Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/05/19 9:18 p.m.8 views

CVE-2026-34246 CtrlPanel: Stored XSS in Admin Role Management via Unescaped DataTable HTML Output

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability exists in the admin role management interface. In app/Http/Controllers/Admin/RoleController.php, the datatable method interpolates $role-name and...

4.8CVSS5.8AI score0.00216EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:18 p.m.7 views

CVE-2026-34246

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability exists in the admin role management interface. In app/Http/Controllers/Admin/RoleController.php, the datatable method interpolates $role-name and...

4.8CVSS5.8AI score0.00216EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/19 9:18 p.m.35 views

CVE-2026-34246 CtrlPanel: Stored XSS in Admin Role Management via Unescaped DataTable HTML Output

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability exists in the admin role management interface. In app/Http/Controllers/Admin/RoleController.php, the datatable method interpolates $role-name and...

4.8CVSS0.00216EPSS
Exploits0References2
Veracode
Veracode
added 2023/03/20 5:20 a.m.6 views

SQL Injection

ezsystems/ezpublish-kernel is vulnerable to Privilege Escalation. The vulnerability exists due to improper privilege management in the admin role, which allows attackers to bypass the admin policy and assign any role to any user...

9.8CVSS7.1AI score0.00877EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder