Lucene search
K

66 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-29464

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00753EPSS
Exploits1References2
Veracode
Veracode
added 2025/04/28 7:18 a.m.10 views

Cross-site Scripting (XSS)

org.opencms, opencms-core is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper handling of the author parameter under the Create/Modify article function, allowing attackers to inject arbitrary web scripts or HTML via a crafted payload...

5.4CVSS5.1AI score0.00228EPSS
Exploits3References4Affected Software1
OSV
OSV
added 2025/04/18 6:31 p.m.3 views

GHSA-VQ95-6X79-QV8J Alkacon OpenCMS stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...

5.4CVSS6AI score0.00228EPSS
Exploits3References4
CNNVD
CNNVD
added 2025/04/18 12:0 a.m.7 views

Alkacon OpenCMS 安全漏洞

Alkacon OpenCMS is a content management system from Alkacon Inc. A security vulnerability exists in Alkacon OpenCMS version 17.0, which stems from improper handling of the author parameter and could lead to a stored cross-site scripting attack...

5.4CVSS5.7AI score0.00228EPSS
Exploits3References1
BDU FSTEC
BDU FSTEC
added 2024/07/31 12:0 a.m.5 views

The vulnerability of the HUSKY plugin – Products Filter Professional for WooCommerce (formerly WOOF) of the WordPress content management system – relates to the failure to protect the SQL query structure. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the HUSKY plugin – Products Filter Professional for WooCommerce previously WOOF of the WordPress content management system – is related to the lack of protection for the SQL query structure when processing the woofauthor parameter. Exploiting this vulnerability allows an...

10CVSS5.6AI score0.19725EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/02 12:0 a.m.8 views

PT-2024-5249

Name of the Vulnerable Software and Affected Versions: HUSKY – Products Filter Professional for WooCommerce plugin for WordPress versions up to, and including, 1.3.6 Description: The issue is related to a time-based SQL Injection vulnerability via the woof author parameter. This vulnerability is...

9.8CVSS5.9AI score0.19725EPSS
Exploits0References13
OSV
OSV
added 2024/02/27 9:15 a.m.5 views

CVE-2024-0855

The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the eventauthor parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+...

5.3CVSS5.8AI score0.00482EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/07/07 12:0 a.m.5 views

ThinuTech ThinuCMS 跨站脚本漏洞

ThinuTech ThinuCMS is a fast and secure PHP blogging system from ThinuTech. A cross-site scripting vulnerability exists in ThinuTech ThinuCMS version 1.5, which stems from the parameter author in the file /authorposts.php that causes cross-site scripting...

6.1CVSS4.2AI score0.00357EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/07/07 12:0 a.m.8 views

PT-2023-25214 · Thinutech · Thinucms

Name of the Vulnerable Software and Affected Versions: ThinuTech ThinuCMS version 1.5 Description: A vulnerability has been found in an unknown functionality of the file /author posts.php. The manipulation of the argument author with the input g6g12alert1o8sdm leads to cross site scripting. The...

6.1CVSS6.4AI score0.00357EPSS
Exploits0References4
Huntr
Huntr
added 2023/01/01 12:3 p.m.20 views

Stored XSS via blog author parameter on admin.php?p=config

Description The blog author parameter is unsanitized on the page admin.php?p=config. In this way is possible to inject arbitrary javascript code Proof of Concept - Login as regular user - Go to http://localhost/flatpress/admin.php?p=config - Set as blog author "alertdocument.domain - Refresh page...

4.9CVSS5.9AI score0.00479EPSS
Exploits1
CNNVD
CNNVD
added 2022/09/12 12:0 a.m.6 views

Simple Online Book Store System 跨站脚本漏洞

Simple Online Book Store System is a simple online bookstore system by Carlo Montero, an individual developer. A security vulnerability in the Title, Author, and Description parameters of the adminbook.php file in Simple Online Book Store System version 1.0 can be exploited to cause cross-site...

5.4CVSS5.5AI score0.00419EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/09/11 12:0 a.m.9 views

PT-2022-24074 · Unknown · Simple Online Book Store System

Name of the Vulnerable Software and Affected Versions: Simple Online Book Store System version 1.0 Description: The issue concerns Cross Site Scripting XSS in the /admin book.php file, where the Title, Author, and Description parameters are vulnerable. This allows for potential malicious script...

5.4CVSS5.2AI score0.00419EPSS
Exploits1References4
OSV
OSV
added 2022/09/06 6:15 p.m.6 views

CVE-2022-2939

The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible. This is due to improper validation on the value supplied through the 'author' parameter found in the /cerber-load.php file. In...

5.3CVSS6AI score0.00688EPSS
Exploits0References2
NVD
NVD
added 2022/09/06 6:15 p.m.30 views

CVE-2022-2939

The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible. This is due to improper validation on the value supplied through the 'author' parameter found in the /cerber-load.php file. In...

5.3CVSS0.00688EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/09/06 12:0 a.m.4 views

PT-2022-19570 · WordPress · Wp Cerber Security

Name of the Vulnerable Software and Affected Versions: WP Cerber Security plugin for WordPress versions up to, and including 9.0 Description: The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass, making user enumeration possible. This is due to improper validati...

5.3CVSS5.2AI score0.00688EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/08/31 6:15 p.m.6 views

CVE-2022-38812

AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter...

6.5CVSS5.9AI score0.02181EPSS
Exploits1References4
OSV
OSV
added 2022/08/31 6:15 p.m.4 views

CVE-2022-38812

AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter...

6.5CVSS5.8AI score0.02181EPSS
Exploits1References2
NVD
NVD
added 2022/08/31 6:15 p.m.23 views

CVE-2022-38812

AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter...

6.5CVSS0.02181EPSS
Exploits1References2
Prion
Prion
added 2022/08/31 6:15 p.m.16 views

Sql injection

AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter...

4CVSS6.9AI score0.02181EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/08/31 5:52 p.m.31 views

CVE-2022-38812

AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter...

7.2AI score0.02181EPSS
Exploits1References2
Rows per page
Query Builder