Lucene search
+L

31 matches found

euvd
euvd
added 2026/06/30 6:32 p.m.6 views

EUVD-2026-40376

The Webmention plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.8.0 via parser-derived 'avatar' and 'url' author metadata. This is due to insufficient input sanitization and output escaping on user-supplied MF2 author properties processed by the...

7.2CVSS5.9AI score0.00236EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/04/12 12:28 p.m.6 views

CVE-2019-25699

Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code through the search...

7.1CVSS5.9AI score0.00317EPSS
Exploits1References4Affected Software1
ptsecurity
ptsecurity
added 2026/04/12 12:0 a.m.10 views

PT-2026-32164

Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code through the search...

7.1CVSS5.9AI score0.00317EPSS
Exploits1References5
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2006-0864

Malware in sbrugna...

5CVSS6.4AI score0.01491EPSS
Exploits0References7
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-13645

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00406EPSS
Exploits1References2
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-28128

Malicious code in bioql PyPI...

4.8CVSS6.6AI score0.00214EPSS
Exploits1References1
nessus
nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-24585

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stored cross-site scripting XSS vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or...

5.4CVSS5.7AI score0.00753EPSS
Exploits1References2
cnnvd
cnnvd
added 2025/08/05 12:0 a.m.5 views

pybbs 代码注入漏洞

pybbs is a community platform for Java development by iuiu individual developers. A code injection vulnerability exists in pybbs 6.0.0 and earlier versions, which stems from improper handling of the parameter Username in the file /admin/comment/list, which could lead to a cross-site scripting...

5.4CVSS4.8AI score0.00251EPSS
Exploits1References7
osv
osv
added 2025/06/26 4:0 p.m.6 views

CVE-2025-6702 linlinjava litemall post improper authorization

A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment leads to improper authorization. It is possible to launch the attack remotely. The exploit has...

5.3CVSS5.1AI score0.0032EPSS
Exploits1References7
redhatcve
redhatcve
added 2025/05/22 4:29 p.m.8 views

CVE-2020-21013

emlog v6.0.0 contains a SQL injection via /admin/comment.php...

7.2CVSS7.9AI score0.00957EPSS
Exploits1
cvelist
cvelist
added 2025/05/15 7:33 p.m.18 views

CVE-2025-47786 Emlog vulnerable to Stored Cross-site Scripting

Emlog is an open source website building system. Version 2.5.13 has a stored cross-site scripting vulnerability that allows any registered user to construct malicious JavaScript, inducing all website users to click. In /admin/comment.php, the parameter perpagenum is not validated and is directly...

4.8CVSS0.00214EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/05/15 7:33 p.m.6 views

CVE-2025-47786 Emlog vulnerable to Stored Cross-site Scripting

Emlog is an open source website building system. Version 2.5.13 has a stored cross-site scripting vulnerability that allows any registered user to construct malicious JavaScript, inducing all website users to click. In /admin/comment.php, the parameter perpagenum is not validated and is directly...

4.8CVSS5.7AI score0.00214EPSS
Exploits1References1
cve
cve
added 2025/05/15 7:33 p.m.44 views

CVE-2025-47786

CVE-2025-47786 affects Emlog 2.5.13. The vulnerability is a stored cross-site scripting issue in /admin/comment.php where the unvalidated parameter perpage_num is stored in the database (admin_commend_perpage_num) and the output is not filtered, allowing a registered user to inject JavaScript tha...

4.8CVSS5.7AI score0.00214EPSS
Exploits1References1Affected Software1
cnnvd
cnnvd
added 2025/05/15 12:0 a.m.4 views

emlog 跨站脚本漏洞

emlog is emlog open source a PHP and MySQL based CMS site building system. A cross-site scripting vulnerability exists in emlog version 2.5.13, which originates from the unvalidated perpagenum parameter in /admin/comment.php, and could lead to a stored cross-site scripting attack...

4.8CVSS5.8AI score0.00214EPSS
Exploits1References1
nvd
nvd
added 2025/05/06 9:16 p.m.19 views

CVE-2025-44073

SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admincommentnews.php...

9.8CVSS0.00406EPSS
Exploits1References1
cve
cve
added 2025/05/06 12:0 a.m.67 views

CVE-2025-44073

SeaCMS v13.3 is affected by a SQL injection in the admin_comment_news.php component. The vulnerability allows unauthenticated, network-based exploitation with high impact on confidentiality, integrity, and availability (CVSS 3.1: 9.8, CRITICAL). Root cause details are not elaborated beyond the SQ...

9.8CVSS7.9AI score0.00406EPSS
Exploits1References1Affected Software1
ptsecurity
ptsecurity
added 2025/05/06 12:0 a.m.7 views

PT-2025-19959 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS version 13.3 Description: A SQL injection issue was discovered in the admin comment news.php component. Recommendations: For SeaCMS version 13.3, update to a version that fixes the SQL injection vulnerability in the admin comment...

9.8CVSS7.3AI score0.00406EPSS
Exploits1References6
attackerkb
attackerkb
added 2022/09/09 2:15 p.m.3 views

CVE-2022-38274

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list...

7.2CVSS5.9AI score0.00907EPSS
Exploits1References2
nvd
nvd
added 2022/09/09 2:15 p.m.12 views

CVE-2022-38274

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list...

7.2CVSS0.00907EPSS
Exploits1References1
prion
prion
added 2022/09/09 2:15 p.m.16 views

Sql injection

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/list...

5.8CVSS7.4AI score0.00907EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder