CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

32 matches found

Github Security Blog•added 2026/02/03 12:30 a.m.•5 views

Subrion CMS vulnerable to cross-site scripting

Multiple reflected Cross-site Scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allow attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

6.1CVSS5.8AI score0.00016EPSS

Exploits1References3Affected Software1

Snyk•added 2026/02/03 12:30 a.m.•5 views

Cross-site Scripting (XSS)

Overview intelliants/subrion is an open source php content management system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the installation process when user-supplied input is injected into the dbuser, dbpwd, or dbname parameters. An attacker can execute...

6.1CVSS5.5AI score0.00016EPSS

Exploits1References2

OSV•added 2026/02/03 12:30 a.m.•1 views

GHSA-9JJM-MC56-3QXV Subrion CMS vulnerable to cross-site scripting

6.1CVSS5.8AI score0.00016EPSS

Exploits1References3

NVD•added 2026/02/02 11:16 p.m.•4 views

CVE-2025-70958

Multiple reflected cross-site scripting XSS vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters...

6.1CVSS0.00016EPSS

Exploits1References1

OSV•added 2026/02/02 11:16 p.m.•3 views

CVE-2025-70958

6.1CVSS5.5AI score0.00016EPSS

Exploits1References1

CVE•added 2026/02/02 12:0 a.m.•6 views

CVE-2025-70958

Subrion CMS v4.2.1 installation module is affected by multiple reflected XSS vulnerabilities. The issue allows an attacker to execute arbitrary JavaScript in the context of a user’s browser by injecting a crafted payload into the dbuser, dbpwd, or dbname parameters during installation. The CVE de...

6.1CVSS5.5AI score0.00016EPSS

Exploits1References1Affected Software1

RedhatCVE•added 2025/12/19 2:9 p.m.•1 views

CVE-2025-63948

A SQL Injection vulnerability exists in phpMsAdmin version 2.2 in the databasemode.php file. An attacker can execute arbitrary SQL commands via the dbname parameter, potentially leading to information disclosure or database manipulation...

5.4CVSS8AI score0.00034EPSS

Exploits1References1

OSV•added 2025/12/18 9:15 p.m.•0 views

CVE-2025-63947

A Reflected Cross-Site Scripting XSS vulnerability exists in phpMsAdmin version 2.2 in the databasemode.php file. An attacker can execute arbitrary web script or HTML via the dbname parameter after a user is authenticated...

5.4CVSS6AI score0.00024EPSS

Exploits0References2

Positive Technologies•added 2025/12/18 12:0 a.m.•2 views

PT-2025-52344

Name of the Vulnerable Software and Affected Versions phpMsAdmin version 2.2 Description A SQL Injection issue exists in the database mode.php file. An attacker can execute arbitrary SQL commands via the dbname parameter, potentially leading to information disclosure or database manipulation...

5.4CVSS8AI score0.00034EPSS

Exploits1References5

Positive Technologies•added 2025/12/18 12:0 a.m.•2 views

PT-2025-52343

Name of the Vulnerable Software and Affected Versions phpMsAdmin version 2.2 Description A Reflected Cross-Site Scripting XSS issue exists in the database mode.php file. After a user is authenticated, an attacker can execute arbitrary web script or HTML via the dbname parameter. Recommendations...

5.4CVSS5.6AI score0.00024EPSS

Exploits0References5

Vulnrichment•added 2025/12/18 12:0 a.m.•1 views

CVE-2025-63947

5.3AI score0.00024EPSS

Exploits0References2

Cvelist•added 2025/12/18 12:0 a.m.•13 views

CVE-2025-63947

0.00024EPSS

Exploits0References2

CVE•added 2025/12/18 12:0 a.m.•3 views

CVE-2025-63947

PHPMsAdmin 2.2 contains a reflected XSS in database_mode.php via the dbname parameter after authentication. The flaw allows execution of arbitrary script/HTML in the user context. Root cause: unfiltered dbname input. Impact is XSS with low confidentiality/integrity impact per provided metrics; no...

5.4CVSS5.3AI score0.00024EPSS

Exploits0References2Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2008-0136

Malware in sbrugna...

4.3CVSS6.1AI score0.01066EPSS

Exploits2References11

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2000-0286

Malware in sbrugna...

10CVSS6.4AI score0.05424EPSS

Exploits1References3

OSV•added 2025/06/03 2:15 p.m.•3 views

CVE-2025-46154

Foxcms v1.25 has a SQL time injection in the $POST'dbname' parameter of installdb.php...

8.4CVSS5.8AI score0.001EPSS

Exploits0References1

CNNVD•added 2025/06/03 12:0 a.m.•1 views

FoxCMS 安全漏洞

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS. A security vulnerability exists in FoxCMS v1.2.5, which is caused by SQL time injection in the $POST dbname parameter in installdb.php...

8.4CVSS7.7AI score0.001EPSS

Exploits0References2

SUSE CVE•added 2023/02/15 6:9 a.m.•2 views

SUSE CVE-2008-0123

Cross-site scripting XSS vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete...

4.3CVSS6.1AI score0.01066EPSS

Exploits2References4

OSV•added 2019/10/16 10:15 p.m.•0 views

CVE-2019-17608

HongCMS 3.0.0 has XSS via the install/index.php dbname parameter...

6.1CVSS6.4AI score

Exploits0References3

NVD•added 2019/10/16 10:15 p.m.•5 views

CVE-2019-17608

HongCMS 3.0.0 has XSS via the install/index.php dbname parameter...

6.1CVSS6.1AI score0.00419EPSS

Exploits1References3