Lucene search
K

1339 matches found

CVE
CVE
added 2024/03/26 3:28 p.m.64 views

CVE-2024-29810

CVE-2024-29810 details (mode C) : Affected software is the 10Web Photo Gallery WordPress plugin. The vulnerability is a reflected Cross-Site Scripting via the thumb_url parameter in the AJAX response for editimage_bwg in admin-ajax.php. The flaw allows arbitrary JavaScript to be inserted and exec...

5.4CVSS5.8AI score0.00412EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/26 3:28 p.m.16 views

CVE-2024-29810 WordPress Photo Gallery Plugin <= 1.8.21 Reflected Cross Site Scripting in editimage_bwg thumb_url

The thumburl parameter of the AJAX call to the editimagebwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the thumburl parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The...

5.4CVSS6.6AI score0.00412EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/03/26 3:27 p.m.13 views

CVE-2024-29809 WordPress Photo Gallery Plugin <= 1.8.21 Reflected Cross Site Scripting in editimage_bwg image_url

The imageurl parameter of the AJAX call to the editimagebwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the imageurl parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The...

5.4CVSS6.6AI score0.00412EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/03/26 3:26 p.m.23 views

CVE-2024-29808 WordPress Photo Gallery Plugin <= 1.8.21 Reflected Cross Site Scripting in editimage_bwg image_id

The imageid parameter of the AJAX call to the editimagebwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the imageid parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The...

5.4CVSS5.7AI score0.00412EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/03/26 3:26 p.m.18 views

CVE-2024-29808 WordPress Photo Gallery Plugin <= 1.8.21 Reflected Cross Site Scripting in editimage_bwg image_id

The imageid parameter of the AJAX call to the editimagebwg action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the imageid parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. The...

5.4CVSS6.6AI score0.00412EPSS
Exploits1References2
CVE
CVE
added 2024/03/26 3:26 p.m.71 views

CVE-2024-29808

CVE-2024-29808 affects the Photo Gallery WordPress plugin family (e.g., 10Web Photo Gallery). It describes a reflected XSS in the image_id parameter of the admin-ajax.php editimage_bwg AJAX action, where the image_id value is echoed within existing JavaScript in the response, enabling arbitrary s...

5.4CVSS5.8AI score0.00412EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/26 3:24 p.m.8 views

CVE-2024-29832 WordPress Photo Gallery Plugin <= 1.8.21 Unauthenticated Reflected Cross Site Scripting in GalleryBox current_url

The currenturl parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the currenturl parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. No...

6.1CVSS7AI score0.00446EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/03/26 3:24 p.m.23 views

CVE-2024-29832 WordPress Photo Gallery Plugin <= 1.8.21 Unauthenticated Reflected Cross Site Scripting in GalleryBox current_url

The currenturl parameter of the AJAX call to the GalleryBox action of admin-ajax.php is vulnerable to reflected Cross Site Scripting. The value of the currenturl parameter is embedded within an existing JavaScript within the response allowing arbitrary JavaScript to be inserted and executed. No...

6.1CVSS6.6AI score0.00446EPSS
Exploits1References2
CVE
CVE
added 2024/03/26 3:24 p.m.69 views

CVE-2024-29832

CVE-2024-29832 affects the Photo Gallery WordPress plugin. The vulnerability is a reflected XSS in the current_url parameter of the admin-ajax.php GalleryBox AJAX call, where the current_url value is embedded into existing JavaScript in the response, allowing arbitrary JavaScript execution. Explo...

6.1CVSS6.7AI score0.00446EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.3 views

PT-2024-6563 · Campcodes · Campcodes House Rental Management System

Name of the Vulnerable Software and Affected Versions: Campcodes House Rental Management System version 1.0 Description: The issue is related to a lack of protection against SQL query structure exploitation in the Campcodes House Rental Management System. This allows a remote attacker to execute...

7.5CVSS8.6AI score0.00645EPSS
Exploits1References15
CNVD
CNVD
added 2024/03/08 12:0 a.m.16 views

Customer Support System SQL Injection Vulnerability (CNVD-2024-14030)

Customer Support System is a customer support system by oretnom23 Personal Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. Customer Support System suffers from a SQL injection vulnerability that originates from...

9.8CVSS8.1AI score0.00818EPSS
Exploits1References1
0day.today
0day.today
added 2024/03/06 12:0 a.m.367 views

Customer Support System 1.0 - Multiple SQL injection Vulnerability

Exploit Title: Customer Support System 1.0 - Multiple SQL injection vulnerabilities Exploit Author: Geraldo Alcantara Vendor Homepage: https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html Software Link:...

8.8CVSS8.9AI score0.13754EPSS
Exploits6
Prion
Prion
added 2024/03/05 12:15 a.m.19 views

Sql injection

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customersupport/ajax.php?action=saveuser...

8.6AI score0.00761EPSS
Exploits1References2
Prion
Prion
added 2024/03/05 12:15 a.m.14 views

Sql injection

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customersupport/ajax.php?action=login...

8.6AI score0.0115EPSS
Exploits1References2
Prion
Prion
added 2024/03/05 12:15 a.m.23 views

Sql injection

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the subject parameter at /customersupport/ajax.php?action=saveticket...

8.2AI score0.00818EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/03/04 12:0 a.m.11 views

CVE-2023-49547

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customersupport/ajax.php?action=login...

8.2AI score0.0115EPSS
Exploits1References2
wpexploit
wpexploit
added 2024/01/31 12:0 a.m.141 views

Cookie Information < 2.0.23 - Subscriber+ Arbitrary Options Update

Description The plugin is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler, allowing any authenticated users, such as subscriber to update arbitrary site options Run the below command in the developer console of the web browser while being on th...

6.5CVSS8.7AI score0.0147EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/01/23 12:0 a.m.11 views

Travelpayouts < 1.1.14 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open the URL below:...

5.8AI score0.00318EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2024/01/23 12:0 a.m.135 views

Travelpayouts < 1.1.14 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below:...

6AI score0.00318EPSS
Exploits2
wpexploit
wpexploit
added 2024/01/10 12:0 a.m.167 views

EventON (Free < 2.2.8, Premium < 4.5.5) - Reflected XSS

Description The plugins do not properly sanitise and escape a parameter before outputting it back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below...

6.1CVSS6.1AI score0.00366EPSS
Exploits1
Rows per page
Query Builder