Lucene search
K

79 matches found

CNNVD
CNNVD
added 2025/04/20 12:0 a.m.6 views

SourceCodester Web-based Pharmacy Product Management System 代码注入漏洞

SourceCodester Web-based Pharmacy Product Management System is a SourceCodester open source Web-based pharmacy product management system. A code injection vulnerability exists in version 1.0 of the SourceCodester Web-based Pharmacy Product Management System due to a code injection of the paramete...

5.4CVSS4.3AI score0.0037EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/05/08 12:0 a.m.3 views

Prison Management System 跨站脚本漏洞

Prison Management System is a prison management system by the individual developer Carlo Montero. A cross-site scripting vulnerability exists in SourceCodester Prison Management System version 1.0, which stems from /Admin/changepassword.php containing unknown processing, which leads to cross-site...

5.4CVSS4.3AI score0.00478EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2023/09/26 12:0 a.m.7 views

The vulnerability of the auth_changepassword.php component of the Cacti network monitoring software allows a attacker to perform XSS attacks.

The vulnerability of the authchangepassword.php component of the Cacti network monitoring software is related to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

10CVSS6.2AI score0.00719EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/08/22 7:16 p.m.1 views

DEBIAN-CVE-2022-48547

A reflected cross-site scripting XSS vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at authchangepassword.php...

6.1CVSS6.1AI score0.00719EPSS
Exploits1References1
OSV
OSV
added 2023/08/22 7:16 p.m.11 views

UBUNTU-CVE-2022-48547

A reflected cross-site scripting XSS vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at authchangepassword.php...

6.1CVSS5.8AI score0.00719EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/08/22 12:0 a.m.6 views

Cacti 跨站脚本漏洞

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. A cross-site scripting vulnerability exists in Cacti 0.8.7g and earlier...

6.1CVSS6.1AI score0.00719EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:44 a.m.34 views

SUSE CVE-2021-26247

As an unauthenticated remote user, visit "http:///authchangepassword.php?ref=alert1" to successfully execute the JavaScript payload present in the "ref" URL parameter...

6.1CVSS6.4AI score0.07124EPSS
Exploits0References3
OSV
OSV
added 2023/02/02 9:15 a.m.5 views

CVE-2023-0641

A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password...

9.1CVSS4.7AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/02/02 12:0 a.m.6 views

PT-2023-16418 · Unknown · Phpgurukul Employee Leaves Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Employee Leaves Management System version 1.0 Description: A vulnerability was found in the PHPGurukul Employee Leaves Management System, affecting an unknown functionality of the file changepassword.php. The manipulation of the...

9.1CVSS4.7AI score0.01005EPSS
Exploits1References6
CNNVD
CNNVD
added 2023/01/11 12:0 a.m.6 views

Lead Management System SQL注入漏洞

Lead management system is a lead management system developed by Mayuri K. The Lead Management System v1.0 version is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in the userid parameter of changePassword.php. An attacker could use this...

9.8CVSS7.7AI score0.00872EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/10/20 12:0 a.m.4 views

nopCommerce 输入验证错误漏洞

nopCommerce is an open source general purpose e-commerce platform. A security vulnerability exists in nopCommerce versions 4.10 to 4.50.1, which is caused by an open redirection in the ChangePassword function, SignInCustomerAsync function, SuccessAuthentication method, and NopRedirectResultExecut...

6.1CVSS6.2AI score0.00652EPSS
Exploits1References3
OSV
OSV
added 2022/01/19 9:15 p.m.3 views

DEBIAN-CVE-2021-26247

As an unauthenticated remote user, visit "http:///authchangepassword.php?ref=alert1" to successfully execute the JavaScript payload present in the "ref" URL parameter...

6.1CVSS6.3AI score0.07124EPSS
Exploits0References1
NVD
NVD
added 2021/12/20 9:15 a.m.27 views

CVE-2021-44554

Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS Windows through the /changePassword URI. By accessing the vector, an attacker can determine if a username exists thanks to the message returned; it can be presented in different languages according to...

5.3CVSS0.01029EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/12/20 8:31 a.m.29 views

CVE-2021-44554

Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS Windows through the /changePassword URI. By accessing the vector, an attacker can determine if a username exists thanks to the message returned; it can be presented in different languages according to...

5.5AI score0.01029EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/12/20 12:0 a.m.6 views

Cybele Software Thinfinity VirtualUI 代码问题漏洞

Cybele Software Thinfinity VirtualUI is a solution from Cybele Software, Inc. that supports embedding remote Windows applications into standard web applications to allow two-way interaction with Javascript programming. A code issue vulnerability exists in Thinfinity VirtualUI because the product...

5.3CVSS5.9AI score0.01029EPSS
Exploits1References2
NVD
NVD
added 2021/12/13 2:15 a.m.16 views

CVE-2021-44848

In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists...

5.3CVSS0.23141EPSS
Exploits4References2
Prion
Prion
added 2021/12/13 2:15 a.m.13 views

Authentication flaw

In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists...

5CVSS5.8AI score0.23141EPSS
Exploits4References2Affected Software1
CVE
CVE
added 2021/12/13 1:8 a.m.76 views

CVE-2021-44848

Thinfinity VirtualUI (before 3.0) has a user-enumeration flaw in /changePassword: responses differ based on whether the username exists, enabling an attacker to determine valid usernames (e.g., Administrator, Guest). This credential disclosure stems from the authentication response behavior and i...

5.3CVSS5.7AI score0.23141EPSS
Exploits4References2Affected Software1
Packet Storm
Packet Storm
added 2020/07/09 12:0 a.m.209 views

BSA Radar 1.6.7234.24750 Cross Site Request Forgery

Exploit title: BSA Radar 1.6.7234.24750 - Cross-Site Request Forgery Change Password Exploit Author: William Summerhill Date: 2020-06-22 Vendor Homepage:bhttps://www.globalradar.com/ Version: BSA Radar - Version 1.6.7234.24750 and lower CVE: CVE-2020-14944 Description: The Global RADAR BSA Radar...

7.5CVSS0.5AI score0.06338EPSS
Exploits6
0day.today
0day.today
added 2020/07/08 12:0 a.m.172 views

BSA Radar 1.6.7234.24750 - Cross-Site Request Forgery (Change Password) Vulnerability

Exploit for hardware platform in category web applications Exploit title: BSA Radar 1.6.7234.24750 - Cross-Site Request Forgery Change Password Exploit Author: William Summerhill Vendor Homepage:bhttps://www.globalradar.com/ Version: BSA Radar - Version 1.6.7234.24750 and lower CVE: CVE-2020-1494...

7.5CVSS0.4AI score0.06338EPSS
Exploits6
Rows per page
Query Builder