Lucene search
K

169 matches found

CNNVD
CNNVD
added 2025/05/09 12:0 a.m.5 views

JAdmin 授权问题漏洞

JAdmin is JAdmin-JAVA open source a Java language based rapid development platform. JAdmin 1.0 version of the authorization problem vulnerability, the vulnerability stems from the file NoNeedLoginController.java in the Admin Backend component of the toLogin function has improper authentication...

9.8CVSS7.5AI score0.00629EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/05/09 12:0 a.m.6 views

PT-2025-20601 · Unknown · Jadmin-Java

Name of the Vulnerable Software and Affected Versions: JAdmin-JAVA JAdmin version 1.0 Description: A critical vulnerability was found in the function toLogin of the file NoNeedLoginController.java of the component Admin Backend. The manipulation leads to improper authentication. It is possible to...

7.5CVSS7.1AI score0.00629EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2025/02/05 2:42 p.m.7 views

CVE-2020-6249

The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAPBSFND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection...

8.8CVSS7.5AI score0.00981EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/08 12:0 a.m.8 views

PT-2024-25956

Name of the Vulnerable Software and Affected Versions TYPO3 versions prior to 10.4.46 ELTS TYPO3 versions prior to 11.5.40 LTS TYPO3 versions prior to 12.4.21 LTS TYPO3 versions prior to 13.3.1 Description The issue allows for denial of service, causing an interface error in the Bookmark Toolbar,...

4.9CVSS5.4AI score0.00684EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2024/09/27 12:0 a.m.4 views

PT-2024-39536 · Unknown · Huankemao Scrm

Name of the Vulnerable Software and Affected Versions: HuankeMao SCRM versions up to 0.0.3 Description: A critical issue has been found in the Administrator Backend component, specifically in the function upload domain verification file of the file WxkConfig.php. The manipulation of the argument...

5.8CVSS7AI score0.00465EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/06/13 12:0 a.m.4 views

Dell Secure Connect Gateway Access Control Error Vulnerability

Dell Secure Connect Gateway is a secure connectivity gateway from Dell USA. An access control error vulnerability exists in Dell Secure Connect Gateway versions prior to 5.24.00.00, which stems from an improperly access-controlled internal email and collection settings REST API, which could be...

5.4CVSS6.9AI score0.00349EPSS
Exploits0References2
OSV
OSV
added 2024/03/26 4:15 p.m.3 views

CVE-2024-29809

The imageurl parameter of the AJAX call to the editimagebwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the imageurl parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The...

5.4CVSS5.8AI score0.00412EPSS
Exploits1References2
wpexploit
wpexploit
added 2024/02/29 12:0 a.m.660 views

LiteSpeed Cache < 5.7.0.1 - Unauthenticated Stored XSS

Description The plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nameservers' and 'msg' parameters due to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user...

8.3CVSS8.3AI score0.54872EPSS
Exploits5References1
Tenable Nessus
Tenable Nessus
added 2024/02/13 12:0 a.m.17 views

TYPO3 8.0.0 < 8.7.57 ELTS / 9.0.0 < 9.5.46 ELTS / 10.0.0 < 10.4.43 ELTS / 11.0.0 < 11.5.35 / 12.0.0 < 12.4.11 / 13.0.1 (TYPO3-CORE-SA-2024-002)

The version of TYPO3 installed on the remote host is prior to 8.0.0 8.7.57 ELTS / 9.0.0 9.5.46 ELTS / 10.0.0 10.4.43 ELTS / 11.0.0 11.5.35 / 12.0.0 12.4.11 / 13.0.1. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2024-002 advisory. - Several settings in the Insta...

7.2CVSS7.1AI score0.02017EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.2 views

SUSE CVE-2019-12448

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement queryinfoonread/write...

8.1CVSS7AI score0.01749EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/01/20 12:0 a.m.12 views

FreeBSD : phpmyfaq -- multiple vulnerabilities (005dfb48-990d-11ed-b9d3-589cfc0f81b0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 005dfb48-990d-11ed-b9d3-589cfc0f81b0 advisory. - phpmyfaq developers report: phpMyFAQ does not implement sufficient checks to avoid a stored XSS in Ad...

5.5AI score
Exploits0References10
WPVulnDB
WPVulnDB
added 2022/12/23 12:0 a.m.12 views

Show All Comments < 7.0.1 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin. PoC Visit the following URL authenticated or not to trigger an alert box:...

6.1CVSS0.4AI score0.00897EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/12/13 12:0 a.m.10 views

FreeBSD : phpmyfaq -- multiple vulnerabilities (439f3f81-7a49-11ed-97ac-589cfc0f81b0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 439f3f81-7a49-11ed-97ac-589cfc0f81b0 advisory. - phpmyfaq developers report: an authenticated SQL injection when adding categories in the admin backen...

5.5AI score
Exploits0References12
FreeBSD
FreeBSD
added 2022/12/11 12:0 a.m.11 views

phpmyfaq -- multiple vulnerabilities

phpmyfaq developers report: an authenticated SQL injection when adding categories in the admin backend a stored cross-site scripting vulnerability in the category name a stored cross-site scripting vulnerability in the admin logging a stored cross-site scripting vulnerability in the FAQ title a...

2.1AI score
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2022/04/11 3:15 p.m.5 views

CVE-2022-27111

JfinalCMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it...

5.4CVSS6AI score0.00479EPSS
Exploits1References2
NVD
NVD
added 2022/04/11 3:15 p.m.32 views

CVE-2022-27111

JfinalCMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it...

5.4CVSS0.00479EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/04/11 12:0 a.m.3 views

Jfinal CMS跨站脚本漏洞

Jfinal CMS is a powerful information consulting website developed in java, using the simple and powerful JFinal as a web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS version 5.1.0 has a cross-site scripting vulnerability, the vulnerability...

5.4CVSS5.3AI score0.00479EPSS
Exploits1References2
CNVD
CNVD
added 2021/12/14 12:0 a.m.16 views

Pluck code issue vulnerability (CNVD-2021-100243)

Pluck is a content management system CMS developed using the PHP language. a code issue vulnerability exists in Pluck, which originates from the product's admin backend page that does not validate file content. An attacker could execute malicious commands through this vulnerability...

8.1CVSS3AI score0.02529EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/12/10 12:0 a.m.3 views

Pluck 代码问题漏洞

Pluck is a content management system CMS developed using the PHP language. a code issue vulnerability exists in Pluck, which originates from the product's admin backend page that does not validate file content. An attacker could execute malicious commands through this vulnerability...

8.1CVSS5.8AI score0.02529EPSS
Exploits1References1
Prion
Prion
added 2021/07/14 3:15 p.m.11 views

Input validation

The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed...

6.8CVSS7.7AI score0.00898EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder