CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

313 matches found

CVE•added 2022/06/13 5:10 p.m.•83 views

CVE-2021-41663

The CVE-2021-41663 issue affects Mini CMS v1.11, with the XSS vulnerability located in the article upload flow (post-edit.php). The root cause is described as lack of checksum filtering of user-supplied and output data on that page, enabling client-side JavaScript execution. The shared sources (R...

6.1CVSS5.9AI score0.00964EPSS

Exploits1References3Affected Software1

OSV•added 2022/05/17 4:12 a.m.•12 views

GHSA-WCJ4-FF9M-5R7G ImpressCMS Path Traversal to Arbitrary File Delete

Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the imagepath parameter in a cancel action...

6.4CVSS6.5AI score0.03711EPSS

Exploits3References6

OSV•added 2022/05/17 1:5 a.m.•18 views

GHSA-QM8M-7626-762H Dolibarr SQL injection vulnerability in admin/menus/edit.php

SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter...

9.8CVSS9.9AI score0.01307EPSS

Exploits0References3

Github Security Blog•added 2022/05/17 1:5 a.m.•24 views

Dolibarr SQL injection vulnerability in admin/menus/edit.php

SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter...

9.8CVSS9AI score0.01307EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2022/05/17 1:5 a.m.•18 views

Dolibarr ERP and CRM contain XSS Vulnerability

Cross-site scripting XSS vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php...

5.4CVSS5.7AI score0.00722EPSS

Exploits0References3Affected Software1

Prion•added 2022/04/27 8:15 a.m.•16 views

Cross site scripting

A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like alert1 leads to cross site scripting. The attack may be launched remote...

3.5CVSS5.3AI score0.0063EPSS

Exploits1References2

Vulnrichment•added 2022/04/27 7:50 a.m.•7 views

CVE-2022-1503 GetSimple CMS Content Module edit.php cross site scripting

3.5CVSS5.5AI score0.0063EPSS

Exploits1References2

NVD•added 2022/02/10 11:15 p.m.•17 views

CVE-2021-44970

MiniCMS v1.11 was discovered to contain a cross-site scripting XSS vulnerability via /mc-admin/page-edit.php...

5.4CVSS0.00479EPSS

Exploits1References1

Prion•added 2022/02/10 11:15 p.m.•25 views

Cross site scripting

MiniCMS v1.11 was discovered to contain a cross-site scripting XSS vulnerability via /mc-admin/page-edit.php...

3.5CVSS5.4AI score0.00479EPSS

Exploits1References1Affected Software1

Cvelist•added 2022/02/10 10:39 p.m.•20 views

CVE-2021-44970

MiniCMS v1.11 was discovered to contain a cross-site scripting XSS vulnerability via /mc-admin/page-edit.php...

5.6AI score0.00479EPSS

Exploits1References1

NVD•added 2021/10/11 11:15 a.m.•14 views

CVE-2021-40884

Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user with uploader role can download and edit all files of users in application...

8.1CVSS0.00923EPSS

Exploits1References1

CVE•added 2021/10/11 10:46 a.m.•55 views

CVE-2021-40884

CVE-2021-40884 affects ProjectSend version r1295. The root cause is missing authorization checks for the ids parameter in files-edit.php and the id parameter in process.php, enabling a user with uploader role to download and edit all users’ files. The vulnerability is described across multiple so...

8.1CVSS7.7AI score0.00923EPSS

Exploits1References1Affected Software1

Cvelist•added 2021/10/11 10:46 a.m.•14 views

CVE-2021-40884

8AI score0.00923EPSS

Exploits1References1

CNNVD•added 2021/10/11 12:0 a.m.•3 views

Projectsend 安全漏洞

An information disclosure vulnerability exists in ProjectSend version r1295, a free, customer-facing private file sharing web application. The vulnerability stems from the ids parameter in files-edit.php and the id parameter in process.php not checking for authorization. An attacker could exploit...

8.1CVSS7.7AI score0.00923EPSS

Exploits1References2

Prion•added 2021/08/12 10:15 p.m.•19 views

Cross site scripting

A cross site scripting XSS vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter...

3.5CVSS5.5AI score0.00595EPSS

Exploits1References1Affected Software1

Prion•added 2021/07/22 8:15 p.m.•14 views

Design/Logic Flaw

Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to execute arbitrary code, via the file upload to ordering\admin\products\edit.php...

7.5CVSS9.6AI score0.01874EPSS

Exploits1References1Affected Software1

WPVulnDB•added 2021/07/05 12:0 a.m.•17 views

Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The plugin does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page via php/edit.php, leading to a reflected Cross-Site Scripting issue. PoC https://www.example.com/?cpmvcid=1doaction=mvparse=editindex=0=1=0=F00=1=999=a%22%3E%3Csvg/%3E%3C%22...

4.3CVSS2.1AI score0.03065EPSS

Exploits2References1Affected Software1

NVD•added 2021/06/23 3:15 p.m.•12 views

CVE-2020-20389

Cross Site Scripting XSS vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php...

4.8CVSS0.00589EPSS

Exploits1References1

OSV•added 2021/06/23 3:15 p.m.•13 views

CVE-2020-20389

Cross Site Scripting XSS vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php...

4.8CVSS5.9AI score

Exploits0References1