Lucene search
K

60 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:29 p.m.7 views

CVE-2020-21127

MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs=index=dodel...

9.8CVSS8AI score0.01627EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:19 a.m.10 views

CVE-2019-17205

TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed...

6.1CVSS5.8AI score0.01029EPSS
Exploits1References1
OSV
OSV
added 2025/03/16 1:15 p.m.5 views

CVE-2025-2339

A vulnerability was found in otale Tale Blog 2.0.5. It has been classified as problematic. This affects an unknown part of the file /%61dmin/api/logs. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public an...

7.5CVSS4.8AI score0.00839EPSS
Exploits1References4
Snyk
Snyk
added 2024/09/16 7:44 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS when an admin assigns a valuator to a proposal, or does an action that generates an admin activity log. Workaround Users who are not able to upgrade to the fixed version can redirect the pages /admin and...

6.8CVSS5.3AI score0.00353EPSS
Exploits0References2
CNVD
CNVD
added 2024/02/02 12:0 a.m.11 views

facileManager SQL Injection Vulnerability

facileManager is a suite of modular Web applications from facileManager, Inc. facileManager suffers from an SQL injection vulnerability that originates from an unsafe call to the extract function in admin-logs.php. An attacker can use this vulnerability to view, add, modify, or delete information...

6.5CVSS7.4AI score0.00641EPSS
Exploits1References1
NVD
NVD
added 2024/01/31 11:15 p.m.47 views

CVE-2024-24572

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...

6.5CVSS6.8AI score0.00641EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/01/31 12:0 a.m.5 views

facileManager SQL注入漏洞

facileManager is a suite of modular Web applications from facileManager, Inc. facileManager suffers from an SQL injection vulnerability that originates from an unsafe call to the extract function in admin-logs.php. An attacker can use this vulnerability to view, add, modify, or delete information...

6.5CVSS7.7AI score0.00641EPSS
Exploits1References3
NVD
NVD
added 2023/07/06 2:15 p.m.21 views

CVE-2023-36995

TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR cookie...

6.1CVSS6.1AI score0.00473EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/07/06 2:15 p.m.8 views

CVE-2023-36995

TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR cookie...

6.1CVSS6.4AI score0.00473EPSS
Exploits1References2
Prion
Prion
added 2023/07/06 2:15 p.m.14 views

Design/Logic Flaw

TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR cookie...

5.8CVSS6AI score0.00473EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/07/06 12:0 a.m.14 views

CVE-2023-36995

TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR cookie...

6.1CVSS6AI score0.00473EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/07/06 12:0 a.m.12 views

CVE-2023-36995

TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR cookie...

6.1AI score0.00473EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/06 12:0 a.m.17 views

CVE-2023-36995

TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR cookie...

6.1AI score0.00473EPSS
Exploits1References1
CVE
CVE
added 2023/07/06 12:0 a.m.41 views

CVE-2023-36995

CVE-2023-36995 affects TravianZ versions 8.3.4 and earlier. The vulnerability is a cross-site scripting (XSS) issue via multiple endpoints: Alliance tag/name, statistics page, link preferences, Admin Logs, and the COOKUSR cookie. Connected documents do not specify a remediation version or patch; ...

6.1CVSS5.9AI score0.00473EPSS
Exploits1References1Affected Software1
Hacker One
Hacker One
added 2023/04/15 4:34 p.m.21 views

Lark Technologies: Improper Access Control allows OTP bypass

A vulnerability was discovered that allowed the one-time password requirement to be bypassed when directly accessing the admin log download endpoint. This could have enabled users within the organization to access admin logs without verifying their identity. The issue was resolved after being...

7.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/03/14 3:15 p.m.6 views

CVE-2022-0230

The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins...

6.1CVSS6.3AI score0.01496EPSS
Exploits2References2
OSV
OSV
added 2022/01/24 8:15 a.m.4 views

CVE-2021-25078

The Affiliates Manager WordPress plugin before 2.9.0 does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admin viewing the tracked requests...

6.1CVSS6.4AI score0.02288EPSS
Exploits2References2
OSV
OSV
added 2021/12/13 11:15 a.m.3 views

CVE-2021-24756

The WP System Log WordPress plugin before 1.0.21 does not sanitise, validate and escape the IP address retrieved from login requests before outputting them in the admin dashboard, which could allow unauthenticated attacker to perform Cross-Site Scripting attacks against admins viewing the logs...

6.1CVSS5.8AI score0.01322EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/11/08 12:0 a.m.5 views

WordPress 插件跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin. The WordPress plugin 404 to 301 â€" Redirect, Log and Noti...

6.5CVSS6.3AI score0.00531EPSS
Exploits2References2
OSV
OSV
added 2021/09/15 5:15 p.m.4 views

CVE-2020-21127

MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel...

9.8CVSS5.8AI score0.01627EPSS
Exploits1References1
Rows per page
Query Builder