Lucene search
K

59 matches found

Prion
Prion
added 2018/01/24 10:29 a.m.16 views

Cross site request forgery (csrf)

Cross Site Request Forgery CSRF exists in RSVP Invitation Online 1.0 via function/account.php, as demonstrated by modifying the admin password...

6.8CVSS8.8AI score0.02168EPSS
Exploits5References1Affected Software1
Openbugbounty
Openbugbounty
added 2017/08/05 8:39 p.m.14 views

info-congres.com XSS vulnerability

Vulnerable URL: http://www.info-congres.com/account.php Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 05.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...

6.2AI score
Exploits0
Prion
Prion
added 2015/01/05 8:59 p.m.18 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in CMS Papoo Light 6.0.0 Rev 4701 allow remote attackers to inject arbitrary web script or HTML via the 1 author field to guestbook.php or 2 username field to account.php...

4.3CVSS6.1AI score0.03501EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2015/01/05 8:0 p.m.30 views

CVE-2014-9522

Multiple cross-site scripting XSS vulnerabilities in CMS Papoo Light 6.0.0 Rev 4701 allow remote attackers to inject arbitrary web script or HTML via the 1 author field to guestbook.php or 2 username field to account.php...

5.8AI score0.03501EPSS
Exploits1References6
NVD
NVD
added 2014/07/09 2:55 p.m.15 views

CVE-2014-4744

Multiple cross-site scripting XSS vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the 1 Phone Number field to open.php or 2 Phone number field, 3 passwd1 field, 4 passwd2 field, or 5 do parameter to account.php...

4.3CVSS5.8AI score0.0193EPSS
Exploits1References4
Prion
Prion
added 2014/07/09 2:55 p.m.11 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the 1 Phone Number field to open.php or 2 Phone number field, 3 passwd1 field, 4 passwd2 field, or 5 do parameter to account.php...

4.3CVSS6AI score0.0193EPSS
Exploits1References4Affected Software1
0day.today
0day.today
added 2012/03/25 12:0 a.m.21 views

PHP Form & Survey Creator CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title: PHP Form & Survey Creator CSRF Author: Jonturk75 Vendor or Software Link: http://www.scripts.com/viewscript/php-form-survey-creator/29396/ Category:: webapps Demo : http://web.alumnionline.org/phpScripts/PHPFormCreator/admin/...

7.1AI score
Exploits0
NVD
NVD
added 2010/03/10 10:30 p.m.17 views

CVE-2009-4686

Cross-site scripting XSS vulnerability in account.php in phplemon AdQuick 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the redurl parameter...

4.3CVSS5.7AI score0.0151EPSS
Exploits1References4
CVE
CVE
added 2010/03/10 10:0 p.m.42 views

CVE-2009-4686

The CVE-2009-4686 entry describes a Cross-site scripting (XSS) vulnerability in the phplemon AdQuick 2.2.1 software, specifically in account.php where the red_url parameter can be exploited to inject arbitrary web script or HTML. Affected component: account.php. Root cause: insufficient input val...

4.3CVSS5.9AI score0.0151EPSS
Exploits1References4Affected Software1
exploitpack
exploitpack
added 2009/07/20 12:0 a.m.13 views

AdQuick - account.php Cross-Site Scripting

AdQuick - account.php Cross-Site Scripting source: https://www.securityfocus.com/bid/43477/info AdQuick is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2009/07/20 12:0 a.m.24 views

AdQuick - 'account.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/43477/info AdQuick is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

7.4AI score
Exploits0
Prion
Prion
added 2009/03/04 5:30 p.m.11 views

Cross site scripting

Cross-site scripting XSS vulnerability in account.php in Celerondude Uploader 6.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information...

4.3CVSS6.2AI score0.01453EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2009/03/04 5:0 p.m.22 views

CVE-2008-6396

Cross-site scripting XSS vulnerability in account.php in Celerondude Uploader 6.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtained from third party information...

5.7AI score0.01453EPSS
Exploits1References4
exploitpack
exploitpack
added 2008/09/03 12:0 a.m.12 views

CeleronDude Uploader 6.1 - account.php Cross-Site Scripting

CeleronDude Uploader 6.1 - account.php Cross-Site Scripting source: https://www.securityfocus.com/bid/31010/info Celerondude Uploader is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

6.8AI score
Exploits0
NVD
NVD
added 2008/08/29 5:41 p.m.10 views

CVE-2008-3874

Cross-site scripting XSS vulnerability in account.php in Lussumo Vanilla 1.1.5-rc1, 1.1.4, and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Value field aka Label == Value pairs. NOTE: some of these details are obtained from third party information...

3.5CVSS5.3AI score0.01053EPSS
Exploits1References7
CVE
CVE
added 2008/08/29 5:0 p.m.35 views

CVE-2008-3874

CVE-2008-3874 describes a cross-site scripting (XSS) vulnerability in the Vanilla forum software. Affected product/version: Vanilla 1.1.5-rc1, 1.1.4, and earlier; vulnerable component: the file account.php . The underlying issue is an XSS flaw that allows remote authenticated users to inject arbi...

3.5CVSS5.3AI score0.01053EPSS
Exploits1References7Affected Software1
Prion
Prion
added 2008/08/22 4:41 p.m.11 views

Directory traversal

Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, when registerglobals is enabled, allow remote attackers to include and execute arbitrary local files via a .. dot dot in the language parameter to 1 includes/eventsapplicationtop.php; 2 english/account.php, 3 french/account.php, a...

6.8CVSS7.5AI score0.02387EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2008/08/21 5:0 p.m.18 views

CVE-2008-3758

Multiple cross-site scripting XSS vulnerabilities in Lussumo Vanilla 1.1.4 and earlier 1 allow remote attackers to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web script or HTML via the 2 Account picture...

5.5AI score0.02185EPSS
Exploits1References9
CVE
CVE
added 2007/09/24 10:0 p.m.48 views

CVE-2007-5062

The CVE-2007-5062 entry relates to the Flip 3.0 (and earlier) web application by Adam Scheinberg, where the vulnerable component is account.php. The underlying issue allows remote attackers to create administrative accounts via the un parameter in a register action, enabling privilege escalation ...

7.5CVSS6.7AI score0.02335EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder