Lucene search
K

320 matches found

Cvelist
Cvelist
added 2023/10/09 1:6 p.m.38 views

CVE-2022-35950 OroCommerce Cross-site Scripting vulnerability in add note dialog of Shopping List line item

OroCommerce is an open-source Business to Business Commerce application. In versions 4.1.0 through 4.1.13, 4.2.0 through 4.2.10, 5.0.0 prior to 5.0.11, and 5.1.0 prior to 5.1.1, the JS payload added to the product name may be executed at the storefront when adding a note to the shopping list line...

6.9CVSS6.7AI score0.00358EPSS
Exploits0References1
OSV
OSV
added 2023/10/09 1:6 p.m.31 views

CVE-2022-35950 OroCommerce Cross-site Scripting vulnerability in add note dialog of Shopping List line item

OroCommerce is an open-source Business to Business Commerce application. In versions 4.1.0 through 4.1.13, 4.2.0 through 4.2.10, 5.0.0 prior to 5.0.11, and 5.1.0 prior to 5.1.1, the JS payload added to the product name may be executed at the storefront when adding a note to the shopping list line...

6.9CVSS5.3AI score0.00358EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/08/02 3:15 p.m.7 views

CVE-2023-38330

OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack...

5.3CVSS6.1AI score0.00358EPSS
Exploits0References3
Prion
Prion
added 2023/02/08 7:15 p.m.13 views

Sql injection

SQL Injection vulnerability in Future-Depth Institutional Management Website IMS 1.0, allows attackers to execute arbitrary commands via the ad parameter to /adminarea/logintransfer.php...

7.5CVSS9.9AI score0.00953EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/01/08 12:0 a.m.5 views

01ACP 跨站脚本漏洞

01ACP is a central administration area for all modules of 01-Scripts.de by Michael Individual Developer. A cross-site scripting vulnerability exists in 01-Scripts 01ACP, which stems from unknown processing, where manipulating some of the parameters can lead to cross-site scripting...

6.1CVSS4.2AI score0.00519EPSS
Exploits0References5
CNVD
CNVD
added 2022/12/29 12:0 a.m.28 views

FlatPress Cross-Site Scripting Vulnerability (CNVD-2023-06527)

FlatPress is a Php-based blogging system from the FlatPress community that does not require database support. A cross-site scripting vulnerability exists in FlatPress, which stems from a problem with an unknown part of the admin/panels/entry/admin.entry.list.php file in the Admin Area component...

6.1CVSS1.6AI score0.00518EPSS
Exploits0References1
NVD
NVD
added 2022/12/28 9:15 p.m.27 views

CVE-2022-4820

A vulnerability classified as problematic has been found in FlatPress. This affects an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patc...

6.1CVSS0.00518EPSS
Exploits0References4
Prion
Prion
added 2022/12/28 9:15 p.m.15 views

Cross site scripting

A vulnerability classified as problematic has been found in FlatPress. This affects an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patc...

5.8CVSS6AI score0.00518EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/12/28 8:42 p.m.28 views

CVE-2022-4820 FlatPress Admin Area admin.entry.list.php cross site scripting

A vulnerability classified as problematic has been found in FlatPress. This affects an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patc...

3.5CVSS6.5AI score0.00518EPSS
Exploits0References4
OSV
OSV
added 2022/12/28 8:42 p.m.12 views

CVE-2022-4820 FlatPress Admin Area admin.entry.list.php cross site scripting

A vulnerability classified as problematic has been found in FlatPress. This affects an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patc...

3.5CVSS4.1AI score0.00518EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/12/28 12:0 a.m.28 views

FlatPress 跨站脚本漏洞

FlatPress is a Php-based blogging system from the FlatPress community that does not require database support. A cross-site scripting vulnerability exists in FlatPress, which stems from a problem with an unknown part of the admin/panels/entry/admin.entry.list.php file in the Admin Area component...

6.1CVSS5.9AI score0.00518EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/12/28 12:0 a.m.6 views

PT-2022-28122 · Flatpress · Flatpress

Name of the Vulnerable Software and Affected Versions: FlatPress affected versions not specified Description: A problematic vulnerability has been found in FlatPress, affecting an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation leads ...

6.1CVSS4.2AI score0.00518EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2022/12/19 12:0 a.m.20 views

FlatPress < 1.3 Multiple Vulnerabilities

FlatPress is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS6.2AI score0.35435EPSS
Exploits2References7
OSV
OSV
added 2022/09/18 12:0 a.m.24 views

GHSA-CW2V-WV4G-W4P6 rdiffweb CSRF vulnerability in admin area can lead to deletion of repositories and users

rdiffweb prior to 2.4.5 is vulnerable to Cross-Site Request Forgery CSRF. An attacker exploiting this vulnerability can use it to delete repositories and users...

5.3CVSS4.4AI score0.00331EPSS
Exploits1References5
Huntr
Huntr
added 2022/09/16 8:1 a.m.24 views

Cross Site Request Forgery in Admin area leads to deletion of repositories and users

Description Server accepts the GET request for deleting repositories and users which can lead to CSRF attack on repositories'. Proof of Concept Open the below URL after logging in to the admin account in demo site. For deleting Repository : Replace "replace-here" with a repo name...

4.3CVSS1AI score0.00331EPSS
Exploits1References1
CNVD
CNVD
added 2022/08/24 12:0 a.m.24 views

Bluecms has an unspecified vulnerability (CNVD-2022-59211)

BlueCMS is a content management system CMS based on PHP and MySQL. a security vulnerability exists in BlueCMS version 1.6, which stems from an SQL injection in line 132 of admin/area.php. No details of the vulnerability are currently available...

9.8CVSS3AI score0.14423EPSS
Exploits1References1
NVD
NVD
added 2022/08/23 4:15 p.m.22 views

CVE-2022-37113

Bluecms 1.6 has SQL injection in line 132 of admin/area.php...

9.8CVSS0.14423EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/08/23 4:15 p.m.2 views

CVE-2022-37113

Bluecms 1.6 has SQL injection in line 132 of admin/area.php...

9.8CVSS7.4AI score0.14423EPSS
Exploits1References2
OSV
OSV
added 2022/08/23 4:15 p.m.3 views

CVE-2022-37113

Bluecms 1.6 has SQL injection in line 132 of admin/area.php...

9.8CVSS5.8AI score0.14423EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/08/23 3:17 p.m.19 views

CVE-2022-37113

Bluecms 1.6 has SQL injection in line 132 of admin/area.php...

10AI score0.14423EPSS
Exploits1References1
Rows per page
Query Builder