Lucene search
+L

419 matches found

Positive Technologies
Positive Technologies
added 2025/08/11 12:0 a.m.7 views

PT-2025-32532 · Jsherp · Jsherp

Name of the Vulnerable Software and Affected Versions: jshERP versions prior to 3.6 Description: A flaw exists in jshERP up to version 3.5 related to improper authorization. The issue affects unknown processing of the file /jshERP-boot/user/addUser within the Endpoint component. This manipulation...

6.5CVSS7.1AI score0.00328EPSS
Exploits1References9
Metasploit
Metasploit
added 2025/06/09 6:51 p.m.390 views

OS Command Exec, Add user with useradd

Execute an OS command from PHP. Creates a new user. By default the new user is set with sudo but other options exist to make the new user automatically root but this is not automatically set since the new user will be treated as root and login may be difficult. The new user can also be set as jus...

5.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:59 a.m.6 views

CVE-2023-1363

A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add User Account. The manipulation of the argument username leads to cross site scripting. It is possible to launch the...

5.4CVSS6AI score0.00551EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:53 a.m.9 views

CVE-2023-0043

The Custom Add User WordPress plugin through 2.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.1AI score0.00481EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:15 a.m.8 views

CVE-2023-3478

A vulnerability classified as critical was found in IBOS OA 4.5.5. Affected by this vulnerability is the function actionEdit of the file ?r=dashboard/roleadmin/edit=member of the component Add User Handler. The manipulation of the argument id leads to sql injection. The attack can be launched...

7.2CVSS7.2AI score0.00757EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:56 p.m.13 views

CVE-2021-46558

Multiple cross-site scripting XSS vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields...

5.4CVSS6.3AI score0.00562EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:28 p.m.8 views

CVE-2020-29204

XXL-JOB 2.2.0 allows Stored XSS in Add User to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java...

6.1CVSS5.9AI score0.00882EPSS
Exploits1
OSV
OSV
added 2025/05/21 6:15 p.m.6 views

CVE-2025-5033

A vulnerability classified as problematic was found in XiaoBingby TeaCMS 2.0.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/me/teacms/controller/admin/UserManageController/addUser. The manipulation leads to cross-site request forgery. The attack can be...

5.3CVSS4.8AI score0.00231EPSS
Exploits1References4
OSV
OSV
added 2025/05/18 6:15 p.m.6 views

CVE-2025-4889

A vulnerability has been found in code-projects Tourism Management System 1.0 and classified as critical. This vulnerability affects the function AddUser of the component User Registration. The manipulation of the argument username/password leads to buffer overflow. Local access is required to...

7.8CVSS5.9AI score0.00288EPSS
Exploits1References5
OSV
OSV
added 2025/05/11 9:15 p.m.7 views

CVE-2025-4547

A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add User Page. The manipulation leads to cross site scripting. The attack may be launched remotely...

4.8CVSS3.5AI score0.00307EPSS
Exploits1References5
NVD
NVD
added 2025/05/11 9:15 p.m.32 views

CVE-2025-4547

A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add User Page. The manipulation leads to cross site scripting. The attack may be launched remotely...

4.8CVSS0.00307EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/05/11 9:0 p.m.40 views

CVE-2025-4547 SourceCodester Web-based Pharmacy Product Management System Add User Page cross site scripting

A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add User Page. The manipulation leads to cross site scripting. The attack may be launched remotely...

4.8CVSS0.00307EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/05/11 9:0 p.m.10 views

CVE-2025-4547 SourceCodester Web-based Pharmacy Product Management System Add User Page cross site scripting

A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add User Page. The manipulation leads to cross site scripting. The attack may be launched remotely...

4.8CVSS3.4AI score0.00307EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/05/11 12:0 a.m.7 views

SourceCodester Web-based Pharmacy Product Management System 代码注入漏洞

SourceCodester Web-based Pharmacy Product Management System is SourceCodester open source a Web-based pharmacy product management system . A code injection vulnerability exists in version 1.0 of the SourceCodester Web-based Pharmacy Product Management System due to cross-site scripting in the...

4.8CVSS4.2AI score0.00307EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/05/11 12:0 a.m.7 views

PT-2025-20669 · Sourcecodester · Sourcecodester Web-Based Pharmacy Product Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Web-based Pharmacy Product Management System version 1.0 Description: A problem was found in the Add User Page component, which can be exploited to perform cross-site scripting attacks. This issue can be launched remotely, and...

4.8CVSS3.3AI score0.00307EPSS
Exploits1References11
OSV
OSV
added 2025/04/14 12:15 p.m.6 views

CVE-2024-10090

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for adding users with a malicious script, what causes the script to run in user's context. This vulnerability has been...

6.1CVSS5.7AI score0.0023EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/02/25 12:0 a.m.11 views

The vulnerability of the adm_add_user() function in the ssi service of TRENDnet TEW-821DAP allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the admadduser function in the ssi service of TRENDnet TEW-821DAP wireless access points is related to the escape of the operation outside the buffer in memory when processing the username parameter. Exploiting this vulnerability allows an attacker to execute arbitrary code o...

8CVSS6.2AI score0.00498EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/02/01 4:15 a.m.3 views

CVE-2024-12171

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'ehcrmagentadduser' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for authenticated attackers, with...

8.8CVSS5.8AI score0.00483EPSS
Exploits0References3
OSV
OSV
added 2024/12/31 11:15 a.m.5 views

CVE-2024-13069

A vulnerability was found in SourceCodester Multi Role Login System 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/add-user.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. Th...

5.4CVSS3.7AI score0.00425EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/12/31 12:0 a.m.7 views

SourceCodester Multi Role Login System 安全漏洞

SourceCodester Multi Role Login System is a SourceCodester open source multi-role login system. A security vulnerability exists in SourceCodester Multi Role Login System version 1.0, which originates from the parameter name in the file /endpoint/add-user.php that can lead to cross-site scripting...

5.4CVSS4.5AI score0.00425EPSS
Exploits1References5
Rows per page
Query Builder