Lucene search
+L

93 matches found

osv
osv
added 2024/05/08 2:15 p.m.5 views

CVE-2024-4651

A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/studentattendancehistory1.php. The manipulation of the argument year leads to cross site scripting. The...

6.1CVSS4AI score0.00481EPSS
Exploits1References4
cnnvd
cnnvd
added 2024/05/08 12:0 a.m.4 views

Complete Web-Based School Management System 跨站脚本漏洞

Campcodes Complete Web-Based School Management System is a web-based school management system from Campcodes, Inc. A cross-site scripting vulnerability exists in version 1.0 of the Complete Web-Based School Management System, which stems from a cross-site scripting vulnerability in the year...

6.1CVSS4.5AI score0.00481EPSS
Exploits1References5
osv
osv
added 2024/05/06 5:15 a.m.3 views

CVE-2024-4523

A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /view/teacherattendancehistory1.php. The manipulation of the argument year leads to cross site...

6.1CVSS4AI score0.00608EPSS
Exploits1References4
cnnvd
cnnvd
added 2024/05/06 12:0 a.m.4 views

Campcodes Complete Web-Based School Management System 跨站脚本漏洞

Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A cross-site scripting vulnerability exists in version 1.0 of the Campcodes Complete Web-Based School Management System, which stems from a cross-site scripting vulnerability in the...

6.1CVSS4.5AI score0.00608EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2024/05/06 12:0 a.m.6 views

PT-2024-31488 · Campcodes · Campcodes Complete Web-Based School Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Complete Web-Based School Management System version 1.0 Description: A problematic issue has been found in the system, affecting some unknown functionality of the file /view/teacher attendance history1.php. The manipulation of the...

6.1CVSS4.3AI score0.00608EPSS
Exploits1References9
cnnvd
cnnvd
added 2024/04/25 12:0 a.m.5 views

Tenda 4G300 安全漏洞

The Tenda 4G300 is a portable wireless router aimed at users who need mobile Internet access scenarios. The Tenda 4G300 suffers from a buffer overflow vulnerability that stems from incorrect manipulation of the parameters year/month/day/hour/minute/second, for which no detailed vulnerability...

9CVSS7.4AI score0.01755EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2024/04/05 12:0 a.m.4 views

PT-2024-6872 · Za Internet · Za-Internet C-Mor Video Surveillance

Name of the Vulnerable Software and Affected Versions: za-internet C-MOR Video Surveillance versions 5.2401 through 6.00PL01 Description: An issue was discovered due to insufficient input validation, making the C-MOR web interface vulnerable to OS command injection attacks. The vulnerability can ...

9CVSS7.8AI score0.02612EPSS
Exploits2References11
susecve
susecve
added 2023/02/15 6:14 a.m.4 views

SUSE CVE-2006-3682

awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the 1 year, 2 pluginmode or 3 month parameters...

5CVSS7AI score0.09545EPSS
Exploits1References3
attackerkb
attackerkb
added 2022/04/21 8:15 p.m.3 views

CVE-2022-28025

Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=schoolyear...

9.8CVSS7.3AI score0.01405EPSS
Exploits1References2
cnnvd
cnnvd
added 2021/04/05 12:0 a.m.6 views

Knowage SQL注入漏洞

Knowage is a suite of open source tools for modern business analytics. A SQL injection vulnerability exists in the documentexecution/url analysis driver component of Knowage prior to version 7.4 when running reports. An attacker can exploit this vulnerability to execute arbitrary SQL commands on ...

8.8CVSS6.3AI score0.01602EPSS
Exploits1References2
cnnvd
cnnvd
added 2021/03/01 12:0 a.m.5 views

EPrints 安全漏洞

EPrints is a free open source software package for building open access repositories compliant with the OAI-PMH protocol. EPrints 3.4.2 suffers from a command injection vulnerability. A remote attacker can exploit this vulnerability by entering specially crafted data into cgi/cal?year= URI to...

9.8CVSS6AI score0.03057EPSS
Exploits1References3
cnnvd
cnnvd
added 2021/03/01 12:0 a.m.5 views

EPrints 跨站脚本漏洞

EPrints is a free open source software package for building open access repositories compliant with the OAI-PMH protocol. A reflected cross-site scripting vulnerability exists in the year parameter of the cgi/cal URI in EPrints 3.4.2. No detailed vulnerability details are provided at this time...

6.1CVSS5.1AI score0.07326EPSS
Exploits1References3
osv
osv
added 2019/09/17 3:15 p.m.2 views

CVE-2016-10992

The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports fromyear parameter...

6.1CVSS5.8AI score0.01623EPSS
Exploits1References3
cnvd
cnvd
added 2017/06/07 12:0 a.m.4 views

WordPress Spiffy Calendar Plugin Cross-Site Scripting Vulnerability

WordPress is a suite of blogging platforms developed by the WordPress Software Foundation using the PHP language, which supports setting up personal blog sites on servers running PHP and MySQL.Spiffy Calendar plugin is a plugin for managing and displaying user event and appointment information. A...

6.1CVSS6.2AI score0.01323EPSS
Exploits0References1
osv
osv
added 2017/06/05 7:29 p.m.4 views

CVE-2017-9420

Cross site scripting XSS vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter...

6.1CVSS5.7AI score0.01323EPSS
Exploits0References3
osv
osv
added 2017/05/05 6:29 p.m.4 views

CVE-2017-8789

An issue was discovered on Accellion FTA devices before FTA912180. A reporterror.php?year='payload SQL injection vector exists...

9.8CVSS5.8AI score0.01161EPSS
Exploits1References1
cnvd
cnvd
added 2016/11/01 12:0 a.m.2 views

Command Execution Vulnerability in Call Center System Year Parameter of Tibus Communications

The core of Tibco's call center system is a communication-based system for internal and external corporate communication. A command execution vulnerability exists in the year parameter of the Setset Time Communication Call Center System. The vulnerability file: /sysmaint/settime.php allows...

7.7AI score
Exploits0References1
seebug
seebug
added 2014/04/17 12:0 a.m.36 views

Jigowatt PHP Event Calendar "year" SQL注入漏洞

Jigowatt PHP Event Calendar是一款日历WEB应用程序。 Jigowatt PHP Event Calendar calendar/dayview.php不正确过滤"year"参数数据,允许远程攻击者利用漏洞提交特制的SQL查询,操作或获取数据库数据。 0 Jigowatt PHP Event Calendar 2.x 目前没有详细解决方案: http://codecanyon.net/item/php-event-calendar/47723...

7.1AI score
Exploits0
ptsecurity
ptsecurity
added 2014/01/26 12:0 a.m.6 views

PT-2014-4252 · Drupal · Drupal

Name of the Vulnerable Software and Affected Versions: Drupal versions 7.14 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the year parameter to the "eventcalander/" endpoint. This issue has been disputed by the Drupal Security Tea...

4.3CVSS5.8AI score0.01332EPSS
Exploits2References6
prion
prion
added 2010/03/23 1:0 a.m.23 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in AudiStat 1.3 allow remote attackers to inject arbitrary web script or HTML via the 1 year and 2 mday parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

4.3CVSS5.9AI score0.01204EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder