6052 matches found
CVE-2020-35127
Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS...
CVE-2020-23039
Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting XSS vulnerability in the Create Folder function under the 'create' module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload as a path or folder name...
CVE-2016-10716
The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS via the Name field in a Create Calender action, related to a MailRuCalendar.jspaperiod/month URI...
CVE-2019-5955
CREATE SD official App for Android version 1.0.2 and earlier allows remote attackers to bypass access restriction to lead a user to access an arbitrary website via vulnerable application and conduct phishing attacks...
CVE-2019-14987
Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions...
CVE-2013-3742
Cross-site scripting XSS vulnerability in viewcreate.php aka the Create View page in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message...
CVE-2018-17556
MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action...
CVE-2018-20874
cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface SEC-428...
CVE-2017-8930
Multiple cross-site request forgery CSRF vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can 1 create new administrator user accounts and take over the entire application, 2 create regular user accounts, or 3 change...
CVE-2016-10715
The Artezio Kanban Board plugin 1.4 revision 1914 for Atlassian Jira has XSS via the Board Name in a Create New Board action, related to an artezioboard/mainPage.jspa?kanbanId=7/kanban-view URI...
CVE-2011-4453
The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP createfunction function...
CVE-2018-20919
cPanel before 70.0.23 allows stored XSS via a WHM Create Account action SEC-373...
CVE-2010-5315
Multiple cross-site request forgery CSRF vulnerabilities in BEdita before 3.1 allow remote attackers to hijack the authentication of administrators for requests that 1 create categories via a data array to news/saveCategories or 2 modify credentials via a data array to admin/saveUser...
CVE-2008-7046
AJ Square Free Polling Script AJPoll allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045. NOTE: the provenance of this information is unknown; the details are obtained solely from third part...
CVE-1999-0960
IRIX cdplayer allows local users to create directories in arbitrary locations via a command line option...
Malicious code in create-qr-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 58919bf64984f8dcdd4ec2802325f47fd7ef1a21aa8f1cb4d9c64549054122bc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
SUSE CVE-2025-37974
In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix missing check for zpcicreatedevice error return The zpcicreatedevice function returns an error pointer that needs to be checked before dereferencing it as a struct zpcidev pointer. Add the missing check in clpadd...
DEBIAN-CVE-2025-37974
In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix missing check for zpcicreatedevice error return The zpcicreatedevice function returns an error pointer that needs to be checked before dereferencing it as a struct zpcidev pointer. Add the missing check in clpadd...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unchecked zpcicreatedevice error return that could result in a null pointer dereference...
📄 Economizzer 0.9-beta1 Cross Site Scripting
Economizzer version 0.9-beta1 suffers from multiple persistent cross site scripting vulnerabilities. A persistent cross-site scripting XSS vulnerability exists in gugoan's Economizzer v.0.9-beta1 The application fails to properly sanitize user-supplied input when creating a new cash book entry vi...