Lucene search
K

93 matches found

CNNVD
CNNVD
added 2023/04/14 12:0 a.m.4 views

Campcodes Advanced Online Voting System 跨站脚本漏洞

Campcodes Advanced Online Voting System is an online voting system. A cross-site scripting vulnerability exists in Campcodes Advanced Online Voting System v1.0. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the parameter title of the file...

6.1CVSS6.2AI score0.00604EPSS
Exploits1References4
Code423n4
Code423n4
added 2022/07/11 12:0 a.m.9 views

Upgraded Q -> M from 270 [1657580410834]

Judge has assessed an item in Issue 270 as Medium risk. The relevant finding follows: 6.L- Admin config ProtocolFee and gasFee missing max amount check which can be used to take fund from user With PROTOCOLFEEBPS 10000 more than 100%, the exchange can steal user WETH who might approve max WETH...

7.1AI score
Exploits0
OSV
OSV
added 2022/03/31 6:15 p.m.20 views

CVE-2021-42946

A Cross Site Scripting XSS vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page...

4.8CVSS5.9AI score
Exploits0References1
Prion
Prion
added 2022/03/31 6:15 p.m.18 views

Cross site scripting

A Cross Site Scripting XSS vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page...

3.5CVSS4.9AI score0.0055EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/03/31 5:53 p.m.23 views

CVE-2021-42946

A Cross Site Scripting XSS vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page...

5.2AI score0.0055EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/03/31 12:0 a.m.4 views

HTMLy 跨站脚本漏洞

HTMLy is a PHP-based open source blogging platform. A security vulnerability exists in HTMLy 2.8.1 that could lead to cross-site scripting via the copyright field in the /admin/config page...

4.8CVSS4.8AI score0.0055EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/03/02 7:15 p.m.6 views

CVE-2022-23878

seacms V11.5 is affected by an arbitrary code execution vulnerability in adminconfig.php...

9.8CVSS7.8AI score0.0206EPSS
Exploits1References2
OSV
OSV
added 2021/10/05 10:15 p.m.3 views

CVE-2020-21506

waimai Super Cms 20150505 contains a cross-site scripting XSS vulnerability in the component /admin.php?m=Config&a=add...

6.1CVSS5.7AI score0.00641EPSS
Exploits1References1
Prion
Prion
added 2021/08/03 7:15 p.m.15 views

Cross site scripting

The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send an authenticated post HTTP request to admin/config and inject arbitrary web script or HTML through a special website...

4.3CVSS5.9AI score0.00931EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/08/03 12:0 a.m.6 views

HTMLy 跨站脚本漏洞

HTMLy is a PHP-based open source blogging platform. A cross-site scripting vulnerability exists in htmly version 2.8.1, which can be exploited by remote attackers to send an authenticated post request to admin/config and inject arbitrary web script or HTML...

6.1CVSS5.8AI score0.00931EPSS
Exploits1References1
OSV
OSV
added 2021/04/30 4:15 p.m.3 views

CVE-2020-4039

SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file readable by the app can be retrieved by the attacker. Furthermore, some files can also be moved o...

9.1CVSS7.3AI score0.01371EPSS
Exploits0References1
NVD
NVD
added 2021/04/30 4:15 p.m.17 views

CVE-2020-4039

SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file readable by the app can be retrieved by the attacker. Furthermore, some files can also be moved o...

9.1CVSS0.01371EPSS
Exploits0References1
Prion
Prion
added 2021/04/30 4:15 p.m.11 views

Directory traversal

SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file readable by the app can be retrieved by the attacker. Furthermore, some files can also be moved o...

6.4CVSS9.1AI score0.01371EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/04/30 3:25 p.m.18 views

CVE-2020-4039 Directory Traversal Vulnerability in SUSI.AI Server

SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file readable by the app can be retrieved by the attacker. Furthermore, some files can also be moved o...

8.6CVSS9.3AI score0.01371EPSS
Exploits0References1
CVE
CVE
added 2021/04/30 3:25 p.m.41 views

CVE-2020-4039

CVE-2020-4039 affects SUSI.AI Server prior to version d27ed0f, with a directory traversal flaw caused by insufficient input validation. An attacker can read any admin config and files readable by the app, and may also move or delete certain files. The issue originates from how untrusted input is ...

9.1CVSS9.1AI score0.01371EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/28 9:1 p.m.40 views

Security Bulletin: IBM Planning Analytics has addressed multiple Security Vulnerabilities

Summary This Security Bulletin addresses security vulnerabilities that have been remediated in IBM Planning Analytics 2.0.9.1. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Planning Analytics. These issues were disclosed as part of the IBM Java SDK...

7.2CVSS1.3AI score0.0404EPSS
Exploits0Affected Software1
OSV
OSV
added 2019/10/24 5:15 p.m.4 views

DEBIAN-CVE-2019-12094

Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=updatef&username= or admin/user.php?form=removef&username= or admin/config/diff.php?app= URI...

6.1CVSS6.3AI score0.01536EPSS
Exploits6References1
NVD
NVD
added 2019/10/24 5:15 p.m.78 views

CVE-2019-12094

Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=updatef&username= or admin/user.php?form=removef&username= or admin/config/diff.php?app= URI...

6.1CVSS6AI score0.01536EPSS
Exploits6References6
UbuntuCve
UbuntuCve
added 2019/10/24 5:15 p.m.32 views

CVE-2019-12094

Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=updatef&username= or admin/user.php?form=removef&username= or admin/config/diff.php?app= URI...

6.1CVSS6.8AI score0.01536EPSS
Exploits6References6
Prion
Prion
added 2019/10/24 5:15 p.m.22 views

Hardcoded credentials

Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=updatef&username= or admin/user.php?form=removef&username= or admin/config/diff.php?app= URI...

4.3CVSS6.2AI score0.01536EPSS
Exploits6References6Affected Software1
Rows per page
Query Builder