Lucene search
K

1339 matches found

NVD
NVD
added 2022/09/07 10:15 p.m.36 views

CVE-2022-38254

Nagios XI before v5.8.7 was discovered to contain a cross-site scripting XSS vulnerability via the ajax.php script in CCM 3.1.5...

6.1CVSS0.01781EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2022/09/07 10:15 p.m.36 views

CVE-2022-38254

Nagios XI before v5.8.7 was discovered to contain a cross-site scripting XSS vulnerability via the ajax.php script in CCM 3.1.5...

6.1CVSS6.3AI score0.01781EPSS
Exploits0References2
OSV
OSV
added 2022/09/07 10:15 p.m.13 views

UBUNTU-CVE-2022-38254

Nagios XI before v5.8.7 was discovered to contain a cross-site scripting XSS vulnerability via the ajax.php script in CCM 3.1.5...

6.1CVSS6.3AI score0.01781EPSS
Exploits0References3
CVE
CVE
added 2022/09/07 9:14 p.m.56 views

CVE-2022-38254

Nagios XI before v5.8.7 contains an XSS vulnerability in the ajax.php script within CCM 3.1.5. The issue allows injection of malicious scripts if a user visits or interacts with affected pages. Affected product: Nagios XI; affected component: ajax.php in CCM 3.1.5; root cause: cross‑site scriptin...

6.1CVSS6AI score0.01781EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2022/09/07 9:14 p.m.5 views

EUVD-2022-40846

Nagios XI before v5.8.7 was discovered to contain a cross-site scripting XSS vulnerability via the ajax.php script in CCM 3.1.5...

6.1CVSS6AI score0.01781EPSS
Exploits0References1
wpexploit
wpexploit
added 2022/09/06 12:0 a.m.416 views

Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Stored XSS

The plugin does not sanitise and escape some of the reservation user inputs, allowing unauthenticated attackers to perform Cross-Site Scripting attacks logged in admin viewing the malicious reservation made As unauthenticated, make a reservation ie on a page where the reservationform is embed and...

6.1CVSS0.3AI score0.83373EPSS
Exploits2
wpexploit
wpexploit
added 2022/08/29 12:0 a.m.638 views

Zephyr Project Manager < 3.2.5 - Multiple Unauthenticated SQLi

The plugin does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections POST /wp-admin/admin-ajax.php HTTP/1.1 Accept:...

9.8CVSS1.6AI score0.09675EPSS
Exploits5
wpexploit
wpexploit
added 2022/08/19 12:0 a.m.125 views

Craw Data <= 1.0.0 - Server Side Request Forgery

The plugin does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party sites SSRF. When configuring the CrawData addon, the request is as follows GET...

4.3CVSS0.3AI score0.00552EPSS
Exploits2
NVD
NVD
added 2022/08/16 7:15 p.m.16 views

CVE-2022-2843

A vulnerability was found in MotoPress Timetable and Event Schedule. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /wp-admin/admin-ajax.php of the component Quick Edit. The manipulation of the argument posttitle with the input leads to cross si...

6.1CVSS0.0047EPSS
Exploits0References1
Prion
Prion
added 2022/08/16 7:15 p.m.14 views

Cross site scripting

A vulnerability was found in MotoPress Timetable and Event Schedule. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /wp-admin/admin-ajax.php of the component Quick Edit. The manipulation of the argument posttitle with the input leads to cross si...

5.8CVSS6AI score0.0047EPSS
Exploits0References1
CVE
CVE
added 2022/08/16 6:50 p.m.63 views

CVE-2022-2843

CVE-2022-2843 affects MotoPress Timetable and Event Schedule (WordPress plugin). The vulnerability exists in the Quick Edit path via /wp-admin/admin-ajax.php, where manipulating the post_title parameter with the payload triggers cross-site scripting. Exploitation may be remote. The issue is docu...

6.1CVSS4.8AI score0.0047EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/08/16 6:50 p.m.23 views

CVE-2022-2843 MotoPress Timetable and Event Schedule Quick Edit admin-ajax.php cross site scripting

A vulnerability was found in MotoPress Timetable and Event Schedule. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /wp-admin/admin-ajax.php of the component Quick Edit. The manipulation of the argument posttitle with the input leads to cross si...

3.5CVSS6.2AI score0.0047EPSS
Exploits0References1
wpexploit
wpexploit
added 2022/07/26 12:0 a.m.139 views

Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending

The plugin does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog fetch"/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded", , "method": "POST", "body":...

4.3CVSS1.7AI score0.00308EPSS
Exploits2
wpexploit
wpexploit
added 2022/06/15 12:0 a.m.492 views

Ninja Forms < 3.6.11 - Unauthenticated PHP Object Injection

The plugin does not validate merge tags provided in the request, which could allow unauthenticated attackers to call any static method present in the blog. One from the plugin in particular could allow for PHP Object Injection when a suitable gadget is also present on the blog. Attackers have bee...

8AI score
Exploits0References2
Cvelist
Cvelist
added 2022/06/02 4:1 p.m.21 views

CVE-2022-32020

Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via ip/car-rental-management-system/admin/ajax.php?action=savesettings...

9.8AI score0.01868EPSS
Exploits1References1
wpexploit
wpexploit
added 2022/05/31 12:0 a.m.79 views

Visualizer < 3.7.7 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/admin-ajax.php?action=visualizer-edit-chart&library=yes&chart=6190&tab=visualizer&a"alert/XSS/...

0.5AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.23 views

Moodle allows attackers to obtain sensitive information

mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtai...

4CVSS5.9AI score0.01687EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2022/05/13 1:12 a.m.12 views

GHSA-FRHC-9HWC-X7J3 Moodle allows attackers to obtain sensitive information

mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtai...

4CVSS5.5AI score0.01687EPSS
Exploits0References9
GithubExploit
GithubExploit
added 2022/05/09 2:12 p.m.271 views

Exploit for CVE-2022-28590

CVE-2022-28590 The original discovery and manual PoC is from...

7.2CVSS7.6AI score0.24028EPSS
Exploits2
NVD
NVD
added 2022/05/03 2:15 p.m.26 views

CVE-2022-28590

A Remote Code Execution RCE vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=installtheme...

7.2CVSS0.24028EPSS
Exploits2References1
Rows per page
Query Builder