CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

124 matches found

NVD•added 2023/03/22 2:15 p.m.•15 views

CVE-2023-1569

A vulnerability classified as problematic was found in SourceCodester E-Commerce System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/user/controller.php?action=edit. The manipulation of the argument UNAME with the input alert'1' leads to cross site scripting...

5.4CVSS4.2AI score0.00195EPSS

Exploits1References2

Cvelist•added 2023/03/22 2:0 p.m.•16 views

CVE-2023-1569 SourceCodester E-Commerce System cross site scripting

4CVSS5.5AI score0.00195EPSS

Exploits1References2

NVD•added 2023/03/20 10:15 a.m.•13 views

CVE-2023-1507

A vulnerability has been found in SourceCodester E-Commerce System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /ecommerce/admin/category/controller.php of the component Category Name Handler. The manipulation of the argument CATEGORY...

6.1CVSS4.5AI score0.00195EPSS

Exploits0References2

Prion•added 2023/03/20 10:15 a.m.•19 views

Cross site scripting

4CVSS6AI score0.00195EPSS

Exploits0References2Affected Software1

Prion•added 2023/03/12 8:15 a.m.•12 views

Cross site scripting

A vulnerability has been found in SourceCodester Gadget Works Online Ordering System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /philosophy/admin/user/controller.php?action=add of the component Add New User. The manipulation of the argument UNAME leads ...

3.3CVSS5AI score0.00302EPSS

Exploits1References3Affected Software1

Prion•added 2023/02/18 2:15 a.m.•10 views

Cross site scripting

Cross Site Scripting XSS vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'name' and 'email' parameters, allows attackers to execute arbitrary code...

4.9CVSS5.5AI score0.0066EPSS

Exploits1References3Affected Software1

Cvelist•added 2023/02/18 12:0 a.m.•16 views

CVE-2022-40348

Cross Site Scripting XSS vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'name' and 'email' parameters, allows attackers to execute arbitrary code...

5.7AI score0.0066EPSS

Exploits1References3

CVE•added 2023/02/18 12:0 a.m.•41 views

CVE-2022-40348

CVE-2022-40348 affects Intern Record System v1.0, vulnerable in /intern/controller.php where the name and email fields are unsafely handled, allowing stored/reflected XSS to trigger arbitrary script execution in the context of the affected site. Public references (NVD/Red Hat/CVE listings) descri...

5.4CVSS5.5AI score0.0066EPSS

Exploits1References3Affected Software1

NVD•added 2023/02/17 1:15 p.m.•8 views

CVE-2022-40347

SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information...

9.8CVSS10AI score0.05824EPSS

Exploits5References4

Prion•added 2023/02/17 1:15 p.m.•13 views

Sql injection

7.5CVSS10AI score0.05824EPSS

Exploits5References4Affected Software1

Cvelist•added 2023/02/17 12:0 a.m.•16 views

CVE-2022-40347

10AI score0.05824EPSS

Exploits5References4

Veracode•added 2023/01/12 9:2 a.m.•8 views

Cross-site Scripting (XSS)

phpxmlrpc/phpxmlrpc is vulnerable to cross-site scripting attacks. Since the debugger is not designed to be exposed to end users or web requests it is possible for remote attackers to inject and execute malicious JavaScript via the activateeditor function of controller.php...

4.9AI score

Exploits0

Veracode•added 2022/11/16 4:33 a.m.•17 views

Denial Of Service (DoS)

Concrete CMS is vulnerable to denial of service.The vulnerability exists in multiple functions of controller.php due to insufficient validation of user-supplied input within the forever cookie which allows an attacker to crash the application via malicious input...

6.5CVSS6.1AI score0.00797EPSS

Exploits0References11Affected Software2

NVD•added 2022/09/09 3:15 p.m.•14 views

CVE-2022-37299

An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php...

6.5CVSS0.17061EPSS

Exploits1References1

Cvelist•added 2022/09/09 2:10 p.m.•21 views

CVE-2022-37299

An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php...

6.6AI score0.17061EPSS

Exploits1References1

CNNVD•added 2022/03/30 12:0 a.m.•2 views

OpenEMR 跨站脚本漏洞

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. cross-site scripting vulnerabilities exist in versions of OpenEMR prior to...

7.3CVSS5.2AI score0.13658EPSS

Exploits2References4