Lucene search
K

70 matches found

Cvelist
Cvelist
added 2014/10/20 4:0 p.m.24 views

CVE-2014-5276

Multiple cross-site scripting XSS vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via 1 an uploaded profile picture or 2 the edit parameter to profiles/index.php...

5.4AI score0.02636EPSS
Exploits1References5
Cvelist
Cvelist
added 2014/03/29 8:0 p.m.26 views

CVE-2014-0344

Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter...

6.1AI score0.05579EPSS
Exploits1References2
Exploit DB
Exploit DB
added 2011/09/28 12:0 a.m.23 views

Traq 2.2 - Multiple SQL Injections / Cross-Site Scripting

source: https://www.securityfocus.com/bid/49835/info Traq is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication...

7.4AI score
Exploits0
Prion
Prion
added 2009/12/10 1:30 a.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in dspStats.php in PowerPhlogger 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the edit parameter...

4.3CVSS6.1AI score0.01452EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2009/12/10 1:30 a.m.19 views

CVE-2009-4253

Cross-site scripting XSS vulnerability in dspStats.php in PowerPhlogger 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the edit parameter...

4.3CVSS5.7AI score0.01452EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2007/10/29 8:46 p.m.29 views

CVE-2007-5693

Eval injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492...

6CVSS6.2AI score0.04938EPSS
Exploits1References1
Cvelist
Cvelist
added 2006/11/22 12:0 a.m.23 views

CVE-2006-6039

SQL injection vulnerability in matchdetail.php in Powie's PHP MatchMaker 4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the edit parameter...

8.5AI score0.013EPSS
Exploits1References5
CVE
CVE
added 2006/07/07 12:0 a.m.44 views

CVE-2006-3406

The CVE-2006-3406 entry refers to a directory traversal vulnerability in QTOFileManager 1.0, specifically in the qtofm.php edit parameter. The underlying issue allows a remote attacker to modify arbitrary files by supplying a .. (dot dot) sequence, impacting potentially confidentiality and integr...

6.4CVSS7.1AI score0.01388EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2006/07/07 12:0 a.m.18 views

CVE-2006-3405

Cross-site scripting XSS vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the 1 delete, 2 pathext, and 3 edit parameters...

5.7AI score0.01756EPSS
Exploits1References4
OSV
OSV
added 2004/12/31 5:0 a.m.2 views

DEBIAN-CVE-2004-1559

Multiple cross-site scripting XSS vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 redirectto, text, popupurl, or popuptitle parameters to wp-login.php, 2 redirecturl parameter to admin-header.php, 3 popuptitle, popupurl, content, or posttit...

4.3CVSS6AI score0.06465EPSS
Exploits1References1
Rows per page
Query Builder