Lucene search
+L

78 matches found

NVD
NVD
added 2023/01/02 4:15 p.m.35 views

CVE-2023-22451

Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the...

8.8CVSS7.2AI score0.00681EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/01/02 3:56 p.m.9 views

CVE-2023-22451 Weak password requirements in Kiwi TCMS

Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the...

6.5CVSS7.3AI score0.00681EPSS
Exploits0References3
OSV
OSV
added 2023/01/02 3:56 p.m.23 views

CVE-2023-22451 Weak password requirements in Kiwi TCMS

Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the...

6.5CVSS8.7AI score0.00681EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/12/26 12:0 a.m.7 views

PT-2022-26422 · WordPress · Wp Google Review Slider

Name of the Vulnerable Software and Affected Versions: WP Google Review Slider WordPress plugin versions prior to 11.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...

4.8CVSS4.5AI score0.00532EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2022/11/14 8:56 a.m.4 views

Low: Red Hat Bug Fix Advisory: redhat-ds:11 bug fix and enhancement update

An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.6 for RHEL 8. Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol LDAP server, as well as command-line utilities and Web UI...

6.5CVSS6.8AI score0.01531EPSS
Exploits2References8
OpenVAS
OpenVAS
added 2022/09/22 12:0 a.m.10 views

WordPress Yoast SEO Plugin 1.2.0 < 11.6 XSS Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

9.9CVSS7AI score0.03304EPSS
Exploits0References1
EUVD
EUVD
added 2022/08/22 6:27 p.m.3 views

EUVD-2022-35838

A cross-site scripting xss vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger...

9.6CVSS6.5AI score0.0303EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/08/22 12:0 a.m.5 views

PT-2022-21447 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 Description: An information disclosure issue exists in the aVideoEncoderReceiveImage functionality. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger th...

6.5CVSS6.5AI score0.02411EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/08/22 12:0 a.m.6 views

PT-2022-22271 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo version 11.6 WWBN AVideo dev master commit 3f7c0364 Description: A SQL injection issue exists in the ObjectYPT functionality, specifically within the Live Schedules plugin. This allows an attacker to inject SQL by manipulating the...

8.8CVSS8.3AI score0.00912EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/08/22 12:0 a.m.5 views

PT-2022-20200 · Wwbn · Wwbn Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 Description: A privilege escalation issue exists in the session id functionality. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP...

8.8CVSS8.6AI score0.04125EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/08/22 12:0 a.m.5 views

PT-2022-20234 · Wwbn · Wwbn Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 Description: A cross-site scripting issue exists in the image403 functionality. This allows an attacker to execute arbitrary Javascript code through a specially-crafted HTTP request. An attacker can exploit this by...

9.6CVSS7.6AI score0.83583EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/08/22 12:0 a.m.5 views

PT-2022-21710 · Unknown +1 · Wwbn Avideo +1

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 Description: A SQL injection issue exists in the ObjectYPT functionality, specifically within the Live Schedules plugin. This allows an attacker to inject SQL by manipulating the title parameter in a specially-crafte...

8.8CVSS8.5AI score0.00973EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/08/22 12:0 a.m.5 views

WWBN AVideo SQL注入漏洞

WWBN AVideo is a video platform builder written in PHP by the WWBN team. A SQL injection vulnerability exists in WWBN AVideo version 11.6. An attacker exploits this vulnerability to cause SQL injection via a specially crafted HTTP request...

8.8CVSS8AI score0.00912EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/08/22 12:0 a.m.4 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform builder written in PHP by the WWBN team. A security vulnerability exists in WWBN AVideo version 11.6, which stems from an information disclosure vulnerability in the chunkFile function. An attacker can exploit this vulnerability to cause an arbitrary file to be rea...

6.5CVSS7.1AI score0.02296EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/08/22 12:0 a.m.5 views

PT-2022-21452 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 and dev master commit 3f7c0364 Description: A cross-site scripting xss vulnerability exists in the footer alerts functionality. This issue allows for arbitrary Javascript execution through a specially-crafted HTTP...

9.6CVSS7.2AI score0.03355EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/08/16 12:0 a.m.4 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform builder written in PHP by the WWBN team. A security vulnerability exists in WWBN AVideo version 11.6, which stems from a missing HttpOnly flag in the session cookie and pass cookie, which can disclose sensitive information...

7.5CVSS7.5AI score0.01983EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/08/16 12:0 a.m.5 views

WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform builder written in PHP by the WWBN team. A cross-site scripting vulnerability exists in WWBN AVideo version 11.6. An attacker can exploit this vulnerability to execute arbitrary Javascript via a specially crafted HTTP request...

9.6CVSS7.7AI score0.03187EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/08/16 12:0 a.m.2 views

WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform builder written in PHP by the WWBN team. A cross-site scripting vulnerability exists in WWBN AVideo version 11.6, which stems from a specially crafted HTTP request that could lead to arbitrary Javascript execution...

9.6CVSS8.2AI score0.0293EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/08/16 12:0 a.m.4 views

WWBN AVideo 授权问题漏洞

WWBN AVideo is a video platform builder written in PHP by the WWBN team. An authorization issue vulnerability exists in WWBN AVideo version 11.6. An attacker could exploit this vulnerability to escalate privileges via a specially crafted HTTP request...

8.8CVSS8AI score0.04125EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/08/16 12:0 a.m.4 views

WWBN AVideo SQL注入漏洞

WWBN AVideo is a video platform builder written in PHP by the WWBN team. WWBN AVideo version 11.6 suffers from a SQL injection vulnerability that stems from a sql injection vulnerability in the ObjectYPT function. An attacker can use this vulnerability to cause an sql injection via a specially...

8.8CVSS8AI score0.01636EPSS
Exploits0References4
Rows per page
Query Builder