Lucene search
+L

95 matches found

vulnrichment
vulnrichment
added 2026/07/09 10:4 p.m.8 views

CVE-2026-58143 Cotonti Siena 0.9.26 CSRF via admin.php Config Update Endpoint

Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows unauthenticated attackers to modify administrator configuration by tricking a logged-in administrator into submitting a forged POST request to the admin.php config update handler, which never invokes...

8.8CVSS6.3AI score0.00175EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/07/09 12:0 a.m.8 views

PT-2026-57002

Name of the Vulnerable Software and Affected Versions Cotonti Siena versions prior to 0.9.27 Description A cross-site request forgery CSRF issue exists where unauthenticated attackers can modify administrator configurations. This occurs because the admin.php config update handler does not invoke...

8.8CVSS6.3AI score0.00175EPSS
Exploits0References4
osv
osv
added 2026/06/18 6:4 a.m.4 views

CVE-2026-55741 Cotonti CSRF in admin.config.php allows unauthorized configuration changes

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the administration configuration handler. In system/admin/admin.config.php, the configuration update action 'a=update' processes POST data via cotconfigupdateoptions without calling cotcheckxg to validate...

8.7CVSS6.1AI score0.00176EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/06/05 7:49 p.m.12 views

CVE-2026-38931

A stored cross-site scripting XSS vulnerability in the /admin/config-module.php component of creatorsofcode simplephp GitHub commit 5184cff Latest as of 2026-02-27 via injecting a crafted payload...

5.4CVSS5.2AI score0.00162EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:34 p.m.15 views

CVE-2026-10777

A vulnerability was identified in ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08. Affected by this issue is some unknown functionality of the file admin/config.php of the component Administrative Backend. Such manipulation leads to improper authentication. The...

7.5CVSS6.8AI score0.00405EPSS
Exploits0References1
nvd
nvd
added 2026/06/03 11:16 p.m.13 views

CVE-2026-10777

A vulnerability was identified in ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08. Affected by this issue is some unknown functionality of the file admin/config.php of the component Administrative Backend. Such manipulation leads to improper authentication. The...

7.5CVSS0.00405EPSS
Exploits0References6
cvelist
cvelist
added 2026/06/03 10:30 p.m.38 views

CVE-2026-10777 ealpha072 Student-Management-System Administrative Backend config.php improper authentication

A vulnerability was identified in ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08. Affected by this issue is some unknown functionality of the file admin/config.php of the component Administrative Backend. Such manipulation leads to improper authentication. The...

7.5CVSS0.00405EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/06/03 10:30 p.m.10 views

CVE-2026-10777

A vulnerability was identified in ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08. Affected by this issue is some unknown functionality of the file admin/config.php of the component Administrative Backend. Such manipulation leads to improper authentication. The...

7.5CVSS6.7AI score0.00405EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2026/06/03 10:30 p.m.11 views

CVE-2026-10777 ealpha072 Student-Management-System Administrative Backend config.php improper authentication

A vulnerability was identified in ealpha072 Student-Management-System up to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08. Affected by this issue is some unknown functionality of the file admin/config.php of the component Administrative Backend. Such manipulation leads to improper authentication. The...

7.5CVSS6.7AI score0.00405EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/03 12:0 a.m.21 views

PT-2026-46071

Name of the Vulnerable Software and Affected Versions ealpha072 Student-Management-System versions prior to 01451bd7a2f58cdda07bd0b86e3967582e3ecd08 Description An issue in the Administrative Backend component, specifically within the 'admin/config.php' file, allows for improper authentication...

7.5CVSS7.1AI score0.00405EPSS
Exploits0References8
nvd
nvd
added 2026/05/27 5:16 p.m.41 views

CVE-2026-38931

A stored cross-site scripting XSS vulnerability in the /admin/config-module.php component of creatorsofcode simplephp GitHub commit 5184cff Latest as of 2026-02-27 via injecting a crafted payload...

5.4CVSS0.00162EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/27 12:0 a.m.16 views

PT-2026-44039

Name of the Vulnerable Software and Affected Versions creatorsofcode simplephp versions prior to GitHub commit 5184cff Description A stored cross-site scripting XSS issue exists in the '/admin/config-module.php' endpoint. This occurs when a crafted payload is injected, allowing the execution of...

5.4CVSS5.9AI score0.00162EPSS
Exploits0References5
cvelist
cvelist
added 2026/05/27 12:0 a.m.50 views

CVE-2026-38931

A stored cross-site scripting XSS vulnerability in the /admin/config-module.php component of creatorsofcode simplephp GitHub commit 5184cff Latest as of 2026-02-27 via injecting a crafted payload...

0.00162EPSS
Exploits0References1
cve
cve
added 2026/05/27 12:0 a.m.22 views

CVE-2026-38931

CVE-2026-38931 : A stored XSS in the /admin/config-module.php component of creatorsofcode simplephp (GitHub commit 5184cff, latest as of 2026-02-27). According to the CVSS 3.1 data, the impact is limited to confidentiality and integrity (both Low), with no availability impact; access vector is Ne...

5.4CVSS5.6AI score0.00162EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/27 12:0 a.m.8 views

CVE-2026-38931

A stored cross-site scripting XSS vulnerability in the /admin/config-module.php component of creatorsofcode simplephp GitHub commit 5184cff Latest as of 2026-02-27 via injecting a crafted payload...

5.6AI score0.00162EPSS
Exploits0References3
cvelist
cvelist
added 2026/05/11 3:20 p.m.41 views

CVE-2026-42611 Grav: Stored XSS via Tag Injection

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged with the ability to create a page user can cause XSS with the injection of svg element. The XSS can further be escalated to dump the entire system information available under /admin/config/info whenever a Super Admin visit...

8.9CVSS0.003EPSS
Exploits1References2
github
github
added 2026/05/05 9:36 p.m.26 views

Grav is Vulnerable to Stored XSS via Tag Injection

Summary A low-privileged with the ability to create a page user can cause XSS with the injection of svg element. The XSS can further be escalated to dump the entire system information available under /admin/config/info whenever a Super Admin visits the page; which can further be chained with the...

8.9CVSS5.8AI score0.003EPSS
Exploits1References4Affected Software1
github
github
added 2026/04/24 12:31 a.m.6 views

Duplicate Advisory: OpenClaw: Gateway operator.write Can Reach Admin-Class Telegram Config and Cron Persistence via send

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-767m-xrhc-fxm7. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write...

8.8CVSS5.7AI score0.00232EPSS
Exploits0References5Affected Software1
redhatcve
redhatcve
added 2026/04/01 11:0 p.m.3 views

CVE-2026-34394

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's admin plugin configuration endpoint admin/save.json.php lacks any CSRF token validation. There is no call to isGlobalTokenValid or verifyToken before processing the request. Combined with the application's explicit...

8.1CVSS6AI score0.00233EPSS
Exploits1References1
euvd
euvd
added 2026/03/26 9:30 a.m.7 views

EUVD-2026-16134

A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impacted element is an unknown function of the file /admin/config/list.html. Performing a manipulation of the argument Name results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and...

5.3CVSS4.1AI score0.00337EPSS
Exploits0References5
Rows per page
Query Builder