?form=removef&username= or admin/config/diff.php?app= URI...

6.1CVSS6AI score0.008EPSS
Exploits6References6
Prion
Prionā€¢added 2019/10/24 5:15 p.m.ā€¢17 views

Hardcoded credentials

Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=updatef&username= or admin/user.php?form=removef&username= or admin/config/diff.php?app= URI...

4.3CVSS6.2AI score0.008EPSS
Exploits6References6Affected Software1
UbuntuCve
UbuntuCveā€¢added 2019/10/24 5:15 p.m.ā€¢21 views

CVE-2019-12094

Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=updatef&username= or admin/user.php?form=removef&username= or admin/config/diff.php?app= URI...

6.1CVSS6.8AI score0.008EPSS
Exploits6References6
CVE
CVEā€¢added 2019/10/24 4:49 p.m.ā€¢125 views

CVE-2019-12094

CVE-2019-12094 affects Horde Groupware Webmail Edition through 5.2.22. The vulnerability allows XSS via crafted URIs such as admin/user.php?form=update_f&user_name=, admin/user.php?form=remove_f&user_name=, or admin/config/diff.php?app=, as documented in the CVE entry and OSV/NVD references. The ...

6.1CVSS6.8AI score0.008EPSS
Exploits6References6Affected Software1
Cvelist
Cvelistā€¢added 2019/10/24 4:49 p.m.ā€¢18 views

CVE-2019-12094

Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=updatef&username= or admin/user.php?form=removef&username= or admin/config/diff.php?app= URI...

7AI score0.008EPSS
Exploits6References6
NVD
NVDā€¢added 2019/03/27 5:29 p.m.ā€¢8 views

CVE-2017-18364

phpFK lite has XSS via the faq.php, members.php, or search.php query string or the user.php user parameter...

7.4CVSS7.2AI score0.00407EPSS
Exploits2References3
Rows per page
Query Builder