Lucene search
+L

169 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:39 a.m.7 views

CVE-2023-26813

SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java in wangmarket CMS 4.10 allows remote attackers to run arbitrary SQL commands via the TableName parameter to /plugin/dataDictionary/tableView.do...

9.8CVSS8.4AI score0.00966EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/16 12:0 a.m.3 views

SourceCodester Stock Management System 安全漏洞

SourceCodester Stock Management System is an open source inventory management system from SourceCodester. A security vulnerability exists in SourceCodester Stock Management System version 1.0, which originates from SQL injection due to incorrect manipulation of the parameter ID in the file...

8.8CVSS6.9AI score0.0042EPSS
Exploits1References6
Patchstack
Patchstack
added 2025/03/04 10:18 p.m.6 views

WordPress Recently Purchased Products For Woo plugin <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via view Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via view Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Recently Purchased Products For Woo versions = 1.1.3...

6.4CVSS5.7AI score0.00289EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/01/17 5:15 p.m.5 views

CVE-2024-26157

All versions of ETIC Telecom Remote Access Server RAS prior to 4.5.0 are vulnerable to reflected cross site scripting XSS attacks in get view method under view parameter. The ETIC RAS web server uses dynamic pages that get their input from the client side and reflect the input in their response t...

5.3CVSS5.3AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/17 12:0 a.m.5 views

ETIC Telecom Remote Access Server 跨站脚本漏洞

ETIC Telecom Remote Access Server is a remote maintenance solution from the French company ETIC Telecom. It is designed to enable manufacturers to remotely maintain automated equipment. A cross-site scripting vulnerability exists in ETIC Telecom Remote Access Server versions prior to 4.5.0, which...

6.1CVSS5.7AI score0.00224EPSS
Exploits0References2
OSV
OSV
added 2024/10/24 6:15 p.m.3 views

CVE-2024-10338

A vulnerability classified as critical was found in SourceCodeHero Clothes Recommendation System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/home.php. The manipulation of the argument view/view1 leads to sql injection. The attack can be launched remotely. Th...

7.2CVSS5.8AI score0.00441EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/09/12 12:0 a.m.7 views

i-doit 跨站脚本漏洞

i-doit is a configuration management database software from i-doit Inc. A cross-site scripting vulnerability exists in i-doit pro that stems from a lack of proper cleanup of the id, lang, mNavID, name, pID, treeNode, type, and view parameters...

6.1CVSS6.1AI score0.00226EPSS
Exploits0References2
OSV
OSV
added 2024/08/26 8:15 p.m.4 views

CVE-2024-44797

A cross-site scripting XSS vulnerability in the component /managers/enablerequests.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the view parameter...

6.1CVSS5.9AI score0.00311EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/08/26 12:0 a.m.6 views

Gazelle 安全漏洞

Gazelle is a web framework for private BitTorrent trackers from the individual developers at WhatCD. Gazelle has a security vulnerability that stems from a cross-site scripting vulnerability in the view parameter of the /managers/enablerequests.php file...

6.1CVSS6.1AI score0.00311EPSS
Exploits1References4
OSV
OSV
added 2024/08/06 1:15 p.m.4 views

CVE-2024-33993

Cross-Site Scripting XSS vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in /candidate/index.php'...

6.1CVSS5.8AI score0.00253EPSS
Exploits0References1
OSV
OSV
added 2024/08/06 1:15 p.m.5 views

CVE-2024-33994

Cross-Site Scripting XSS vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in '/event/index.php'...

6.1CVSS5.8AI score0.00253EPSS
Exploits0References1
OSV
OSV
added 2024/08/06 1:15 p.m.5 views

CVE-2024-33992

Cross-Site Scripting XSS vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the 'view' parameter in '/student/index.php'...

6.1CVSS5.8AI score0.00253EPSS
Exploits0References1
OSV
OSV
added 2024/08/06 1:15 p.m.6 views

CVE-2024-33991

Cross-Site Scripting XSS vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the 'view' parameter in '/eventwinner/index.php'...

6.1CVSS5.8AI score0.00253EPSS
Exploits0References1
NVD
NVD
added 2024/08/06 1:15 p.m.25 views

CVE-2024-33991

Cross-Site Scripting XSS vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the 'view' parameter in '/eventwinner/index.php'...

7.1CVSS0.00253EPSS
Exploits0References1
NVD
NVD
added 2024/08/06 1:15 p.m.23 views

CVE-2024-33986

Cross-Site Scripting XSS vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in...

7.1CVSS0.00308EPSS
Exploits0References1
OSV
OSV
added 2024/08/06 1:15 p.m.3 views

CVE-2024-33986

Cross-Site Scripting XSS vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in...

6.1CVSS5.8AI score0.00308EPSS
Exploits0References1
OSV
OSV
added 2024/08/06 1:15 p.m.4 views

CVE-2024-33985

Cross-Site Scripting XSS vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in '/course/index.php...

6.1CVSS5.8AI score0.00308EPSS
Exploits0References1
CVE
CVE
added 2024/08/06 1:9 p.m.39 views

CVE-2024-33994

The CVE-2024-33994 describes a Cross-Site Scripting (XSS) vulnerability in School Event Management System version 1.0. The issue is triggered by crafting a URL that targets the view parameter in /event/index.php, enabling an attacker to obtain a victim’s session details. The NVD entry lists the a...

7.1CVSS5.7AI score0.00253EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/06 1:9 p.m.14 views

CVE-2024-33993 Cross-Site Scripting (XSS) vulnerability in Janobe School Event Management System

Cross-Site Scripting XSS vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in /candidate/index.php'...

7.1CVSS5.7AI score0.00253EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/06 1:9 p.m.29 views

CVE-2024-33993 Cross-Site Scripting (XSS) vulnerability in Janobe School Event Management System

Cross-Site Scripting XSS vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in /candidate/index.php'...

7.1CVSS0.00253EPSS
Exploits0References1
Rows per page
Query Builder