Lucene search
K

360 matches found

CVE
CVE
added 2025/08/26 1:2 a.m.26 views

CVE-2025-9434

The CVE-2025-9434 issue affects 1000projects Online Project Report Submission and Evaluation System 1.0. A cross-site scripting vulnerability exists in the file path /admin/edit_title.php?id=1 when the desc parameter is manipulated. The vulnerability can be exploited remotely, and public disclosu...

6.1CVSS6.5AI score0.00337EPSS
Exploits1References4Affected Software1
Hacker One
Hacker One
added 2025/08/03 6:4 p.m.7 views

U.S. Dept Of Defense: Cross-Site Scripting via 'EVENT_DESCRIPTION' parameter

A Cross-Site Scripting XSS vulnerability was discovered in the POST method on the website, specifically through the EVENTDESCRIPTION parameter. Exploitation of this vulnerability could have led to severe consequences, including session hijacking. The vulnerability was caused by insufficient...

5.9AI score
Exploits0
CNVD
CNVD
added 2025/07/25 12:0 a.m.6 views

TOTOLINK A3300R Command Injection Vulnerability

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R version V17.0.0cu.596B20250515, which stems from the mac and desc parameters failing to correctly filter constructed command special characters, commands, a...

9.8CVSS7.9AI score0.05177EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/07/23 12:0 a.m.9 views

The vulnerability of the sub_4197C0() function in TOTOLINK A3300R router microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the sub4197C0 function in TOTOLINK A3300R router microprogramming systems is related to the lack of measures taken to neutralize special elements during the processing of mac and desc parameters. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

10CVSS5.9AI score0.05177EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/07/17 4:15 p.m.3 views

CVE-2025-52046

Totolink A3300R V17.0.0cu.596B20250515 was found to contain a command injection vulnerability in the sub4197C0 function via the mac and desc parameters. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request...

9.8CVSS6.1AI score0.05177EPSS
Exploits1References2
OSV
OSV
added 2025/07/14 1:15 a.m.5 views

CVE-2025-7558

A vulnerability was found in code-projects Voting System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/positionsadd.php. The manipulation of the argument description leads to sql injection. The attack may be launched remotely. The exploit...

8.8CVSS5.8AI score
Exploits0References5
CNVD
CNVD
added 2025/06/27 12:0 a.m.1 views

Notice Board System manage-notices.php file cross-site scripting vulnerability

Notice Board System is a bulletin board system. Notice Board System has a cross-site scripting vulnerability, the vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the parameters Title/Description in the file /admin/manage-notices.php, which can be...

5.4CVSS4.4AI score0.00222EPSS
Exploits0References1
CNVD
CNVD
added 2025/06/11 12:0 a.m.3 views

Complaint Management System /admin/edit-state.php File SQL Injection Vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter description in the /admin/edit-state.php file. An attacker can explo...

8.8CVSS8.2AI score0.00325EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.5 views

iSoluçõesWEB SoluçõesCoop 代码注入漏洞

iSoluçõesWEB SoluçõesCoop is a management system for iSoluçõesWEB in Brazil. A code injection vulnerability exists in iSoluçõesWEB SoluçõesCoop 20250519 and earlier versions, which results from a cross-site scripting attack due to incorrect manipulation of the Descrição da solicitação parameter o...

5.4CVSS4.7AI score0.00285EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/06/05 12:0 a.m.3 views

PHPGurukul Complaint Management System 注入漏洞

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter description in the /admin/edit-category.php file. An attacker can...

8.8CVSS8.1AI score0.00325EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/05/26 12:0 a.m.4 views

pixelimity 注入漏洞

pixelimity is pixelimity open source a content management system . pixelimity 1.0 version of an injection vulnerability , the vulnerability stems from the file /install/index.php parameter sitedescription in the wrong operation leads to SQL injection...

9.8CVSS5.6AI score0.00356EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 10:25 a.m.13 views

CVE-2024-40473

A Stored Cross Site Scripting XSS vulnerability was found in "managehouses.php" in SourceCodester Best House Rental Management System v1.0. It allows remote attackers to execute arbitrary code via "Houseno" and "Description" parameter fields...

5.4CVSS6.4AI score0.00604EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:17 a.m.6 views

CVE-2024-32745

A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRENT PAGE module...

5.9CVSS5.7AI score0.00316EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:0 a.m.4 views

CVE-2023-1593

A vulnerability, which was classified as problematic, has been found in SourceCodester Automatic Question Paper Generator System 1.0. This issue affects some unknown processing of the file classes/Master.php?f=saveclass. The manipulation of the argument description leads to cross site scripting...

6.1CVSS6.1AI score0.00388EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:5 p.m.9 views

CVE-2022-34561

A cross-site scripting XSS vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the video description parameter...

4.3CVSS5.8AI score0.00398EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:30 p.m.9 views

CVE-2022-22850

A Stored Cross Site Scripting XSS vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the description parameter in roomtypes...

5.4CVSS5.8AI score0.00654EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:45 p.m.7 views

CVE-2020-23052

Catalyst IT Ltd Mahara CMS v19.10.2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component groupfiles.php via the Number Nombre and Description Descripción parameters...

5.4CVSS6.3AI score0.00576EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 10:2 a.m.6 views

CVE-2019-17491

Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemdescription parameter to web/admin/problem/create or web/polygon/problem/update...

6.1CVSS5.9AI score0.01058EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:24 a.m.10 views

CVE-2018-20601

UCMS 1.4.7 has XSS via the description parameter in an index.php listeditpost action...

4.8CVSS5.9AI score0.00559EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/20 12:0 a.m.6 views

Intelbras RF 301K 代码注入漏洞

The Intelbras RF 301K is a wireless router from Intelbras Brazil. A code injection vulnerability exists in the Intelbras RF 301K version 1.1.5, which stems from the Add Static IP component mishandling the parameter Description, which could lead to a cross-site scripting attack...

4.8CVSS4.3AI score0.00258EPSS
Exploits0References3
Rows per page
Query Builder