Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

CVE
CVEadded 2019/04/29 1:47 p.m.35 views

CVE-2019-11592

CVE-2019-11592 affects WeBid 1.2.2 and is a reflected XSS vulnerability. The issue is triggered via user-supplied input in the id parameter of admin/deletenews.php, admin/editbannersuser.php, admin/editfaqscategory.php, or admin/excludeuser.php, and via the offset parameter in admin/edituser.php....

6.1CVSS5.9AI score0.0024EPSS
Exploits1References1Affected Software1
Prion
Prionadded 2015/01/02 7:59 p.m.18 views

Sql injection

Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the 1 sectionID parameter to admin/managersection.php, 2 userID parameter to admin/edituser.php, 3 username parameter to admin/admin.php, or 4 title parameter to...

6.5CVSS8.8AI score0.01689EPSS
Exploits1References3Affected Software1
seebug.org
seebug.orgadded 2014/07/01 12:0 a.m.12 views

AlstraSoft SMS Text Messaging Enterprise 2.0 admin/edituser.php userid Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/25022/info SMS Text Messaging Enterprise is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...

7.1AI score
Exploits0
NVD
NVDadded 2012/04/11 10:39 a.m.11 views

CVE-2012-1992

Cross-site scripting XSS vulnerability in admin/edituser.php in CMS Made Simple 1.10.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter aka the Email Address field in the Edit User template...

4.3CVSS5.7AI score0.00318EPSS
Exploits2References2
NVD
NVDadded 2009/05/22 6:30 p.m.11 views

CVE-2009-1767

admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the 1 loginname, 2 password, 3 email, 4 firstname, or 5 lastname parameter...

5CVSS6.8AI score0.03673EPSS
Exploits1References4
CVE
CVEadded 2009/05/22 6:0 p.m.50 views

CVE-2009-1767

CVE-2009-1767 involves admin/edituser.php in the 2daybiz Template Monster Clone, where no administrative authentication is required. This permits remote attackers to modify arbitrary accounts via the parameters loginname, password, email, firstname, and lastname. The NVD lists a CVSSv2 base score...

5CVSS7AI score0.03673EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder