Lucene search
K

4048 matches found

CNNVD
CNNVD
added 2022/09/14 12:0 a.m.3 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. Adobe Experience Manager has a cross-site scripting vulnerability that could be exploited by attackers to steal a victim's cookie-based authentication...

5.4CVSS6.3AI score0.00524EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2022/09/02 12:0 a.m.90 views

WordPress Plugin Testimonial Slider and Showcase 2.2.6 - Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Testimonial Slider and Showcase 2.2.6 - Stored Cross-Site Scripting XSS Date: 05/08/2022 Exploit Author: saitamang , yunaranyancat , syad Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/plugins/testimonial-slider-and-showcase/ Version:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/09/02 12:0 a.m.59 views

WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting XSS Date: 08/08/2022 Exploit Author: saitamang, syad, yunaranyancat Vendor Homepage: wordpress.org Software Link: https://downloads.wordpress.org/plugin/netroics-blog-posts-grid.zip Version: 1.0 Tested on:...

7AI score
Exploits0
Prion
Prion
added 2022/08/29 4:15 p.m.20 views

Cross site scripting

HCL iNotes is susceptible to a Reflected Cross-site Scripting XSS vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser with...

5.8CVSS6.2AI score0.00553EPSS
Exploits0References1Affected Software2
Kitploit
Kitploit
added 2022/06/24 9:30 p.m.39 views

Authcov - Web App Authorisation Coverage Scanning

Web app authorisation coverage scanning. Introduction AuthCov crawls your web application using a Chrome headless browser while logged in as a pre-defined user. It intercepts and logs API requests as well as pages loaded during the crawling phase. In the next phase it logs in under a different us...

7.2AI score
Exploits0References5
CNNVD
CNNVD
added 2022/05/03 12:0 a.m.3 views

BlueCMS SQL注入漏洞

BlueCMS is a content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in BlueCMS version 1.6, which stems from a SQL injection vulnerability in cooike...

9.8CVSS8.6AI score0.01048EPSS
Exploits1References2
CNVD
CNVD
added 2022/04/26 12:0 a.m.24 views

ASUS RT-AX88U Cross-Site Scripting Vulnerability

ASUS RT-AX88U is a wireless router from ASUS China.The ASUS RT-AX88U has a security vulnerability that could be exploited by attackers to steal a victim's cookie-based authentication credentials...

5.4CVSS3.6AI score0.00554EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/04/22 12:0 a.m.3 views

IBM Cognos Analytics 跨站脚本漏洞

IBM Cognos Analytics is a suite of business intelligence software from IBM Corporation. IBM Cognos Analytics has a cross-site scripting vulnerability that could be exploited by an attacker to steal a victim's cookie-based authentication credentials...

5.4CVSS5.2AI score0.00903EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/04/05 12:0 a.m.3 views

JetBrains YouTrack 安全漏洞

JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. JetBrains YouTrack 2022.1.43563 previously contained a security vulnerability that could be exploited by attackers to steal a victim's cookie-based authentication credentials...

5.4CVSS5.6AI score0.0038EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2022/01/13 12:0 a.m.288 views

SalonERP 3.0.1 - 'sql' SQL Injection (Authenticated)

Exploit Title: SalonERP 3.0.1 - 'sql' SQL Injection Authenticated Exploit Author: Betul Denizler Vendor Homepage: https://salonerp.sourceforge.io/ Software Link: https://sourceforge.net/projects/salonerp/files/latest/download Version: SalonERP v3.0.1 Tested on: Ubuntu Mate 20.04 Vulnerable...

7.4AI score
Exploits0
Prion
Prion
added 2022/01/06 9:15 p.m.16 views

Input validation

Insta HMS before 12.4.10 is vulnerable to XSS because of improper validation of user-supplied input by multiple scripts. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the U...

4.3CVSS6.2AI score0.00852EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2022/01/05 12:0 a.m.16 views

WordPress Plugin PowerPack Addons for Elementor Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin PowerPack Addons for Elementor, which stems from the program failing to escape...

6.1CVSS6.1AI score0.00876EPSS
Exploits2References1
CNVD
CNVD
added 2022/01/05 12:0 a.m.20 views

WordPress Plugin Booster for WooCommerce Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Booster for WooCommerce. The vulnerability stems from the program not filterin...

6.1CVSS6.1AI score0.00757EPSS
Exploits2References1
CNVD
CNVD
added 2022/01/05 12:0 a.m.22 views

WordPress plugin LiteSpeed Cache cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress plugin LiteSpeed Cache versions prior to 4.4.4. The vulnerability stems from the program...

4.8CVSS5AI score0.00654EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/12/27 12:0 a.m.113 views

Ultimate FAQ < 2.1.2 - Subscriber+ Arbitrary FAQ Creation

The plugin does not have capability and CSRF checks in the ewdufaqwelcomeaddfaq and ewdufaqwelcomeaddfaqpage AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FAQ and FAQ questions...

5.7CVSS0.00426EPSS
Exploits2References1
0day.today
0day.today
added 2021/12/20 12:0 a.m.403 views

phpKF CMS 3.00 Beta y6 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: phpKF CMS 3.00 Beta y6 - Remote Code Execution RCE Unauthenticated Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.phpkf.com/ Software Link: https://www.phpkf.com/indirme.php Version: 3.00 Category: Webapps Tested on: Linux/Windows phpKF-CMS; It is a very popula...

0.4AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2021/11/25 5:6 p.m.37 views

Security Bulletin: Vulnerability in Dojo may affect IBM Cúram Social Program Management (CVE-2018-15494)

Summary IBM Cúram Social Program Management uses the Dojo libraries, for which there is a publicly known vulnerability. Dojo Toolkit is vulnerable to cross-site scripting attack, caused by improper validation of user-supplied input by the DataGrid component. Vulnerability Details CVEID:...

9.8CVSS0.8AI score0.02611EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2021/08/22 12:0 a.m.131 views

GSEOR <= 1.3 - Authenticated SQL Injection

A pageid GET parameter of the plugin is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. GET /wp-admin/admin.php?page=gseor.php&search=1&pageid=1%20AND%20SELECT%206449%20FROM%20SELECTSLEEP5wwdQ HTTP/1.1 Cache-Control: max-age=0...

7.2CVSS1.2AI score0.01467EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/07/25 12:0 a.m.3 views

NCH Quorum 跨站脚本漏洞

NCH Quorum is a teleconference server software. It can turn any computer into a conference call server. A cross-site scripting vulnerability exists in NCH Quorum, which could be exploited by attackers to steal cookie-based authentication credentials from victims...

5.4CVSS5.2AI score0.00589EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2021/07/09 1:44 p.m.103 views

Security Bulletin: A cross-site scripting vulnerability in JQuery affects IBM InfoSphere Information Server

Summary A cross-site scripting vulnerability in JQuery used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could explo...

6.1CVSS6.6AI score0.29726EPSS
Exploits2Affected Software1
Rows per page
Query Builder