Lucene search
K

14 matches found

Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.11 views

PT-2026-35340

A vulnerability was identified in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /edit parcel.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be...

7.5CVSS7.3AI score0.00254EPSS
Exploits0References6
NVD
NVD
added 2026/03/04 3:16 a.m.9 views

CVE-2026-3240

In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with...

4.8CVSS0.00212EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/06 1:30 p.m.25 views

CVE-2026-23797

In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...

6.9CVSS5.4AI score0.00245EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/05 11:7 a.m.6 views

CVE-2026-23797 Plaintext password display in Quick.Cart

In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...

6.9CVSS5.4AI score0.00268EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/09/22 12:0 a.m.8 views

WordPress Plugin Welcart e-Commerce SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

8.8CVSS7.8AI score0.00909EPSS
Exploits0References4
OSV
OSV
added 2023/06/20 3:15 p.m.19 views

CVE-2020-20918

An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page...

7.2CVSS7.9AI score
Exploits0References1
OSV
OSV
added 2023/06/07 3:30 p.m.23 views

GHSA-FQCV-RFP6-WV92 Microweber Cross-site Scripting vulnerability

Microweber 1.3.4 and prior is vulnerable to stored cross-site scripting via an alert on the Editing page. This issue is fixed in commit 42efa981a2239d042d910069952d6276497bdcf1...

5.4CVSS4.2AI score0.00346EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2023/06/07 3:30 p.m.18 views

Microweber Cross-site Scripting vulnerability

Microweber 1.3.4 and prior is vulnerable to stored cross-site scripting via an alert on the Editing page. This issue is fixed in commit 42efa981a2239d042d910069952d6276497bdcf1...

5.4CVSS5.9AI score0.00346EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.5 views

PT-2023-23310 · Unknown · Microweber

Name of the Vulnerable Software and Affected Versions: microweber/microweber versions prior to 2.0 microweber versions 1.3.4 and prior Description: The issue is related to stored Cross-site Scripting XSS in the GitHub repository microweber/microweber. This type of attack occurs when an applicatio...

5.4CVSS3.9AI score0.00346EPSS
Exploits1References7
Huntr
Huntr
added 2023/03/29 4:49 p.m.21 views

Stored XSS on Multiple Edit Page

Description A stored XSS with alert on Editing page. \ I clone repo from master branch and build with docker. Footer show: Version: 1.3.4 Proof of Concept Request image Request raw: POST /api/saveedit HTTP/1.1 Host: 192.168.125.131 User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:109.0...

4.9CVSS6.3AI score0.00346EPSS
Exploits1
OSV
OSV
added 2021/10/08 4:15 p.m.3 views

CVE-2021-41974

Tad Book3 editing book page does not perform identity verification. Remote attackers can use the vulnerability to view and modify arbitrary content of books without permission...

9.1CVSS7.4AI score0.01222EPSS
Exploits0References1
Hacker One
Hacker One
added 2016/03/15 12:22 a.m.14 views

New Relic: Emails and alert policies can be altered by malicious users.

Recreate Steps 1 Create Two Accounts 2 In separate browsers Firefox and Chrome log into each account and go to the edit page a https://rpm.newrelic.com/users//edit 3 Check one of the email or alert boxes and click save. Gather the post. a Should be similar to this:...

0.5AI score
Exploits0
Prion
Prion
added 2014/04/22 1:6 p.m.11 views

Command injection

FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMANDPATTERN and TESTRUNNER in the pageContent parameter when editing a page...

7.5CVSS7.9AI score0.03923EPSS
Exploits9References3Affected Software1
NVD
NVD
added 2014/03/28 3:55 p.m.24 views

CVE-2013-0807

Cross-site scripting XSS vulnerability in the NewSectionPrompt function in include/tool/editingpage.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the section parameter in a newsection action to index.php...

4.3CVSS5.6AI score0.04026EPSS
Exploits2References6
Rows per page
Query Builder