Lucene search
K

21 matches found

Cvelist
Cvelist
added 2026/04/13 12:0 a.m.22 views

CVE-2026-36948

Sourcecodester Online Thesis Archiving System v1.0 is vulnerale to SQL injection in the file /otas/viewarchive.php...

0.00169EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/21 5:27 p.m.4 views

CVE-2021-47872

SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'ordercol' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by...

7.1CVSS5.8AI score0.00224EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/21 5:27 p.m.3 views

CVE-2021-47872 SEO Panel < 4.9.0 - 'order_col' Blind SQL Injection

SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'ordercol' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by...

7.1CVSS5.8AI score0.00224EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.6 views

PT-2026-3824

SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'order col' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by...

7.1CVSS5.8AI score0.00224EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-4356

Malicious code in bioql PyPI...

6.5CVSS8.7AI score0.00251EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/26 3:28 p.m.16 views

CVE-2025-27280

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alobaidi Archive Page archive-page allows DOM-Based XSS.This issue affects Archive Page: from n/a through = 1.0.2...

6.5CVSS7.2AI score0.00251EPSS
Exploits0References1
NVD
NVD
added 2025/02/24 3:15 p.m.5 views

CVE-2025-27280

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alobaidi Archive Page archive-page allows DOM-Based XSS.This issue affects Archive Page: from n/a through = 1.0.2...

6.5CVSS0.00251EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/02/24 3:11 p.m.4 views

WordPress Archive Page plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Archive Page versions = 1.0.2...

6.5CVSS5.8AI score0.00251EPSS
Exploits0Affected Software1
CVE
CVE
added 2025/02/24 2:48 p.m.62 views

CVE-2025-27280

CVE-2025-27280 : WordPress Archive Page plugin (versions n/a–1.0.1) suffers a DOM-Based XSS due to improper input neutralization during page generation. Exploitation is reported as an authenticated (Contributor+) Stored XSS. Remediation: upgrade to a fixed release (1.0.2 or later) once available.

6.5CVSS7.2AI score0.00251EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/24 2:48 p.m.6 views

CVE-2025-27280 WordPress Archive Page plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alobaidi Archive Page archive-page allows DOM-Based XSS.This issue affects Archive Page: from n/a through = 1.0.2...

6.5CVSS8.6AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/24 2:48 p.m.19 views

CVE-2025-27280 WordPress Archive Page plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alobaidi Archive Page archive-page allows DOM-Based XSS.This issue affects Archive Page: from n/a through = 1.0.2...

6.5CVSS0.00251EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/24 12:0 a.m.3 views

PT-2025-7725 · Unknown · Alobaidi Archive Page

Name of the Vulnerable Software and Affected Versions: Alobaidi Archive Page versions n/a through 1.0.1 Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability, specifically DOM-Based XSS...

6.5CVSS8.6AI score0.00251EPSS
Exploits0References3
OSV
OSV
added 2024/06/15 2:15 a.m.6 views

CVE-2024-3815

The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

4.8CVSS6AI score0.00279EPSS
Exploits0References2
NVD
NVD
added 2024/06/15 2:15 a.m.34 views

CVE-2024-3815

The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.5CVSS0.00279EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/15 12:0 a.m.10 views

PT-2024-27893 · WordPress · Newspaper Theme For Wordpress

Name of the Vulnerable Software and Affected Versions: Newspaper theme for WordPress versions up to, and including, 12.6.5 Description: The issue is related to Stored Cross-Site Scripting via attachment meta in the archive page due to insufficient input sanitization and output escaping on user...

5.5CVSS6.2AI score0.00279EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2023/05/29 7:14 a.m.4 views

Don't Click That ZIP File! Phishers Weaponizing .ZIP Domains to Trick Victims

A new phishing technique called "file archiver in the browser" can be leveraged to "emulate" a file archiver software in a web browser when a victim visits a .ZIP domain. "With this phishing attack, you simulate a file archiver software e.g., WinRAR in the browser and use a .zip domain to make it...

6.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/07/09 12:0 a.m.6 views

The vulnerability of the entry page for the personal archive in Cgi/private.py of the GNU Mailman mailing system allows a intruder to inject arbitrary content.

The vulnerability of the entry page for the personal archive in Cgi/private.py of the GNU Mailman system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary content using a specially created request...

5.4CVSS6.4AI score0.01888EPSS
Exploits0References10Affected Software3
NVD
NVD
added 2020/06/24 12:15 p.m.18 views

CVE-2020-15011

GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page...

4.3CVSS0.01888EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2020/06/24 11:34 a.m.28 views

CVE-2020-15011

Removed by vendor...

4.3CVSS6.1AI score0.01888EPSS
Exploits0
Openbugbounty
Openbugbounty
added 2016/01/06 12:54 p.m.7 views

tagesschau.de XSS vulnerability

Vulnerable URL: http://www.tagesschau.de/mehr/archiv/hintergruende-archiv100.html?correspondent=number=2=1'"alert'XSSPOSED'...

6.9AI score
Exploits0
Rows per page
Query Builder