Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

NVD
NVDadded 2024/10/15 8:15 a.m.8 views

CVE-2024-9982

AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. When the LINE Campaign Module is enabled, unauthenticated remote attackers can inject arbitrary FetchXml commands to read, modify, and delete database content...

9.8CVSS0.01705EPSS
Exploits0References2
CVE
CVEadded 2024/10/15 8:4 a.m.37 views

CVE-2024-9982

CVE-2024-9982 affects Esi Technology’s AIM LINE Marketing Platform. The vulnerability arises from improper validation of a specific query parameter, enabling an unauthenticated attacker to inject arbitrary FetchXml commands when the LINE Campaign Module is enabled, with read/modify/delete access ...

9.8CVSS9.7AI score0.01705EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2024/10/15 8:4 a.m.7 views

CVE-2024-9982 ESi Technology AIM LINE Marketing Platform - SQL Injection

AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. When the LINE Campaign Module is enabled, unauthenticated remote attackers can inject arbitrary FetchXml commands to read, modify, and delete database content...

9.8CVSS7.4AI score0.01705EPSS
Exploits0References2
Cvelist
Cvelistadded 2024/10/15 8:4 a.m.18 views

CVE-2024-9982 ESi Technology AIM LINE Marketing Platform - SQL Injection

AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. When the LINE Campaign Module is enabled, unauthenticated remote attackers can inject arbitrary FetchXml commands to read, modify, and delete database content...

9.8CVSS0.01705EPSS
Exploits0References2
OSV
OSVadded 2024/03/06 11:3 a.m.16 views

BIT-PHPLIST-2020-23208

A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under the "Start or continue campaign" module...

5.4CVSS5.5AI score0.00286EPSS
Exploits1References1
OSV
OSVadded 2021/07/02 6:15 p.m.14 views

CVE-2020-36398

A stored cross site scripting XSS vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module...

5.4CVSS5.6AI score
Exploits0References1
NVD
NVDadded 2021/07/02 6:15 p.m.10 views

CVE-2020-36398

A stored cross site scripting XSS vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module...

5.4CVSS0.00191EPSS
Exploits1References1
Prion
Prionadded 2021/07/02 6:15 p.m.11 views

Cross site scripting

A stored cross site scripting XSS vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module...

3.5CVSS5.3AI score0.00191EPSS
Exploits1References1Affected Software1
CNNVD
CNNVDadded 2021/07/02 12:0 a.m.1 views

PhpList 跨站脚本漏洞

phpList is an open source newsletter and email marketing software from phpList UK. A stored cross-site scripting vulnerability exists in phplist 3.5.4 and earlier versions, which can be exploited by an attacker to execute arbitrary Web script or HTML via the "Campaign" field under the "Send...

5.4CVSS5.6AI score0.00191EPSS
Exploits1References1
Rows per page
Query Builder