Lucene search
K

136 matches found

CNVD
CNVD
added 2022/04/01 12:0 a.m.23 views

HTMLy cross-site scripting vulnerability (CNVD-2022-82256)

HTMLy is an open source database-free PHP blogging platform. A cross-site scripting vulnerability exists in HTMLy version 2.8.1, which originates from the "description" field in the admin/config and index.php pages. The vulnerability can be exploited to execute malicious code, manipulate pages to...

4.8CVSS5AI score0.00595EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/03/31 12:0 a.m.5 views

HTMLy 跨站脚本漏洞

HTMLy is an open source database-free PHP blogging platform. A cross-site scripting vulnerability exists in HTMLy version 2.8.1, which originates from the "description" field in the admin/config and index.php pages. The vulnerability can be exploited to execute malicious code, manipulate pages to...

4.8CVSS5.4AI score0.00595EPSS
Exploits1References3
CVE
CVE
added 2022/03/30 10:18 p.m.95 views

CVE-2021-46009

Totolink A3100R (V5.9c.4577) is affected by an access‑control vulnerability: multiple pages can be read without authentication and admin configurations can be set without cookies. The issue is described across multiple trusted sources (NVD entry CVE-2021-46009 and CNVD/CNNVD records) as a credent...

10CVSS9.3AI score0.12246EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/03/30 10:18 p.m.27 views

CVE-2021-46009

In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies...

9.6AI score0.12246EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/10/05 9:32 p.m.22 views

CVE-2020-21506

waimai Super Cms 20150505 contains a cross-site scripting XSS vulnerability in the component /admin.php?m=Config&a=add...

6AI score0.00641EPSS
Exploits1References1
OSV
OSV
added 2021/09/15 2:15 p.m.5 views

CVE-2020-19158

Cross Site Scripting XSS in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin//app/config/'...

5.4CVSS6.1AI score0.00713EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/09/15 12:0 a.m.6 views

S-CMS 跨站脚本漏洞

S-CMS is a PHP and MySQL based Content Management System CMS from S-CMS, China. S-CMS suffers from a cross-site scripting vulnerability that stems from cross-site scripting XSS in S-CMS build 20191014 and earlier versions that allows remote attackers to execute arbitrary code via the Site Title...

5.4CVSS6AI score0.00713EPSS
Exploits0References1
CVE
CVE
added 2021/02/27 4:27 a.m.95 views

CVE-2019-25020

CVE-2019-25020 affects Scytl sVote 2.1. The root cause is an unauthenticated sdm-ws-rest API that allows retrieving administrative configuration by sending a POST to /sdm-ws-rest/preconfiguration. The impact is exposure of admin configuration (confidentiality impact noted as HIGH in CVSS 3.1). Ex...

7.5CVSS7.4AI score0.01289EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2021/02/10 9:15 a.m.6 views

CVE-2021-23878

Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security ENS for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and credentials via accessing process memory after the ENS administrator has performed specific actions. To...

5CVSS5.8AI score0.00616EPSS
Exploits0References1
Prion
Prion
added 2021/02/02 6:15 p.m.16 views

Path traversal

loklak is an open-source server application which is able to collect messages from various sources, including twitter. The server contains a search index and a peer-to-peer index sharing interface. All messages are stored in an elasticsearch index. In loklak less than or equal to commit 5f48476, ...

6.4CVSS9AI score0.02116EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/02/02 6:15 p.m.3 views

CVE-2020-15097

loklak is an open-source server application which is able to collect messages from various sources, including twitter. The server contains a search index and a peer-to-peer index sharing interface. All messages are stored in an elasticsearch index. In loklak less than or equal to commit 5f48476, ...

9.1CVSS5.4AI score0.02116EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2021/01/20 12:0 a.m.13 views

Under Construction < 3.86 - Authenticated Stored Cross-Site Scripting (XSS)

The Underconstruction plugin admin configuration is vulnerable to stored XSS issues which will be triggered in the main page of the site, even when the unfilteredhtml is disabled. Edit WPScanTeam A fix was attempted in v3.80, but was insufficient. In the meantime, more fields were found to be...

0.3AI score
Exploits0References2Affected Software1
Prion
Prion
added 2020/12/28 8:15 a.m.19 views

Design/Logic Flaw

An issue was discovered in Zammad before 3.5.1. The default signup Role for newly created Users can be a privileged Role, if configured by an admin. This behvaior was unintended...

4CVSS5AI score0.00918EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/12/11 4:15 a.m.9 views

CVE-2020-35126

Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy...

4.8CVSS5AI score0.00694EPSS
Exploits0References1
NVD
NVD
added 2020/12/11 4:15 a.m.20 views

CVE-2020-35126

Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy...

4.8CVSS5AI score0.00694EPSS
Exploits0References1
Prion
Prion
added 2020/12/11 4:15 a.m.21 views

Cross site scripting

Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy...

3.5CVSS4.8AI score0.00694EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/12/11 3:57 a.m.69 views

CVE-2020-35126

Typesetter CMS 5.x–5.1 is affected by a Site Title persistent XSS via the Admin/Configuration URI. The vulnerability stems from the Admin/Configuration URI handling of the Site Title, enabling an attacker with admin access to persistently inject XSS content. No explicit fixed version is listed in...

4.8CVSS4.9AI score0.00694EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2020/12/11 12:0 a.m.8 views

PT-2020-17261 · Typesetter · Typesetter Cms

Name of the Vulnerable Software and Affected Versions: Typesetter CMS versions 5.x through 5.1 Description: The issue allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. The significance of this report is disputed because admins are considered trustworthy...

4.8CVSS5.8AI score0.00694EPSS
Exploits0References14
CNNVD
CNNVD
added 2020/12/10 12:0 a.m.7 views

Typesetter CMS Cross-Site Scripting Vulnerability

Typesetter is a content management system CMS. A cross-site scripting vulnerability exists in Typesetter CMS versions 5.x through 5.1 that allows administrators to conduct persistent XSS attacks on site headers via the administrative configuration URI. Note:The significance of this report is...

4.8CVSS5.6AI score0.00694EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/09/16 12:0 a.m.11 views

PT-2020-15483 · Cloudbees +1 · Jenkins Health Advisor By Cloudbees Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Health Advisor by CloudBees Plugin versions 3.2.0 and earlier Description: The issue arises from an incorrect permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view the endpoint, which includes a...

4.3CVSS4.4AI score0.00691EPSS
Exploits0References7
Rows per page
Query Builder