Lucene search
K

246 matches found

NVD
NVD
added 2025/12/17 11:15 p.m.8 views

CVE-2023-53931

Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute...

6.1CVSS0.02256EPSS
Exploits1References3
OSV
OSV
added 2025/12/17 11:15 p.m.3 views

CVE-2023-53931

Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute...

6.1CVSS6AI score
Exploits0References3
OSV
OSV
added 2025/12/17 11:15 p.m.5 views

CVE-2023-53918

PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the episode title field accessible through the episodes upload interface episodesupload.php. Malicious JavaScript payloads injected into episode titles execute when administrators view the episodes list page...

6.1CVSS6.2AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/17 10:44 p.m.2 views

CVE-2023-53931 Revive Adserver 5.4.1 Cross-Site Scripting via Banner Advanced Settings

Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute...

6.1CVSS5.7AI score0.02256EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/17 10:44 p.m.24 views

CVE-2023-53918 PodcastGenerator Stored Cross-Site Scripting via Episode Title Field

PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the episode title field accessible through the episodes upload interface episodesupload.php. Malicious JavaScript payloads injected into episode titles execute when administrators view the episodes list page...

6.1CVSS0.0028EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.6 views

PT-2025-51965

Name of the Vulnerable Software and Affected Versions PHPJabbers Simple CMS version 5.0 Description The software contains a stored cross-site scripting issue. Authenticated attackers can inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScri...

5.4CVSS6.7AI score0.00233EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.18 views

PT-2025-51969

Name of the Vulnerable Software and Affected Versions Revive Adserver version 5.4.1 Description Revive Adserver 5.4.1 has a cross-site scripting issue in the banner advanced configuration page. This allows attackers to inject malicious scripts. An attacker can create a malicious link to the...

6.1CVSS5.8AI score0.02256EPSS
Exploits1References7
EUVD
EUVD
added 2025/12/14 3:30 p.m.4 views

EUVD-2025-203301

A vulnerability was identified in Campcodes Supplier Management System 1.0. This issue affects some unknown processing of the file /admin/viewunit.php. The manipulation of the argument chkId leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available a...

7.5CVSS6.6AI score0.00333EPSS
Exploits1References6
NVD
NVD
added 2025/12/14 3:15 p.m.4 views

CVE-2025-14664

A vulnerability was identified in Campcodes Supplier Management System 1.0. This issue affects some unknown processing of the file /admin/viewunit.php. The manipulation of the argument chkId leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available a...

9.8CVSS0.00333EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/14 12:0 a.m.5 views

CampCodes Supplier Management System SQL注入漏洞

CampCodes Supplier Management System is a supplier management system from CampCodes, Inc. A SQL injection vulnerability exists in CampCodes Supplier Management System version 1.0, which stems from an incorrect manipulation of the parameter chkId in the file /admin/viewunit.php, which could lead t...

9.8CVSS7.8AI score0.00333EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/12/14 12:0 a.m.8 views

PT-2025-51166

A vulnerability was identified in Campcodes Supplier Management System 1.0. This issue affects some unknown processing of the file /admin/view unit.php. The manipulation of the argument chkId leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available...

7.5CVSS7.2AI score0.00333EPSS
Exploits1References6
CVE
CVE
added 2025/12/11 9:38 p.m.8 views

CVE-2024-58297

CVE-2024-58297 affects PyroCMS v3.0.1 with a stored XSS in the admin redirects configuration. An attacker can inject a payload into the Redirect From field, causing arbitrary JavaScript to execute when administrators view the redirects page. Public sources consistently describe this as a stored X...

5.4CVSS6AI score0.0021EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/11 9:38 p.m.3 views

CVE-2024-58296 CE Phoenix v3.0.1 Stored Cross-Site Scripting via admin/currencies.php

CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability in the currencies administration panel that allows attackers to inject malicious scripts. Attackers can insert XSS payloads in the title field to execute arbitrary JavaScript when administrators view the currencies page...

5.3CVSS5.5AI score0.0031EPSS
Exploits0References5
NVD
NVD
added 2025/12/03 3:15 p.m.3 views

CVE-2025-65267

In ERPNext v15.83.2 and Frappe Framework v15.86.0, improper validation of uploaded SVG avatar images allows attackers to embed malicious JavaScript. The payload executes when an administrator clicks the image link to view the avatar, resulting in stored cross-site scripting XSS. Successful...

9CVSS0.00296EPSS
Exploits0References3
NVD
NVD
added 2025/11/14 6:15 p.m.6 views

CVE-2025-13172

A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/view-member-report.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been released to the...

8.8CVSS0.00255EPSS
Exploits0References5
CVE
CVE
added 2025/11/14 6:2 p.m.10 views

CVE-2025-13172

CVE-2025-13172 affects CodeAstro Gym Management System 1.0. A SQL injection vulnerability exists in an unknown function of /admin/view-member-report.php triggered by manipulating the ID parameter. Exploitation is possible remotely, and public exploits have been released. NVD reports a high-severi...

8.8CVSS6.4AI score0.00255EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/11/03 2:15 a.m.4 views

CVE-2025-12610

A vulnerability was determined in CodeAstro Gym Management System 1.0. This affects an unknown part of the file /admin/view-progress-report.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and...

7.2CVSS5.8AI score0.00361EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/11/03 12:0 a.m.4 views

CodeAstro Gym Management System SQL注入漏洞

CodeAstro Gym Management System is a gym management system from CodeAstro. A SQL injection vulnerability exists in CodeAstro Gym Management System version 1.0, which stems from incorrect manipulation of the parameter ID in the file /admin/view-progress-report.php, which could lead to a SQL...

7.2CVSS5.6AI score0.00361EPSS
Exploits1References6
Veracode
Veracode
added 2025/10/13 3:22 a.m.10 views

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the application not verifying the content type of uploaded attachments or user avatars and serving the data back as is, which allows an authenticated attacker to inject malicious scripts that execute...

5.4CVSS5.9AI score0.00236EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/10/09 8:15 p.m.4 views

CVE-2025-60316

SourceCodester Pet Grooming Management Software 1.0 is vulnerable to SQL Injection in admin/viewcustomer.php via the ID parameter...

9.4CVSS0.00347EPSS
Exploits1References2
Rows per page
Query Builder