Lucene search
K

328 matches found

CVE
CVE
added 2025/08/22 12:0 a.m.22 views

CVE-2025-50858

The CVE-2025-50858 vulnerability affects Easy Hosting Control Panel (EHCP) version 20.04.1.b, where the List MySQL Databases function is vulnerable to Reflected Cross-Site Scripting via the action parameter. The root cause is a reflected XSS flaw that allows an authenticated user to inject JavaSc...

6.1CVSS6.8AI score0.00224EPSS
Exploits3References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.6 views

PT-2025-34485 · Unknown · Easy Hosting Control Panel

Name of the Vulnerable Software and Affected Versions: Easy Hosting Control Panel EHCP version 20.04.1.b Description: The List MySQL Databases function in Easy Hosting Control Panel EHCP is susceptible to a reflected cross-site scripting issue. Authenticated attackers can potentially execute...

6.1CVSS7.2AI score0.00224EPSS
Exploits3References6
CNNVD
CNNVD
added 2025/07/12 12:0 a.m.5 views

Code-Projects Modern Bag 注入漏洞

Modern Bag is an online management system. Modern Bag suffers from a SQL injection vulnerability that stems from an error in the parameter proId in file /action.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL comman...

9.8CVSS8.2AI score0.00399EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/23 9:13 a.m.4 views

CVE-2024-5589

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /admin/configMT.php?action=delete. The manipulation of the argument Mid leads to sql injection. It is possible to initiate the attack...

9.8CVSS7.6AI score0.00539EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:16 a.m.5 views

CVE-2024-9653

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS5.6AI score0.00314EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:7 a.m.11 views

CVE-2024-45888

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setapmapconfig.'...

8CVSS8.1AI score0.01977EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:7 a.m.8 views

CVE-2024-45889

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to commandTable...

8CVSS8.1AI score0.01594EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:21 a.m.8 views

CVE-2024-45893

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setSWMOption...

8CVSS8.1AI score0.01594EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:21 a.m.16 views

CVE-2024-45891

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to deletewlanprofile...

8CVSS8.1AI score0.01291EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:14 a.m.9 views

CVE-2023-40751

PHPJabbers Fundraising Script v1.0 is vulnerable to Cross Site Scripting XSS via the "action" parameter of index.php...

6.1CVSS6AI score0.01044EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:15 a.m.9 views

CVE-2023-36315

There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Callback Widget v1.0...

6.1CVSS6AI score0.00388EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:41 a.m.5 views

CVE-2022-32391

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/viewaction.php:4...

8.8CVSS8.3AI score0.01199EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:14 p.m.7 views

CVE-2022-37044

In Zimbra Collaboration Suite ZCS 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victim's machine...

6.1CVSS6.5AI score0.00407EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:41 p.m.6 views

CVE-2022-28607

An issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to gain sensitive information via the action parameter to /system/user/modules/modusers/controller.php...

7.5CVSS6.7AI score0.00775EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:37 p.m.6 views

CVE-2021-35059

OpenWay WAY4 ACS before 1.2.278-2693 allows XSS via the /way4acs/enroll action parameter...

6.1CVSS5.9AI score0.00568EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:59 a.m.5 views

CVE-2017-6511

andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php...

6.1CVSS6AI score0.00732EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 9:1 p.m.6 views

CVE-2005-2318

Cross-site scripting XSS vulnerability in showerr.asp in DVBBS 7.1 SP2 allows remote attackers to inject arbitrary web script or HTML via the action parameter...

4.3CVSS5.9AI score0.01394EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/10 12:0 a.m.3 views

Inetum IODAS 代码注入漏洞

Inetum IODAS is an enterprise-grade data archiving and storage management platform from Inetum France that supports hybrid cloud data lifecycle management. A code injection vulnerability exists in Inetum IODAS versions 7.2-LTS.4.1-JDK7 and 7.2-RC3.2-JDK7, which stems from cross-site scripting due...

5.3CVSS4.9AI score0.00358EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2025/04/16 12:0 a.m.373 views

📄 phpMyFAQ 3.1.7 Cross Site Scripting

phpMyFAQ version 3.1.7 suffers from a cross site scripting vulnerability. Exploit Title: phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting XSS Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/thorsten/phpMyFAQ Software Link: https://github.com/thorsten/phpMyFAQ Versio...

9.8CVSS7.5AI score0.04381EPSS
Exploits2
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.437 views

phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS)

Exploit Title: phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting XSS Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/thorsten/phpMyFAQ Software Link: https://github.com/thorsten/phpMyFAQ Version: 3.1.7 Tested on: Ubuntu Windows CVE : CVE-2022-4407 PoC: Get:...

9.8CVSS7.4AI score0.04381EPSS
Exploits2
Rows per page
Query Builder