33 matches found
PHPJabbers Yacht Listing Script v1.0 - Cross-Site Scripting
There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Yacht Listing Script v1.0. id: CVE-2023-40750 info: name: PHPJabbers Yacht Listing Script v1.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | There is a Cross Site...
CVE-2023-40761
User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...
EUVD-2023-42603
Malicious code in bioql PyPI...
EUVD-2023-45303
Malicious code in bioql PyPI...
EUVD-2023-45314
Malicious code in bioql PyPI...
CVE-2023-40750
There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Yacht Listing Script v1.0...
CVE-2023-38830
An information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients' credit card numbers from the Reservations module...
CVE-2023-40761
User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...
CVE-2023-40761
User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...
CVE-2023-40761
User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...
CVE-2023-40750
There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Yacht Listing Script v1.0...
CVE-2023-40750
There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Yacht Listing Script v1.0...
CVE-2023-40750
There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Yacht Listing Script v1.0...
Cross site scripting
There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Yacht Listing Script v1.0...
Design/Logic Flaw
User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...
Yacht Listing Script 跨站脚本漏洞
Yacht Listing Script is yacht and boat categorization software. A security vulnerability exists in PHPJabbers Yacht Listing Script v1.0, which is caused by a cross-site scripting vulnerability in the "action" parameter of the index.php file...
Yacht Listing Script 安全漏洞
Yacht Listing Script is yacht and boat categorization software. A security vulnerability exists in PHPJabbers Yacht Listing Script version v2.0, which stems from a user enumeration vulnerability during password reset...
CVE-2023-40750
CVE-2023-40750 concerns PHPJabbers Yacht Listing Script v1.0, where a Cross-Site Scripting (XSS) flaw exists in the action parameter of index.php. The connected sources describe an unauthenticated input that can inject JavaScript through this parameter, enabling manipulation of yacht listings and...
CVE-2023-40761
CVE-2023-40761 affects PHPJabbers Yacht Listing Script v2.0, where a password-recovery message difference allows user enumeration. An attacker could determine if a username exists, enabling brute-force attempts with valid users. The issue is documented across multiple sources (e.g., Red Hat, NVD/...
CVE-2023-40761
User enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...