CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

Positive Technologies•added 2024/12/27 12:0 a.m.•2 views

PT-2024-36822 · Linkace · Linkace

Name of the Vulnerable Software and Affected Versions: LinkAce versions prior to 1.15.6 Description: A reflected cross-site scripting XSS issue exists in the "URL" field of the "Edit Link" module, where user input is not properly sanitized or encoded before being reflected in the HTML response...

4.6CVSS6.2AI score0.01265EPSS

Exploits1References8

wpexploit•added 2023/10/16 12:0 a.m.•142 views

URL Shortify < 1.7.9.1 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Multiple parameters in the plugin's...

4.8CVSS5AI score0.00097EPSS

Exploits2

CNNVD•added 2023/07/21 12:0 a.m.•1 views

Pimcore 跨站脚本漏洞

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A cross-site scripting vulnerability exists in...

6.1CVSS5.7AI score0.1097EPSS

Exploits1References4

Huntr•added 2023/05/07 5:54 p.m.•21 views

Stored XSS in module name "Edit Link"

Description I noticed that you filtered the input very carefully. But there are still some parts you missed Proof of Concept 1.Login in URL : https://demo.pimcore.fun/admin. 2.Go to "Search Documents" and filter only "Snippet" search and press search. 3.Go to "/en/shared/teasers/Popular Brands"...

5.8CVSS6.8AI score0.1097EPSS

Exploits1

exploitpack•added 2019/07/29 12:0 a.m.•26 views

GigToDo 1.3 - Cross-Site Scripting

GigToDo 1.3 - Cross-Site Scripting Exploit Title: GigToDo - Freelance Marketplace Script v1.3 Persistent XSS Injection Google Dork: - Date: 2019/07/28 Author: m0ze Vendor Homepage: https://www.gigtodoscript.com Software Link: https://codecanyon.net/item/gigtodo-freelance-marketplace-script/238553...

6.8AI score

Exploits0

OSV•added 2018/10/29 12:29 p.m.•0 views

CVE-2018-18721

An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5...

4.8CVSS5.8AI score

Exploits0References1

Exploit DB•added 2011/04/15 12:0 a.m.•37 views

SQL-Ledger 2.8.33 - (Authenticated) Local File Inclusion / Edit

Exploit Title: SQL-Ledger = 2.8.33 Post-authentication Local File Include/Edit Vulnerability Google Dork: inurl:/sql-ledger/login.pl Date: April 15, 2011 Author: bitform Software Link: http://www.sql-ledger.com/source/sql-ledger-2.8.33.tar.gz Version: 2.8.33 Tested on: Ubuntu Server 10.04 CVE :...

7.4AI score

Exploits0

UbuntuCve•added 2009/08/18 9:0 p.m.•26 views

CVE-2009-2853

Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to 1 admin-footer.php, 2 edit-category-form.php, 3 edit-form-advanced.php, 4 edit-form-comment.php, 5 edit-link-category-form.php, 6 edit-link-form.php, 7 edit-page-form.php, and 8 edit-tag-form.php in wp-admin...

10CVSS5.9AI score0.01198EPSS

Exploits3References1

Exploit DB•added 2008/11/11 12:0 a.m.•34 views

Pre Real Estate Listings - Arbitrary File Upload

Pre Real Estate Listings login.php ByPass /File Upload Script:Pre Real Estate Listings HomePage:http://preproject.com/ Demo:http://preproject.com/ulisting/ Author:BackDoor By Pass Exploit: http://victim.com/scriptpath/login.php username:'or' password:'or' Live Demo:...

7.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by