Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1599 matches found

CVE
CVEadded 2018/03/06 5:0 p.m.47 views

CVE-2018-7723

CVE-2018-7723 affects Piwigo 2.9.3: a stored XSS in the admin panel via the virtual_name parameter in /admin.php?page=cat_list (distinct from CVE-2017-9836). The description notes CSRF exploitation may be possible, related to CVE-2017-10681. CVSS vectors are provided (3.5/LOW for CVSS2, 5.4/MEDIU...

5.4CVSS5.1AI score0.00556EPSS
Exploits1References1Affected Software1
Vulnerability Lab
Vulnerability Labadded 2018/03/02 12:0 a.m.55 views

Sandoba CP:Shop CMS v2016.1 - Multiple XSS Vulnerabilities

Document Title: =============== Sandoba CP:Shop CMS v2016.1 - Multiple XSS Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2122 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13001 CVE-ID: ======= CVE-2018-13001 Release Date:...

6.1CVSS0.5AI score0.00813EPSS
Exploits3
Prion
Prionadded 2018/02/25 7:29 p.m.15 views

Cross site scripting

controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting XSS via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xssclean protection mechanism is defeated by crafted input that lacks a '' character...

4.3CVSS6AI score0.00864EPSS
Exploits0References2Affected Software1
Prion
Prionadded 2018/02/24 4:29 p.m.16 views

Sql injection

Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator...

4CVSS5.8AI score0.01257EPSS
Exploits0References2Affected Software1
Prion
Prionadded 2018/02/19 2:29 p.m.18 views

Cross site request forgery (csrf)

application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request...

6.8CVSS8.7AI score0.00523EPSS
Exploits1References1Affected Software1
OSV
OSVadded 2018/02/19 2:29 p.m.19 views

CVE-2018-7219

application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request...

8.8CVSS7.3AI score
Exploits0References1
Cvelist
Cvelistadded 2018/02/19 2:0 p.m.28 views

CVE-2018-7219

application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request...

8.8AI score0.00523EPSS
Exploits1References1
CNVD
CNVDadded 2018/01/17 12:0 a.m.3 views

WordPress responsive-coming-soon-page plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . responsive-coming-soon-page plugin is used in one of the test system maintenance plugin . A cross-site scriptin...

4.8CVSS6AI score0.00719EPSS
Exploits1References1
CNVD
CNVDadded 2018/01/17 12:0 a.m.3 views

WordPress responsive-coming-soon-page plugin cross-site scripting vulnerability (CNVD-2018-01255)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . responsive-coming-soon-page plugin is used in one of the test system maintenance plugin . A cross-site scriptin...

4.8CVSS6AI score0.00635EPSS
Exploits1References1
NVD
NVDadded 2018/01/14 4:29 a.m.17 views

CVE-2018-5692

Piwigo v2.8.2 has XSS via the tab, to, section, mode, installstatus, and display parameters of the admin.php file...

6.1CVSS6.1AI score0.00696EPSS
Exploits3References1
NVD
NVDadded 2018/01/14 4:29 a.m.16 views

CVE-2018-5695

The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to the wpjb-job or wpjb-alerts module, with a request to wp-admin/admin.php...

7.2CVSS7.5AI score0.01231EPSS
Exploits3References1
Prion
Prionadded 2018/01/14 4:29 a.m.16 views

Design/Logic Flaw

Piwigo v2.8.2 has XSS via the tab, to, section, mode, installstatus, and display parameters of the admin.php file...

4.3CVSS5.9AI score0.00696EPSS
Exploits3References1Affected Software1
OSV
OSVadded 2018/01/14 4:29 a.m.19 views

CVE-2018-5692

Piwigo v2.8.2 has XSS via the tab, to, section, mode, installstatus, and display parameters of the admin.php file...

6.1CVSS6AI score
Exploits0References1
Cvelist
Cvelistadded 2018/01/14 4:0 a.m.17 views

CVE-2018-5692

Piwigo v2.8.2 has XSS via the tab, to, section, mode, installstatus, and display parameters of the admin.php file...

6AI score0.00696EPSS
Exploits3References1
CVE
CVEadded 2018/01/14 4:0 a.m.59 views

CVE-2018-5692

Piwigo v2.8.2 is affected by a cross-site scripting (XSS) vulnerability in admin.php. The issue can be triggered by unsafely handling input in the tab, to, section, mode, installstatus, and display parameters, allowing injection of malicious script. This vulnerability is documented across multipl...

6.1CVSS5.9AI score0.00696EPSS
Exploits3References1Affected Software1
CVE
CVEadded 2018/01/14 2:0 a.m.39 views

CVE-2018-5687

NewsBee (CMS) vulnerability CVE-2018-5687: a stored/reflected XSS is possible via the Company Name field in Settings (admin/admin.php). The description across sources consistently states an XSS vulnerability in NewsBee’s Settings interface. Root cause: improper sanitization/escaping of input in t...

4.8CVSS4.8AI score0.00526EPSS
Exploits1References1Affected Software1
Prion
Prionadded 2018/01/13 12:29 a.m.12 views

Design/Logic Flaw

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php countertitle parameter...

3.5CVSS4.8AI score0.00635EPSS
Exploits1References2Affected Software1
Prion
Prionadded 2018/01/13 12:29 a.m.13 views

Design/Logic Flaw

An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php formfield5label parameter...

3.5CVSS4.8AI score0.00635EPSS
Exploits1References2Affected Software1
NVD
NVDadded 2018/01/13 12:29 a.m.19 views

CVE-2018-5666

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php bgcolor parameter...

4.8CVSS5AI score0.00635EPSS
Exploits1References2
Prion
Prionadded 2018/01/13 12:29 a.m.14 views

Design/Logic Flaw

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php buttontextlink parameter...

3.5CVSS4.8AI score0.00635EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder