Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

25 matches found

Positive Technologies
Positive Technologiesadded 2026/05/10 12:0 a.m.7 views

PT-2026-39492

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the tickets/manage module. The date created, date from, date to, and created at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET...

6.1CVSS5.7AI score0.00042EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/02/12 12:0 a.m.2 views

More reporting GLPI plugin SQL注入漏洞

The More Reporting GLPI plugin is an open-source report generation plugin developed by GLPI Project Plugins. Versions of the More Reporting GLPI plugin prior to 1.9.4 contained a SQL injection vulnerability, which stemmed from SQL injection issues when date fields were modified...

6.5CVSS5.9AI score0.00045EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/10/30 12:0 a.m.2 views

PT-2025-44539

Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting XSS via the Reports interface through values from the startdate and enddate fields. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a...

5.4CVSS6.2AI score0.00501EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2002-1034

Malware in sbrugna...

5CVSS6.4AI score0.01317EPSS
Exploits1References4
CNVD
CNVDadded 2025/08/20 12:0 a.m.1 views

Visitor Management System query_data.php File SQL Injection Vulnerability

Visitor Management System is a visitor access management system. Visitor Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter dateF/dateP in the file /querydata.php. An attacker can exploit...

9.8CVSS8.2AI score0.00089EPSS
Exploits0References1
CVE
CVEadded 2025/08/14 6:32 a.m.8 views

CVE-2025-8947

CVE-2025-8947 concerns the projectworlds Visitor Management System 1.0. The vulnerability lies in the /query_data.php processing of the dateF/dateP parameters, where unsafely built SQL queries allow an attacker to perform SQL injection. Public disclosure indicates remote exploitation and potentia...

9.8CVSS7.6AI score0.00089EPSS
Exploits0References6Affected Software1
CNNVD
CNNVDadded 2025/08/14 12:0 a.m.2 views

Projectworlds Visitor Management System 注入漏洞

Visitor Management System is a visitor access management system. Visitor Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter dateF/dateP in the file /querydata.php. An attacker can exploit...

9.8CVSS8.1AI score0.00089EPSS
Exploits0References6
CNNVD
CNNVDadded 2024/04/08 12:0 a.m.1 views

Prison Management System 跨站脚本漏洞

Prison Management System is a prison management system by the individual developer Carlo Montero. A cross-site scripting vulnerability exists in SourceCodester Prison Management System version 1.0, which stems from a cross-site scripting XSS vulnerability in the parameters txtstartdate/txttenddat...

5.4CVSS4.5AI score0.0007EPSS
Exploits1References5
OSV
OSVadded 2024/02/23 3:15 p.m.0 views

CVE-2024-22776

Wallos 0.9 is vulnerable to Cross Site Scripting XSS in all text-based input fields without proper validation, excluding those requiring specific formats like date fields...

4.7CVSS5.8AI score0.00125EPSS
Exploits1References2
CNVD
CNVDadded 2021/12/02 12:0 a.m.6 views

Business-Dna Solution GmbH TopEase Input Validation Error Vulnerability (CNVD-2021-95576)

Business-Dna Solution GmbH TopEase is a "Transformational Risk" solution from Business-Dna Solution GmbH, Switzerland. It is used to manage complex projects and initiatives comprehensively, simply, quickly and securely. An input validation error vulnerability exists in Business-Dna Solution GmbH...

4.3CVSS6.9AI score0.00367EPSS
Exploits0References1
OSV
OSVadded 2021/11/30 12:15 p.m.0 views

CVE-2021-42121

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 on an object’s date attributes allows an authenticated remote attacker with Object Modification privileges to insert an unexpected format into date fields, which leads t...

4.3CVSS5.8AI score
Exploits0References1
CNNVD
CNNVDadded 2021/11/30 12:0 a.m.0 views

Business-Dna Solution GmbH TopEase 输入验证错误漏洞

Business-Dna Solution GmbH TopEase is a "Transformational Risk" solution from Business-Dna Solution GmbH, Switzerland. It is used to manage complex projects and initiatives comprehensively, simply, quickly and securely. An input validation error vulnerability exists in Business-Dna Solution GmbH...

4.3CVSS5.7AI score0.00367EPSS
Exploits0References2
NVD
NVDadded 2020/02/06 2:15 p.m.10 views

CVE-2012-2593

Cross-site scripting XSS vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email...

6.1CVSS6.1AI score0.05663EPSS
Exploits2References2
Prion
Prionadded 2020/02/06 2:15 p.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email...

4.3CVSS6.1AI score0.05663EPSS
Exploits2References2Affected Software1
Cvelist
Cvelistadded 2020/02/06 1:47 p.m.14 views

CVE-2012-2593

Cross-site scripting XSS vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email...

6.1AI score0.05663EPSS
Exploits2References2
Prion
Prionadded 2014/10/20 5:55 p.m.20 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Date module before 7.x-2.8 for Drupal allows remote authenticated users with the permission to create a date field to inject arbitrary web script or HTML via the date field title...

3.5CVSS5.6AI score0.00208EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2014/10/20 5:0 p.m.16 views

CVE-2014-5169

Cross-site scripting XSS vulnerability in the Date module before 7.x-2.8 for Drupal allows remote authenticated users with the permission to create a date field to inject arbitrary web script or HTML via the date field title...

5.2AI score0.00208EPSS
Exploits0References5
NVD
NVDadded 2014/06/20 2:55 p.m.9 views

CVE-2012-2591

Multiple cross-site scripting XSS vulnerabilities in EmailArchitect Email Server 10.0 and 10.0.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 From or 2 Date field in an email...

4.3CVSS5.8AI score0.0567EPSS
Exploits2References6
Prion
Prionadded 2014/06/20 2:55 p.m.10 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in EmailArchitect Email Server 10.0 and 10.0.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 From or 2 Date field in an email...

4.3CVSS6.1AI score0.0567EPSS
Exploits2References6Affected Software1
NVD
NVDadded 2013/11/14 8:55 p.m.9 views

CVE-2013-6793

Multiple cross-site scripting XSS vulnerabilities in the Calendar module in Olat 7.8.0.1 b20130821 N1 allow remote attackers to inject arbitrary web script or HTML via the 1 event name or 2 date field...

4.3CVSS5.8AI score0.08266EPSS
Exploits1References5
Rows per page
Query Builder