Lucene search
K

341361 matches found

Nuclei
Nuclei
added 9 hours ago30 views

WebsitePanel before v1.2.2.1 - Open Redirect

Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx id: CVE-2012-4032 info: name: WebsitePanel before v1.2.2.1 - Open Redirect author:...

5.8CVSS6.1AI score0.07304EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago58 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 is vulnerable to reflected cross-site Scripting via assets/edit/ip-address.php. id: CVE-2018-19137 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 is vulnerable to reflected cross-site Scripting via...

6.1CVSS6.7AI score0.02891EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago25 views

DOMOS 5.5 - Local File Inclusion

SECUDOS DOMOS before 5.6 allows local file inclusion via the log module. id: CVE-2019-18665 info: name: DOMOS 5.5 - Local File Inclusion author: 0xAkoko severity: high description: | SECUDOS DOMOS before 5.6 allows local file inclusion via the log module. impact: | Successful exploitation of this...

7.5CVSS7.1AI score0.14855EPSS
Exploits0References5
Nuclei
Nuclei
added 9 hours ago30 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS6AI score0.01331EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago66 views

QCube Cross-Site-Scripting

A reflected cross-site scripting vulnerability in qcubed all versions including 3.1.1 in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users. id: CVE-2020-24912 info: name: QCube Cross-Site-Scripting author: pikpikcu severity: medium...

6.1CVSS6.8AI score0.06289EPSS
Exploits3References5
Nuclei
Nuclei
added 9 hours ago57 views

PMB 7.4.6 - Cross-Site Scripting

PMB 7.4.6 contains a cross-site scripting vulnerability via the query parameter at /admin/convert/exportz3950new.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authenticatio...

6.1CVSS6.4AI score0.01169EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago55 views

PowerJob <=4.3.2 - Unauthenticated Access

PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. id: CVE-2023-29923 info: name: PowerJob =4.3.2 - Unauthenticated Access author: For3stCo1d severity: medium description: | PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. impact: ...

5.3CVSS6.1AI score0.09545EPSS
Exploits2References5
Nuclei
Nuclei
added 9 hours ago56 views

EpiServer Find <13.2.7 - Open Redirect

EpiServer Find before 13.2.7 contains an open redirect vulnerability via the tredirect parameter in a crafted URL, such as a /findv2/click URL. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id:...

6.1CVSS6.3AI score0.0474EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago59 views

OpenDreambox 2.0.0 - Remote Code Execution

OpenDreambox 2.0.0 is susceptible to remote code execution via the webadmin plugin. Remote attackers can execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI in enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py. id: CVE-2017-14135 info: nam...

10CVSS8AI score0.21842EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago39 views

HPE System Management - Cross-Site Scripting

HPE System Management contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other...

5.4CVSS6.7AI score0.04601EPSS
Exploits2References5
Nuclei
Nuclei
added 9 hours ago79 views

WordPress Pie-Register <2.0.19 - Cross-Site Scripting

WordPress Pie Register before 2.0.19 contains a reflected cross-site scripting vulnerability in pie-register/pie-register.php which allows remote attackers to inject arbitrary web script or HTML via the invitaioncode parameter in a pie-register page to the default URL. id: CVE-2015-7377 info: nam...

4.3CVSS6AI score0.04405EPSS
Exploits3References5
Nuclei
Nuclei
added 9 hours ago36 views

DedeCMS v5.7.111 - Cross-Site Scripting

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting XSS vulnerability via the component selectmediapostwangEditor.php. id: CVE-2023-49494 info: name: DedeCMS v5.7.111 - Cross-Site Scripting author: ritikchaddha severity: medium description: | DedeCMS v5.7.111 was discover...

6.1CVSS6.2AI score0.01176EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago43 views

Online Fire Reporting System v1.0 - SQL injection

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manageuser&id=. id: CVE-2022-31975 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL...

7.2CVSS7.1AI score0.04863EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago52 views

Atom CMS v2.0 - SQL Injection

Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php. id: CVE-2022-25488 info: name: Atom CMS v2.0 - SQL Injection author: theamanrawat severity: critical description: | Atom CMS v2.0 was discovered to contain a SQL injection...

9.8CVSS7.2AI score0.07148EPSS
Exploits1References4
Nuclei
Nuclei
added 9 hours ago32 views

Lantronix SecureLinx Spider (SLS) 2.2+ - Cross-Site Scripting

Lantronix SecureLinx Spider SLS 2.2+ devices have XSS in the auth.asp login page. id: CVE-2018-10383 info: name: Lantronix SecureLinx Spider SLS 2.2+ - Cross-Site Scripting author: ritikchaddha severity: medium description: | Lantronix SecureLinx Spider SLS 2.2+ devices have XSS in the auth.asp...

6.1CVSS6.4AI score0.01912EPSS
Exploits0References2
Nuclei
Nuclei
added 9 hours ago25 views

SolarView 6.00 - Remote Command Execution

SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. id: CVE-2022-40881 info: name: SolarView 6.00 - Remote Command Execution author: For3stCo1d severity: critical description: | SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. impact: |...

9.8CVSS7.2AI score0.29451EPSS
Exploits2References5
Nuclei
Nuclei
added 9 hours ago1013 views

Moodle LTI module Reflected - Cross-Site Scripting

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...

6.1CVSS6.5AI score0.03747EPSS
Exploits0References5
Nuclei
Nuclei
added 9 hours ago48 views

WordPress Feed Them Social <3.0.1 - Cross-Site Scripting

WordPress Feed Them Social plugin before 3.0.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before outputting it back in the page. id: CVE-2022-2383 info: name: WordPress Feed Them Social 3.0.1 - Cross-Site Scripting author: akincibor...

6.1CVSS6.3AI score0.04873EPSS
Exploits2References5
Nuclei
Nuclei
added 9 hours ago77 views

Rukovoditel <= 3.2.1 - Cross Site Scripting

A stored cross-site scripting XSS vulnerability in the Global Entities feature /index.php?module=entities/entities of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New Entity"...

5.4CVSS6.2AI score0.00874EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago21 views

Chaty < 2.8.2 - Cross-Site Scripting

The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting. id: CVE-2021-25016 info: name: Chaty 2.8.2 - Cross-Site Scripting...

6.1CVSS6.4AI score0.01806EPSS
Exploits2References3
Rows per page
Query Builder