Lucene search
K

49 matches found

ATTACKERKB
ATTACKERKB
added 2022/03/20 7:15 p.m.4 views

CVE-2022-26246

TMS v2.28.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /TMS/admin/setting/mail/createorupdate...

6.1CVSS5.8AI score0.00611EPSS
Exploits1References2
OSV
OSV
added 2021/10/04 9:15 p.m.2 views

CVE-2020-21495

A cross-site scripting XSS vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter...

6.1CVSS6.5AI score0.00672EPSS
Exploits1References2
OSV
OSV
added 2021/10/04 9:15 p.m.2 views

CVE-2020-21496

A cross-site scripting XSS vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitebrief parameter...

6.1CVSS5.9AI score0.00672EPSS
Exploits1References2
NVD
NVD
added 2021/08/17 6:15 p.m.13 views

CVE-2021-29056

Cross Site Scripting XSS vulnerability exists in Pixelimity 1.0 via the HTTP POST parameter to admin/setting.php...

4.8CVSS0.0051EPSS
Exploits1References1
CNVD
CNVD
added 2021/01/25 12:0 a.m.4 views

Pixelimity Cross-Site Request Forgery Vulnerability

Pixelimity is a PHP-based open source CMS Content Management System. A cross-site request forgery vulnerability exists in Pixelimity version 1.0, which originates from the admin setting.php data Password parameter. No details of the vulnerability are available at this time...

6.8CVSS6.7AI score0.02009EPSS
Exploits2References1
Prion
Prion
added 2021/01/19 1:15 p.m.14 views

Cross site request forgery (csrf)

Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data Password parameter...

6CVSS6.7AI score0.02009EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2020/02/19 3:15 p.m.11 views

CVE-2012-1932

A cross-site scripting XSS vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the settingadminemail parameter to admin/setting...

4.8CVSS5AI score0.00703EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/02/19 2:27 p.m.17 views

CVE-2012-1932

A cross-site scripting XSS vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the settingadminemail parameter to admin/setting...

4.9AI score0.00703EPSS
Exploits1References1
OSV
OSV
added 2019/02/18 6:29 p.m.1 views

CVE-2019-8910

An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=sitepost CSRF...

8.8CVSS7.3AI score0.00614EPSS
Exploits1References1
CNVD
CNVD
added 2018/11/13 12:0 a.m.2 views

JPress Cross-Site Scripting Vulnerability

JPress is a set of blogging platform developed using the Java language. A cross-site scripting vulnerability exists in JPress version 1.0-rc.5, which can be exploited to inject arbitrary web script or HTML by sending the site name, site title, or site subtitle fields to the...

4.8CVSS4.7AI score0.0064EPSS
Exploits1References1
OSV
OSV
added 2018/10/17 4:29 a.m.5 views

CVE-2018-18430

An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to the admin.php URI...

4.8CVSS5.8AI score0.00578EPSS
Exploits1References2
NVD
NVD
added 2018/10/17 4:29 a.m.18 views

CVE-2018-18430

An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to the admin.php URI...

4.8CVSS4.9AI score0.00578EPSS
Exploits1References2
Prion
Prion
added 2018/10/17 4:29 a.m.16 views

Design/Logic Flaw

An issue was discovered in DESTOON B2B 7.0. admin\setting.inc.php has XSS via the first text box to the admin.php URI...

3.5CVSS4.8AI score0.00578EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2018/10/10 4:29 p.m.10 views

Cross site scripting

XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=siteattachment attachmenturl parameter...

4.3CVSS6AI score0.00865EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/10/10 4:29 p.m.11 views

CVE-2018-18210

XSS exists in DiliCMS 2.4.0 via the admin/index.php/setting/site?tab=siteattachment attachmenturl parameter...

6.1CVSS6AI score
Exploits0References1
CNVD
CNVD
added 2018/05/11 12:0 a.m.1 views

POSCMS 'index' function arbitrary code execution vulnerability

POSCMS PhpOpenSourceCMS is a PHP and MySQL based, open source, cross-platform web content management system CMS. A security vulnerability exists in POSCMS version 3.2.10. An attacker can exploit the vulnerability by writing code to the api/ucsso/config.php file with the help of the 'index' functi...

7.2CVSS7AI score0.01521EPSS
Exploits1References1
Prion
Prion
added 2018/04/19 6:29 p.m.17 views

Code injection

POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of $cache'setting''ucssocfg' in diy\module\member\models\Membermodel.php and write this code into the...

6.5CVSS7.4AI score0.01521EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/04/19 6:0 p.m.18 views

CVE-2018-10235

POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diy\module\member\controllers\admin\Setting.php 'index' function because an attacker can control the value of $cache'setting''ucssocfg' in diy\module\member\models\Membermodel.php and write this code into the...

7.4AI score0.01521EPSS
Exploits1References1
CNVD
CNVD
added 2017/12/28 12:0 a.m.4 views

PHP Scripts Mall Professional Service Script Cross-Site Request Forgery Vulnerability

Professional Service Script is a script from PHP Scripts Mall with search, task creation and task management features. A cross-site request forgery vulnerability exists in PHP Scripts Mall Professional Service Script. A remote attacker can exploit this vulnerability to conduct cross-site request...

8.8CVSS7.2AI score0.00505EPSS
Exploits1References1
CNVD
CNVD
added 2017/09/15 12:0 a.m.3 views

Wordpress plugin image-gallery-with-slideshow 'imgid' parameter SQL injection vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the Wordpress plugin image-gallery-with-slideshow. A remote attacker can exploit the...

9.8CVSS8.5AI score0.02907EPSS
Exploits1References1
Rows per page
Query Builder