CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

Cvelist•added 2025/01/16 12:0 a.m.•8 views

CVE-2024-57159

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via /erp.07fly.net:80/oa/OaWorkReport/add.html...

0.0007EPSS

Exploits1References1

NVD•added 2024/11/08 9:15 p.m.•14 views

CVE-2024-51157

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery CSRF via the component http://erp.07fly.net:80/oa/OaSchedule/add.html...

4.7CVSS0.00159EPSS

Exploits1References1

Cvelist•added 2023/08/11 12:0 a.m.•14 views

CVE-2020-23595

Cross Site Request Forgery CSRF vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint...

9AI score0.00363EPSS

Exploits1References1

CNVD•added 2021/09/24 12:0 a.m.•19 views

YzmCMS Cross-Site Scripting Vulnerability (CNVD-2021-90910)

YzmCMS is a lightweight open source content management system based on PHP Mysql architecture developed solely by Yuan Zhimeng. cross-site scripting vulnerability exists in the /link/add.html component of YzmCMS version 5.3. An attacker can use this vulnerability to execute arbitrary Web scripts ...

4.8CVSS2.1AI score0.00321EPSS

Exploits1References1

OSV•added 2021/05/10 11:15 p.m.•13 views

CVE-2020-23373

Cross-site scripting XSS vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter...

5.4CVSS5.4AI score

Exploits0References1

CVE•added 2021/05/10 10:13 p.m.•61 views

CVE-2020-23373

CVE-2020-23373 affects NoneCMS v1.3.0, with an XSS in admin/nav/add.html. The underlying issue is that the name parameter can trigger injection of arbitrary script/HTML by remote authenticated attackers. Public details across CNVD/NVD OSV entries consistently describe the same vector and impact; ...

5.4CVSS5AI score0.00171EPSS

Exploits1References1Affected Software1

Cvelist•added 2021/05/10 10:12 p.m.•17 views

CVE-2020-23376

NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/add.html, as demonstrated by adding a navigation column which can be injected with arbitrary web script or HTML via the name parameter to launch a stored XSS attack...

6AI score0.00093EPSS

Exploits1References2

Prion•added 2019/04/22 3:29 p.m.•7 views

Sql injection

whatsns 4.0 allows index.php?inform/add.html qid SQL injection...

6.5CVSS7.5AI score0.0026EPSS

Exploits1References1Affected Software1

CVE•added 2019/04/22 2:12 p.m.•37 views

CVE-2019-11451

CVE-2019-11451 affects the web app "whatsns 4.0". A SQL injection vulnerability exists in the parameterized endpoint: index.php?inform/add.html with the qid parameter. The root cause is unsanitized input leading to SQL injection, enabling an attacker to potentially read/modify data and affect ava...

7.2CVSS7.5AI score0.0026EPSS

Exploits1References1Affected Software1

Cvelist•added 2019/04/22 2:12 p.m.•12 views

CVE-2019-11451

whatsns 4.0 allows index.php?inform/add.html qid SQL injection...

7.5AI score0.0026EPSS

Exploits1References1

CVE•added 2018/12/10 9:0 a.m.•47 views

CVE-2018-20015

YzmCMS 5.2 contains a CSRF vulnerability in admin/role/add.html. The CVE entry notes a CSRF weakness with a CVSSv3 base score of 8.8 (HIGH). Attack vector is NETWORK, with no privileges required, but user interaction is required, and impacts are HIGH for confidentiality, integrity, and availabili...

8.8CVSS8.6AI score0.00141EPSS

Exploits1References1Affected Software1

NVD•added 2018/11/09 9:29 p.m.•5 views

CVE-2018-19138

WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI...

8.8CVSS8.7AI score0.00216EPSS

Exploits5References2

Prion•added 2018/11/09 9:29 p.m.•9 views

Cross site request forgery (csrf)

WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI...

6.8CVSS8.7AI score0.00216EPSS

Exploits5References2Affected Software1

Cvelist•added 2018/11/09 9:0 p.m.•11 views

CVE-2018-19138

WSTMart 2.0.7 has CSRF via the index.php/admin/staffs/add.html URI...

8.8AI score0.00216EPSS

Exploits5References2

Prion•added 2018/10/15 4:29 a.m.•9 views

Cross site request forgery (csrf)

DESHANG DSCMS 1.1 has CSRF via the public/index.php/admin/admin/add.html URI...

6.8CVSS8.7AI score0.00138EPSS

Exploits1References1Affected Software1

CVE•added 2018/09/04 4:0 a.m.•35 views

CVE-2018-16449

CVE-2018-16449 affects OneThink 1.1.141212, enabling cross-site request forgery (CSRF) to perform admin actions: adding a page (admin.php?s=/Channel/add.html), adding a blog (admin.php?s=/Article/update.html), and changing audit state (admin.php?s=/Article/setStatus/status/1.html). The connected ...

6.5CVSS6.5AI score0.00161EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by