Lucene search
K

13 matches found

EUVD
EUVD
added 2026/06/23 10:27 p.m.10 views

EUVD-2026-37954

phpMyFAQ: Missing userHasPermission in 4 API write endpoints CVE-2026-24421 Incomplete Fix...

6.5CVSS5.8AI score0.01734EPSS
Exploits3References3
CVE
CVE
added 2026/06/18 9:12 p.m.18 views

CVE-2026-49205

phpMyFAQ versions before 4.1.4 have Missing Authorization in the API CategoryController, where four write endpoints (POST /api/v4.0/category, POST /api/v4.0/faq, PUT /api/v4.0/faq, POST /api/v4.0/question) relied on a shared token check instead of per-user permissions. This allowed insufficient a...

6.5CVSS5.3AI score0.0024EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/21 10:12 p.m.6 views

CVE-2026-40926 WWBN AVideo Vulnerable to CSRF in Admin JSON Endpoints (Category CRUD, Plugin Update Script)

WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endpoints — objects/categoryAddNew.json.php, objects/categoryDelete.json.php, and objects/pluginRunUpdateScript.json.php — enforce only a role check Category::canCreateCategory / User::isAdmin and...

7.1CVSS5.9AI score0.00166EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/14 11:12 p.m.9 views

WWBN AVideo has Multiple CSRF Vulnerabilities in Admin JSON Endpoints (Category CRUD, Plugin Update Script)

Summary Three admin-only JSON endpoints — objects/categoryAddNew.json.php, objects/categoryDelete.json.php, and objects/pluginRunUpdateScript.json.php — enforce only a role check Category::canCreateCategory / User::isAdmin and perform state-changing actions against the database without calling...

7.1CVSS6.1AI score0.00166EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/05 6:30 p.m.6 views

GHSA-6W5W-JX4X-VJVW Microweber Cross-site Scripting vulnerability

There is a Cross-site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The...

6.3CVSS6.2AI score0.0027EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/02/05 6:30 p.m.7 views

Microweber Cross-site Scripting vulnerability

There is a Cross-site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The...

6.1CVSS6.2AI score0.0027EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/05 5:16 p.m.7 views

CVE-2025-70792

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was...

6.1CVSS6.1AI score
Exploits0References2
CVE
CVE
added 2026/02/05 12:0 a.m.11 views

CVE-2025-70792

A cross-site scripting vulnerability (CVE-2025-70792) affects Microweber up to version 2.0.19, exposed via the /admin/category/create endpoint. The root cause is unsanitized manipulation of the rel_id parameter in a crafted URL, which can lure an admin-privileged user to visit the page and trigge...

6.1CVSS6.1AI score0.0027EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/02/05 12:0 a.m.23 views

CVE-2025-70792

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was...

0.0027EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/05 12:0 a.m.7 views

CVE-2025-70792

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was...

6.1CVSS6.1AI score0.0027EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/05 12:0 a.m.4 views

CVE-2025-70792

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "relid" parameter in a crafted URL and lure a user with admin privileges into visiting it, achieving JavaScript code execution in the victim's browser. The issue was...

6.1AI score0.0027EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.6 views

Microweber 安全漏洞

Microweber is an open-source online store management system that provides drag-and-drop functionality. This system includes modules for adding products and images. Version 2.0.19 of Microweber has a security vulnerability. This vulnerability stems from the /admin/category/create endpoint, which...

6.1CVSS5.5AI score0.0027EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2025/05/19 12:0 a.m.88 views

📄 Economizzer 0.9-beta1 Cross Site Scripting

Economizzer version 0.9-beta1 suffers from multiple persistent cross site scripting vulnerabilities. A persistent cross-site scripting XSS vulnerability exists in gugoan's Economizzer v.0.9-beta1 The application fails to properly sanitize user-supplied input when creating a new cash book entry vi...

6.8AI score
Exploits0
Rows per page
Query Builder