Lucene search
K

7 matches found

Cvelist
Cvelist
added 2022/07/17 10:36 a.m.19 views

CVE-2022-2151 Best Contact Management Software <= 3.7.3 - Admin+ Stored Cross-Site Scripting

The Best Contact Management Software WordPress plugin through 3.7.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5AI score0.00493EPSS
Exploits2References1
CVE
CVE
added 2022/07/17 10:36 a.m.65 views

CVE-2022-2151

CVE-2022-2151 affects the WordPress plugin “Best Contact Management Software” up to version 3.7.3. The issue is a failure to sanitize/escape certain plugin settings, enabling stored cross-site scripting (XSS) by high-privilege users (e.g., admin) even when unfiltered_html is disallowed. The vulne...

4.8CVSS4.7AI score0.00493EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/21 12:0 a.m.23 views

Best Contact Management Software <= 3.7.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the "No Access Message" settings...

4.8CVSS3.2AI score0.00493EPSS
Exploits2Affected Software1
Prion
Prion
added 2009/03/02 7:30 p.m.12 views

Sql injection

SQL injection vulnerability in asadmin/default.asp in Rae Media Contact Management Software SOHO, Standard, and Enterprise allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information...

7.5CVSS9.1AI score0.00973EPSS
Exploits1References3
NVD
NVD
added 2009/03/02 7:30 p.m.14 views

CVE-2008-6389

SQL injection vulnerability in asadmin/default.asp in Rae Media Contact Management Software SOHO, Standard, and Enterprise allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information...

7.5CVSS8.4AI score0.00973EPSS
Exploits1References3
CVE
CVE
added 2009/03/02 7:0 p.m.47 views

CVE-2008-6389

The CVE-2008-6389 entry concerns a SQL injection in Rae Media Contact Management Software (SOHO, Standard, Enterprise) via asadmin/default.asp, exploited through the Password parameter. Root cause: improper handling of input in the Password field leads to arbitrary SQL execution by remote attacke...

7.5CVSS8.7AI score0.00973EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2009/03/02 7:0 p.m.25 views

CVE-2008-6389

SQL injection vulnerability in asadmin/default.asp in Rae Media Contact Management Software SOHO, Standard, and Enterprise allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information...

8.4AI score0.00973EPSS
Exploits1References3
Rows per page
Query Builder