Lucene search
K

59 matches found

Vulnrichment
Vulnrichment
added 2025/12/04 6:2 p.m.6 views

CVE-2025-14013 JIZHICMS Comment addcomment.html cross site scripting

A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.php/admins/Comment/addcomment.html of the component Comment Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. Th...

4.8CVSS5.2AI score0.00239EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/04 6:2 p.m.30 views

CVE-2025-14013 JIZHICMS Comment addcomment.html cross site scripting

A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.php/admins/Comment/addcomment.html of the component Comment Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. Th...

4.8CVSS0.00239EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2025/12/04 5:32 p.m.2 views

CVE-2025-14011

A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.html of the component Add Display Name Field. Performing a manipulation of the argument aid/tid results in sql injection. The attack can be initiated remotely...

7.2CVSS5.4AI score0.00334EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.9 views

PT-2025-49106

A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.php/admins/Comment/addcomment.html of the component Comment Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. Th...

4.8CVSS5.5AI score0.00239EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.6 views

JIZHICMS 代码注入漏洞

JIZHICMS Jizhi CMS is a set of open source content management system CMS of China Jizhi JIZHI company. A code injection vulnerability exists in JIZHICMS 2.5.5 and earlier versions, which stems from incorrect manipulation of the parameter body in the file /index.php/admins/Comment/addcomment.html,...

4.8CVSS4.1AI score0.00239EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.7 views

JIZHICMS SQL注入漏洞

JIZHICMS Jizhi CMS is an open source content management system CMS from China Jizhi JIZHI. A SQL injection vulnerability exists in JIZHICMS 2.5.5 and earlier versions, which stems from incorrect manipulation of the parameter aid/tid in the file /index.php/admins/Comment/addcomment.html, which may...

7.2CVSS5.5AI score0.00334EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-17142

Malware in sbrugna...

6.1CVSS6.2AI score0.02186EPSS
Exploits5References4
OSV
OSV
added 2024/07/11 1:1 a.m.4 views

MAL-2024-7500 Malicious code in sap-addcomment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b8df2eaaea1ef6b7bc78fa9ed808cd5b2150abf1c7f9dd98694505388e77b589 The OpenSSF Package Analysis project identified 'sap-addcomment' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

7.3AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/07/11 1:1 a.m.3 views

Malicious code in sap-addcomment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b8df2eaaea1ef6b7bc78fa9ed808cd5b2150abf1c7f9dd98694505388e77b589 The OpenSSF Package Analysis project identified 'sap-addcomment' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

7.1AI score
Exploits0
OSV
OSV
added 2024/05/30 5:15 a.m.3 views

CVE-2024-3943

The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodoaddcomment function. This makes it possible for unauthenticated attackers to add comments to to do items via...

4.3CVSS5.6AI score0.00224EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/29 12:0 a.m.6 views

PT-2024-5069 · WordPress · Wp To Do

Name of the Vulnerable Software and Affected Versions: WP To Do plugin versions up to, and including, 1.3.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability due to missing or incorrect nonce validation on the wptodo addcomment function. This allows...

5CVSS6.8AI score0.00224EPSS
Exploits0References8
OSV
OSV
added 2023/09/01 8:15 p.m.4 views

CVE-2023-4713

A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function addComment of the file ?r=weibo/comment/addcomment. The manipulation of the argument touid leads to sql injection. The exploit has been disclosed to the public and may be used. The...

8.8CVSS5.6AI score0.00702EPSS
Exploits1References3
NVD
NVD
added 2023/09/01 8:15 p.m.21 views

CVE-2023-4713

A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function addComment of the file ?r=weibo/comment/addcomment. The manipulation of the argument touid leads to sql injection. The exploit has been disclosed to the public and may be used. The...

8.8CVSS6.7AI score0.00702EPSS
Exploits1References3
Prion
Prion
added 2023/09/01 8:15 p.m.16 views

Sql injection

A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function addComment of the file ?r=weibo/comment/addcomment. The manipulation of the argument touid leads to sql injection. The exploit has been disclosed to the public and may be used. The...

5.2CVSS8.8AI score0.00702EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/09/01 8:0 p.m.24 views

CVE-2023-4713 IBOS OA addcomment addComment sql injection

A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function addComment of the file ?r=weibo/comment/addcomment. The manipulation of the argument touid leads to sql injection. The exploit has been disclosed to the public and may be used. The...

5.5CVSS9.1AI score0.00702EPSS
Exploits1References3
CVE
CVE
added 2023/09/01 8:0 p.m.42 views

CVE-2023-4713

The CVE-2023-4713 entry concerns IBOS OA 4.5.5 where the addComment function at ?r=weibo/comment/addcomment is vulnerable to SQL injection via the touid parameter. The vulnerability is described as critical, with potential high impact on confidentiality, integrity, and availability. The root caus...

8.8CVSS6.7AI score0.00702EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/01 8:0 p.m.16 views

CVE-2023-4713 IBOS OA addcomment addComment sql injection

A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function addComment of the file ?r=weibo/comment/addcomment. The manipulation of the argument touid leads to sql injection. The exploit has been disclosed to the public and may be used. The...

5.5CVSS7.2AI score0.00702EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/09/01 12:0 a.m.5 views

IBOS SQL Injection Vulnerability

IBOS is a collaborative office management system. An SQL injection vulnerability exists in IBOS OA version 4.5.5, which stems from the fact that incorrect manipulation of the touid in the addComment function of ?r=weibo/comment/addcomment can lead to SQL injection...

8.8CVSS7.9AI score0.00702EPSS
Exploits1References4
OSV
OSV
added 2023/06/20 3:15 p.m.5 views

CVE-2020-21052

Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function...

6.1CVSS6.1AI score0.00553EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/06/20 12:0 a.m.5 views

ZrLog 跨站脚本漏洞

ZrLog is a blogging system developed using the Java language. A cross-site scripting XSS vulnerability exists in ZrLog version 2.1.3. An attacker can exploit this vulnerability to execute arbitrary code via the nickname parameter of the /post/addComment function...

6.1CVSS6.4AI score0.00553EPSS
Exploits1References2
Rows per page
Query Builder