Lucene search
K

37 matches found

OSV
OSV
added 2024/04/08 8:15 p.m.3 views

CVE-2024-3463

A vulnerability has been found in SourceCodester Laundry Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /karyawan/edit. The manipulation of the argument karyawan leads to cross site scripting. The attack can be initiated remotely. The...

5.4CVSS3.8AI score0.0055EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/04/08 12:0 a.m.3 views

SourceCodester Laundry Management System 跨站脚本漏洞

Laundry Management System is a laundry management system. A cross-site scripting vulnerability exists in SourceCodester Laundry Management System version 1.0, which stems from a cross-site scripting attack on the karyawan parameter of the /karyawan/edit file...

5.4CVSS4.6AI score0.0055EPSS
Exploits1References5
OSV
OSV
added 2024/03/22 4:15 p.m.4 views

CVE-2024-2821

A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Affected by this issue is some unknown functionality of the file /src/dede/friendlinkedit.php. The manipulation of the argument id leads to cross-site request forgery. The attack may be launched remotely. The...

4.3CVSS5AI score0.00397EPSS
Exploits1References3
OSV
OSV
added 2024/03/13 4:15 p.m.5 views

CVE-2024-28672

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/mediaedit.php...

5.4CVSS6.6AI score0.00229EPSS
Exploits1References1
OSV
OSV
added 2024/03/13 4:15 p.m.7 views

CVE-2024-28669

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /dede/freelistedit.php...

5.4CVSS5.8AI score0.00244EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.2 views

Desdev DedeCMS Security Breach

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has the functions of content publishing, content management, content editing and content retrieval. A security vulnerability exists ...

6.1CVSS6.8AI score0.00242EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/01/19 12:0 a.m.3 views

liuwy-dlsdys zhglxt Cross-Site Scripting Vulnerability

zhglxt is a web application by the Chinese liuwy-dlsdys individual developer. A cross-site scripting vulnerability exists in liuwy-dlsdys zhglxt version 4.7.7, which stems from the parameter notifyTitle in the file /oa/notify/edit that causes cross-site scripting...

4.8CVSS6AI score0.00494EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/11/07 3:15 p.m.3 views

CVE-2023-33479

RemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file...

9.8CVSS5.8AI score0.00738EPSS
Exploits1References2
OSV
OSV
added 2023/03/22 2:15 p.m.3 views

CVE-2023-1569

A vulnerability classified as problematic was found in SourceCodester E-Commerce System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/user/controller.php?action=edit. The manipulation of the argument UNAME with the input alert'1' leads to cross site scripting...

5.4CVSS3.8AI score0.00491EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/12/08 12:0 a.m.4 views

DuxCMS 安全漏洞

DuxCMS is an open source content management system. A security vulnerability exists in DuxCMS version 2.1, which originates from cross-site scripting due to manipulation of the content parameter in an unknown section of its Article Handler component admin.php&r=article/AdminContent/edit file. The...

5.4CVSS5.2AI score0.00386EPSS
Exploits1References3
OSV
OSV
added 2022/09/26 1:15 p.m.3 views

CVE-2022-40403

Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/featureedit.php...

7.2CVSS5.8AI score0.0083EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/08/28 12:0 a.m.26 views

Pagekit 跨站脚本漏洞

Pagekit is a modular, lightweight CMS Content Management System. A security vulnerability exists in Pagekit CMS v1.0.18. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the Markdown text box under /blog/post/edit...

6.1CVSS6.8AI score0.00496EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/06/17 12:0 a.m.5 views

Online Ordering System SQL注入漏洞

Online Ordering System is a multi-store ordering system that can be used by any small business. an SQL injection vulnerability exists in Online Ordering System version v2.3.2, which originates from /ordering/admin/store/index.php?view=edit&id= Lack of validation of external input SQL statements c...

9.8CVSS6AI score0.01026EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/06/02 2:15 p.m.3 views

CVE-2022-30828

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\photosedit.php...

7.2CVSS5.9AI score0.00958EPSS
Exploits1References2
Prion
Prion
added 2018/12/30 9:29 p.m.16 views

Directory traversal

Lei Feng TV CMS aka LFCMS 3.8.6 allows Directory Traversal via crafted use of .. in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/web........1.txt.html URI to read the 1.txt file...

4CVSS5AI score0.01369EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/12/30 9:0 p.m.31 views

CVE-2018-20604

Lei Feng TV CMS aka LFCMS 3.8.6 allows Directory Traversal via crafted use of .. in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/web........1.txt.html URI to read the 1.txt file...

5AI score0.01369EPSS
Exploits1References1
Cvelist
Cvelist
added 2014/12/10 8:0 p.m.28 views

CVE-2014-9362

Cross-site scripting XSS vulnerability in the path-based meta tag editing form in the Meta tags quick module 7.x-2.x before 7.x-2.8 for Drupal allows remote authenticated users with the "Edit path based meta tags" permission to inject arbitrary web script or HTML via vectors related to deleting a...

5.2AI score0.00759EPSS
Exploits0References2
Rows per page
Query Builder