Lucene search
K

85 matches found

Vulnrichment
Vulnrichment
added 2025/05/22 5:33 p.m.8 views

CVE-2025-48369 GroupOffice vulnerable to Stored XSS in Tasks Comment Section

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a persistent Cross-Site Scripting XSS vulnerability exists in Groupoffice's tasks comment functionality, allowing attackers to execute arbitrary JavaScript by uploading an fil...

6.3CVSS5.2AI score0.00214EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:4 p.m.8 views

CVE-2020-19290

A stored cross-site scripting XSS vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment section...

5.4CVSS5.5AI score0.00545EPSS
Exploits1
NVD
NVD
added 2024/09/19 11:15 p.m.26 views

CVE-2024-9008

A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. This vulnerability affects unknown code of the file /news-details.php of the component Comment Section. The manipulation of the argument name leads to sql injection. The attack can be initiated remotel...

9.8CVSS0.00644EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/09/19 11:0 p.m.23 views

CVE-2024-9008 SourceCodester Best Online News Portal Comment Section news-details.php sql injection

A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. This vulnerability affects unknown code of the file /news-details.php of the component Comment Section. The manipulation of the argument name leads to sql injection. The attack can be initiated remotel...

6.5CVSS0.00644EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/09/19 11:0 p.m.11 views

CVE-2024-9008 SourceCodester Best Online News Portal Comment Section news-details.php sql injection

A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. This vulnerability affects unknown code of the file /news-details.php of the component Comment Section. The manipulation of the argument name leads to sql injection. The attack can be initiated remotel...

6.5CVSS7.5AI score0.00644EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/09/19 12:0 a.m.11 views

PT-2024-39363 · Unknown · Sourcecodester Best Online News Portal

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Online News Portal version 1.0 Description: A critical vulnerability was found in the Comment Section of the SourceCodester Best Online News Portal. The issue affects unknown code in the file /news-details.php. The...

9.8CVSS8.3AI score0.00644EPSS
Exploits1References11
Veracode
Veracode
added 2023/08/03 5:19 a.m.25 views

Cross-Site Scripting (XSS)

github.com/answerdev/answer is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the comment section of index.tsx, allowing an attacker to inject and execute malicious javascript...

5.4CVSS6.6AI score0.0044EPSS
Exploits1References6Affected Software1
Packet Storm
Packet Storm
added 2023/06/23 12:0 a.m.378 views

fastCMS Blogging 3.1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Veracode
Veracode
added 2022/11/29 3:1 a.m.14 views

Cross-site Scripting (XSS)

backdrop/backdrop is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the comment section in the library, allowing an attacker to inject and execute malicious javascript...

4.8CVSS5.3AI score0.00774EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/15 2:24 p.m.5 views

CVE-2022-42000 Potential XSS in comment section

Cross-site Scripting XSS vulnerability in BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage...

3.3CVSS5.3AI score0.00255EPSS
Exploits0References1
NVD
NVD
added 2022/08/29 6:15 p.m.17 views

CVE-2022-1663

The Stop Spam Comments WordPress plugin through 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request...

6.5CVSS0.00546EPSS
Exploits2References1
Prion
Prion
added 2022/08/29 6:15 p.m.17 views

Cross site request forgery (csrf)

The Stop Spam Comments WordPress plugin through 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request...

6.4CVSS6.5AI score0.00546EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/08/29 2:40 p.m.13 views

CVE-2022-1663 Stop Spam Comments <= 0.2.1.2 - Access Token Bypass

The Stop Spam Comments WordPress plugin through 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request...

6.7AI score0.00546EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2022/08/08 12:0 a.m.18 views

Stop Spam Comments <= 0.2.1.2 - Access Token Bypass

The plugin does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request. PoC Collect the name and value of ssckey for the target post and use it on the request. curl...

6.5CVSS2.3AI score0.00546EPSS
Exploits2Affected Software1
NVD
NVD
added 2022/06/16 5:15 p.m.24 views

CVE-2022-31298

A cross-site scripting vulnerability in the ads comment section of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...

5.4CVSS0.01149EPSS
Exploits1References3
OSV
OSV
added 2022/06/16 5:15 p.m.4 views

CVE-2022-31298

A cross-site scripting vulnerability in the ads comment section of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...

5.4CVSS6.2AI score0.01149EPSS
Exploits1References3
Prion
Prion
added 2022/06/16 5:15 p.m.17 views

Cross site scripting

A cross-site scripting vulnerability in the ads comment section of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...

3.5CVSS5.4AI score0.01149EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/01/03 12:0 a.m.7 views

PT-2022-9493 · WordPress · Stars Rating Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Stars Rating WordPress plugin versions prior to 3.5.1 Description: The issue allows submission of a long integer, causing a Denial of Service in the comments section or pending comment dashboard, depending on whether the user sent it as...

7.5CVSS7.5AI score0.01553EPSS
Exploits2References5
Prion
Prion
added 2021/09/09 11:15 p.m.13 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in the /weibo/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Weibo comment section...

3.5CVSS5.2AI score0.00545EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/04/30 9:15 p.m.4 views

CVE-2021-21544

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user...

2.7CVSS5.8AI score0.00921EPSS
Exploits0References1
Rows per page
Query Builder