Lucene search
K

10 matches found

Vulnrichment
Vulnrichment
added 2026/03/06 3:30 a.m.3 views

CVE-2025-59542 Chamilo: Account Takeover via Stored XSS in Course Learning Paths

Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting XSS vulnerability. By injecting malicious JavaScript into the course learning path Settings field, an attacker with a low-privileged account e.g., trainer can execute arbitrary JavaScript cod...

9CVSS5.9AI score0.00299EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:47 a.m.8 views

CVE-2024-49397

The affected product is vulnerable to a cross-site scripting attack which may allow an attacker to bypass authentication and takeover admin accounts...

9.2CVSS6.4AI score0.00366EPSS
Exploits0
Cvelist
Cvelist
added 2023/07/31 12:0 a.m.22 views

CVE-2023-33534

A Cross-Site Request Forgery CSRF in Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G software version S10G3.11.6 allows attackers to takeover user accounts via sending a crafted POST request to /goform/goformsetcmdprocess...

8.8AI score0.00319EPSS
Exploits1References1
Hacker One
Hacker One
added 2022/08/30 11:48 p.m.39 views

Stripe: Mass Accounts Takeover Without any user Interaction at https://app.taxjar.com/

@mrasg discovered an improper access control issue in TaxJar. This could have allowed for account takeover using the email change functionality. The vulnerability was caused by not correctly validating whether or not the reset password token was connected to the user being reset and was resolved ...

6.9AI score
Exploits0
ICS
ICS
added 2022/05/05 12:0 a.m.44 views

Johnson Controls Metasys

1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Metasys ADS/ADX/OAS Servers Vulnerability: Unverified Password Change 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user...

8.8CVSS8.5AI score0.00892EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2020/04/27 8:34 a.m.4 views

How An Image Could've Let Attackers Hack Microsoft Teams Accounts

Microsoft has patched a worm-like vulnerability in its Teams workplace video chat and collaboration platform that could have allowed attackers to take over an organization's entire roster of Teams accounts just by sending participants a malicious link to an innocent-looking image. The flaw,...

5.8AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.27 views

iScripts MultiCart <= 2.4 - Persistent XSS / CSRF / XSS+CSRF Mass Accounts takeover

No description provided by source. Exploit Title : iScripts MultiCart = 2.4 Persistent XSS / CSRF / XSS+CSRF Account takeover Date : 2013/12/14 Exploit Author : Saadat Ullah ? saadilinuxatrocketmaildotcom Software Link : http://www.iscripts.com Author HomePage: http://security-geeks.blogspot.com...

7.1AI score
Exploits0
0day.today
0day.today
added 2014/01/14 12:0 a.m.33 views

iScripts MultiCart <= 2.4 - Persistent XSS / CSRF / XSS+CSRF Mass Accounts takeover

Exploit for php platform in category web applications Exploit Title : iScripts MultiCart same product id for which you submited the review. Cross-site request forgery form nam...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2013/12/16 12:0 a.m.19 views

iScripts MultiCart 2.4 - Persistent Cross-Site Scripting Cross-Site Request Forgery Cross-Site Scripting Cross-Site Request Forgery Mass Accounts Takeover

iScripts MultiCart 2.4 - Persistent Cross-Site Scripting Cross-Site Request Forgery Cross-Site Scripting Cross-Site Request Forgery Mass Accounts Takeover Exploit Title : iScripts MultiCart same product id for which you submited the review. Cross-site request forgery body...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2013/12/16 12:0 a.m.41 views

iScripts MultiCart 2.4 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Cross-Site Scripting / Cross-Site Request Forgery / Mass Accounts Takeover

Exploit Title : iScripts MultiCart same product id for which you submited the review. Cross-site request forgery input type=hidden size=30 maxl...

7.4AI score
Exploits0
Rows per page
Query Builder