Lucene search
K

109 matches found

Github Security Blog
Github Security Blog
added 2025/09/23 6:30 p.m.12 views

GP247 and S-Cart have a stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...

5.4CVSS5.3AI score0.00201EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2025/09/23 6:30 p.m.61 views

GHSA-46V4-5MC8-Q2CF GP247 and S-Cart have a stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...

5.3CVSS5.3AI score0.00201EPSS
Exploits0References4
Snyk
Snyk
added 2025/09/23 4:44 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the User-Agent header in the Admin Log Viewer. An attacker can execute arbitrary web scripts in an administrator's browser by injecting crafted input, which is rendered when the security log page is viewed...

5.4CVSS5.4AI score0.00201EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/23 4:44 p.m.5 views

Cross-site Scripting (XSS)

Overview s-cart/core is a free Laravel e-commerce for business. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the User-Agent header in the Admin Log Viewer. An attacker can execute arbitrary web scripts in an administrator's browser by injecting crafted input,...

5.4CVSS5.5AI score0.00201EPSS
Exploits0References2
NVD
NVD
added 2025/09/23 4:15 p.m.45 views

CVE-2025-57407

A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...

5.4CVSS0.00201EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/23 12:0 a.m.1 views

CVE-2025-57407

A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...

4.9AI score0.00201EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/23 12:0 a.m.11 views

PT-2025-39177

Name of the Vulnerable Software and Affected Versions S-Cart versions prior to 10.0.4 Description A stored cross-site scripting XSS issue exists in the Admin Log Viewer component. A remote, authenticated attacker can inject arbitrary web script or HTML through a manipulated User-Agent header. Whe...

5.4CVSS5.2AI score0.00201EPSS
Exploits0References8
CVE
CVE
added 2025/09/23 12:0 a.m.21 views

CVE-2025-57407

This CVE affects s-cart components (notably s-cart/core and gp247/core) and the Admin Log Viewer, where a stored XSS flaw allows a remote authenticated attacker to inject arbitrary script via a crafted User-Agent header. The vulnerability arises from improper handling/sanitization of User-Agent d...

5.4CVSS4.9AI score0.00201EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/09/23 12:0 a.m.47 views

CVE-2025-57407

A stored cross-site scripting XSS vulnerability in the Admin Log Viewer of S-Cart =10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which...

0.00201EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/17 1:17 p.m.9 views

CVE-2025-59476

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not restrict or transform the characters that can be inserted from user-specified content in log messages, allowing attackers able to control log message contents to insert line break characters, followed by forged log messages that may...

0.00335EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2020-14320

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk. CVE-2020-14320 Note that...

6.1CVSS6.4AI score0.00581EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:10 a.m.3 views

CVE-2024-21515

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login a...

4.7CVSS5AI score0.00366EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:38 a.m.3 views

CVE-2023-23721

Cross-Site Request Forgery CSRF vulnerability in David Gwyer Admin Log plugin = 1.50 versions...

8.8CVSS7AI score0.00271EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:36 a.m.9 views

CVE-2017-1000428

flatCore-CMS 1.4.6 is vulnerable to reflected XSS in usermanagement.php due to the use of $SERVER'PHPSELF' to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string...

6.1CVSS5.8AI score0.00836EPSS
Exploits0References1
OSV
OSV
added 2025/04/13 6:15 a.m.4 views

CVE-2025-3531

A vulnerability classified as problematic has been found in YouDianCMS 9.5.21. This affects an unknown part of the file /App/Tpl/Admin/Default/Log/index.html. The manipulation of the argument UserName/LogType leads to cross site scripting. It is possible to initiate the attack remotely. The explo...

6.1CVSS3.8AI score0.00403EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/03/20 11:11 a.m.18 views

CVE-2024-13922 Order Export & Order Import for WooCommerce <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the adminlogpage function in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with...

2.7CVSS0.00371EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/01/24 12:0 a.m.6 views

bootplus 安全漏洞

bootplus is a permission management framework by JoeyBling Personal Developer. A security vulnerability exists in bootplus, which stems from the parameter logId in the file /admin/sys/log/list that can lead to SQL injection...

8.8CVSS6.8AI score0.0038EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/13 12:0 a.m.6 views

PT-2024-17383 · Crushftp · Crushftp

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves improper input handling in the 'Host Header', allowing an unauthenticated attacker to store a payload in web application logs. When a...

9.6CVSS6.2AI score0.00554EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/09/16 12:0 a.m.6 views

Decidim 跨站脚本漏洞

Decidim is an open source participatory democracy framework from Decidim, written in Ruby on Rails. A cross-site scripting vulnerability exists in Decidim versions 0.27.6 and earlier and 0.28.1 and earlier, which stems from a cross-site scripting attack in the administrator panel if an...

6.8CVSS5.8AI score0.00353EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2024/08/26 9:15 a.m.14 views

CVE-2024-43444

Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: OTRS from 7.0.X through 7.0.50 OTRS 8.0.X OTRS 2023.X...

8.2CVSS5.9AI score0.00376EPSS
Exploits0References2
Rows per page
Query Builder