Lucene search
K

6 matches found

Veracode
Veracode
added 2026/05/23 6:21 a.m.19 views

Cross-site Scripting (XSS)

phpMyFAQ is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper escaping of malformed URLs in Utils::parseUrl, which allows an attacker to inject malicious JavaScript through comments and steal admin session cookies when affected pages are viewed...

8.3CVSS5.8AI score0.00215EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2026/01/29 2:28 p.m.35 views

CVE-2020-37018 GOautodial 4.0 - Persistent Cross-Site Scripting

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. Attackers can craft messages with embedded JavaScript that will execute when an administrator reads the message, potentially stealing...

6.4CVSS0.0024EPSS
Exploits0References3
OSV
OSV
added 2023/02/15 4:15 a.m.4 views

CVE-2022-45436

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting XSS. As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must clic...

4.8CVSS5.8AI score0.00614EPSS
Exploits0References2
CNVD
CNVD
added 2021/01/03 12:0 a.m.3 views

Egavilanmedia User Registration & Login System Cross-Site Scripting Vulnerability (CNVD-2021-01547)

Egavilanmedia User Registration & Login System is a management platform for user registration and login from Egavilanmedia, USA. A cross-site scripting vulnerability exists in EGavilanMedia User Registration and Login System With Admin Panel version 1.0, which can be exploited by an attacker to...

6.1CVSS5.8AI score0.0079EPSS
Exploits2References1
OSV
OSV
added 2020/10/16 2:15 p.m.3 views

CVE-2020-16270

OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applications. Executed code can be used to steal administrator’s cookies, influence HTML content of...

6.1CVSS6.4AI score0.13112EPSS
Exploits1References3
CNVD
CNVD
added 2019/12/11 12:0 a.m.2 views

5iSNS Content Payment System 1.0.9 suffers from XSS vulnerability

The 5iSNS content payment system integrates functional modules such as post articles and documents with social features. An XSS vulnerability exists in 5iSNS Paid-for-Content System 1.0.9, which can be exploited by an attacker to obtain administrator cookie information and log into the backend of...

6.2AI score
Exploits0
Rows per page
Query Builder