Lucene search
K

320 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:31 a.m.11 views

CVE-2022-4820

A vulnerability classified as problematic has been found in FlatPress. This affects an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patc...

6.1CVSS6.2AI score0.00518EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:54 p.m.3 views

CVE-2022-32404

Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manageinmate.php:3...

8.8CVSS8.3AI score0.01171EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:37 p.m.9 views

CVE-2021-32787

Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads a...

4.3CVSS6.8AI score0.00649EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:14 a.m.8 views

CVE-2014-10035

Multiple cross-site scripting XSS vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to inject arbitrary web script or HTML via the 1 sEcho parameter to commentspaginate.php or 2 storespaginate.php or the 3 affiliateurl, 4 description, 5 domain, 6...

4.3CVSS5.9AI score0.03496EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:2 a.m.10 views

CVE-2015-9355

The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area...

6.1CVSS6.2AI score0.00987EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:2 a.m.10 views

CVE-2015-9353

The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066...

7.2CVSS7.9AI score0.04187EPSS
Exploits5References1
OSV
OSV
added 2025/05/15 8:15 p.m.3 views

CVE-2024-6708

The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site Scripting attacks...

4.8CVSS5.8AI score0.00315EPSS
Exploits1References1
OSV
OSV
added 2025/03/23 3:15 p.m.5 views

CVE-2025-2651

A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /oews/admin/. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The explo...

6.9CVSS4.9AI score0.00631EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/02/07 10:11 a.m.21 views

CVE-2025-25075 WordPress Show notice or message on admin area plugin <= 2.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Venugopal Show notice or message on admin area show-notice-or-message-on-admin-area allows Stored XSS.This issue affects Show notice or message on admin area: from n/a through = 2.0...

7.1CVSS0.0015EPSS
Exploits0References1
CVE
CVE
added 2025/02/07 10:11 a.m.55 views

CVE-2025-25075

CVE-2025-25075 affects the WordPress plugin Show notice or message on admin area (

7.1CVSS7.2AI score0.0015EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/07 12:0 a.m.3 views

PT-2025-5914 · Unknown · Venugopal Show Notice/Message On Admin Area

Name of the Vulnerable Software and Affected Versions: Venugopal Show notice or message on admin area versions n/a through 2.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in the Venugopal Show notice or message on admin area. This vulnerability...

7.1CVSS9.1AI score0.0015EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/07 12:0 a.m.5 views

WordPress plugin Show notice or message on admin area 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...

7.1CVSS8.3AI score0.0015EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:10 p.m.15 views

CVE-2024-25628

Alf.io is a free and open source event attendance management system. In versions prior to 2.0-M4-2402 users can access the admin area even after being invalidated/deleted. This issue has been addressed in version 2.0-M4-2402. All users are advised to upgrade. There are no known workarounds for th...

7.6CVSS6.7AI score0.00379EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/02/03 4:12 p.m.4 views

WordPress Show notice or message on admin area plugin <= 2.0 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Show notice or message on admin area versions = 2.0...

7.1CVSS6.2AI score0.0015EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/31 12:0 a.m.5 views

PT-2024-34413 · Unknown · Abantecart

Name of the Vulnerable Software and Affected Versions: AbanteCart version 1.4.0 Description: A SQL Injection issue was discovered in the update function in public html/admin/controller/responses/listing grid/email templates.php. The issue is exploitable via the id parameter. Recommendations: For...

6CVSS7.6AI score0.0036EPSS
Exploits2References6
Packet Storm
Packet Storm
added 2024/09/06 12:0 a.m.244 views

Online Pizza Ordering System 1.0 Insecure Settings

============================================================================================================================================= | Title : Online Pizza Ordering System v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2024/08/12 12:0 a.m.20 views

CVE-2024-42625

FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/layout/add...

0.00212EPSS
Exploits1References1
Patchstack
Patchstack
added 2024/08/06 6:38 a.m.5 views

WordPress Ajax Search Lite plugin < 4.12.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Ajax Search Lite versions 4.12.1...

4.8CVSS6.1AI score0.00367EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2024/07/10 2:15 p.m.15 views

CVE-2024-40331

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/dbBakMySQLdeal.php?mudi=backup...

8.8CVSS0.00301EPSS
Exploits1References1
OSV
OSV
added 2024/05/16 3:15 p.m.5 views

CVE-2024-35039

idccms V1.35 was discovered to contain a Cross-Site Request Forgery CSRF via admin/tplSysdeal.php?mudi=area...

3.8CVSS5.8AI score0.00192EPSS
Exploits1References1
Rows per page
Query Builder