Lucene search
K

45 matches found

OSV
OSV
added 2024/01/04 3:15 p.m.3 views

CVE-2023-50760

Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/updateprofilepic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application...

8.8CVSS5.9AI score0.01213EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/01/04 12:0 a.m.5 views

PT-2024-13967 · Unknown · Online Notice Board System

Name of the Vulnerable Software and Affected Versions: Online Notice Board System version 1.0 Description: The issue is related to an Insecure File Upload vulnerability. This vulnerability is located in the f parameter of the "user/update profile pic.php" page, allowing an authenticated attacker ...

8.8CVSS7.4AI score0.01213EPSS
Exploits1References9
OSV
OSV
added 2023/03/10 3:15 p.m.3 views

CVE-2022-48111

A cross-site scripting XSS vulnerability in the checklogin function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter...

6.1CVSS5.9AI score0.00639EPSS
Exploits1References5
NVD
NVD
added 2023/03/10 3:15 p.m.26 views

CVE-2022-48111

A cross-site scripting XSS vulnerability in the checklogin function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter...

6.1CVSS5.9AI score0.00639EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/03/10 12:0 a.m.7 views

PT-2023-15575 · Sipe S.R.L · Wi400

Name of the Vulnerable Software and Affected Versions: SIPE s.r.l WI400 versions 8 through 11 Description: A cross-site scripting XSS issue in the check login function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter. This enables the...

6.1CVSS6.2AI score0.00639EPSS
Exploits1References10
SUSE CVE
SUSE CVE
added 2023/02/15 5:56 a.m.3 views

SUSE CVE-2010-3906

Cross-site scripting XSS vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 f and 2 fp parameters...

4.3CVSS6AI score0.05614EPSS
Exploits6References4
CNNVD
CNNVD
added 2022/07/22 12:0 a.m.3 views

Ambit Technologies Itech Movie Portal Script 安全漏洞

Ambit Technologies Itech Movie Portal Script is a Movie Portal Script from Ambit Technologies, USA. A security vulnerability exists in Ambit Technologies Itech Movie Portal Script version 7.36, which stems from some unknown functionality in movie.php, where manipulation of the parameter f can lea...

6.1CVSS5.7AI score0.00516EPSS
Exploits1References3
WPVulnDB
WPVulnDB
added 2021/09/09 12:0 a.m.14 views

Border Loading Bar <= 1.0.1 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the f and t parameter found in the /titan-framework/iframe-googlefont-preview.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.8AI score0.00895EPSS
Exploits1References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2020/12/01 12:0 a.m.3 views

VulnCheck KEV: CVE-2005-2847

img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter...

7.5CVSS6.1AI score0.53375EPSS
Exploits8References1
CNVD
CNVD
added 2019/09/21 12:0 a.m.1 views

S-CMS e-commerce system aj***.php page L_f*** parameter has SQL injection vulnerability

S-CMS e-commerce system is an e-commerce software. S-CMS e-commerce system aj.php page Lf parameter exists SQL injection vulnerability, an attacker can use the vulnerability to obtain database sensitive information...

7.9AI score
Exploits0
CNVD
CNVD
added 2018/10/29 12:0 a.m.2 views

DedeCMS Cross-Site Scripting Vulnerability (CNVD-2019-01728)

DedeCMS is a PHP-based web content management system CMS. A cross-site scripting vulnerability exists in the /member/uploadsselect.php file in DedeCMS version 5.7 SP2, which can be exploited by a remote attacker with the help of the 'f' or 'keyword' parameter to A remote attacker can use the 'f' ...

6.1CVSS6.1AI score0.00675EPSS
Exploits1References1
OSV
OSV
added 2018/10/01 8:29 a.m.5 views

CVE-2018-17832

XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter...

6.1CVSS5.8AI score0.02273EPSS
Exploits5References2
CVE
CVE
added 2018/10/01 8:0 a.m.63 views

CVE-2018-17832

WUZHICMS 2.0 is affected by a Cross-Site Scripting (XSS) vulnerability in index.php, exploitable via the v and f GET parameters. The issue is described as XSS in the WUZHICMS 2.0 web application, with PoC references showing injected content via index.php?v= and index.php?f=. No explicit root-caus...

6.1CVSS5.9AI score0.02273EPSS
Exploits5References2Affected Software1
OSV
OSV
added 2018/07/03 10:29 p.m.4 views

CVE-2018-13123

onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to read arbitrary files via the i and f parameters, as demonstrated by ?i=etc/&f=passwd&p=rawview for the /etc/passwd file...

9.8CVSS5.9AI score0.01431EPSS
Exploits0References1
CNVD
CNVD
added 2015/09/06 12:0 a.m.6 views

MediaWiki cross-site scripting vulnerability (CNVD-2015-05871)

MediaWiki is a free and free web-based Wiki engine developed and maintained by the Wikimedia Foundation and MediaWiki volunteers, which can be used to deploy in-house knowledge management and content management systems. A cross-site scripting vulnerability exists in MediaWiki's thumb.php script. ...

4.3CVSS5.9AI score0.02009EPSS
Exploits0References1
OSV
OSV
added 2015/09/01 2:59 p.m.1 views

DEBIAN-CVE-2015-6730

Cross-site scripting XSS vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to "ForeignAPI images."...

4.3CVSS6AI score0.02009EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2015/09/01 2:59 p.m.30 views

CVE-2015-6730

Cross-site scripting XSS vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to "ForeignAPI images."...

4.3CVSS6AI score0.02009EPSS
Exploits0References3
OSV
OSV
added 2015/09/01 2:59 p.m.2 views

UBUNTU-CVE-2015-6730

Cross-site scripting XSS vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to "ForeignAPI images."...

4.3CVSS5.9AI score0.02009EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2015/09/01 2:0 p.m.42 views

CVE-2015-6730

Cross-site scripting XSS vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to "ForeignAPI images."...

4.3CVSS5.6AI score0.02009EPSS
Exploits0
OSV
OSV
added 2010/12/17 7:0 p.m.1 views

DEBIAN-CVE-2010-3906

Cross-site scripting XSS vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 f and 2 fp parameters...

4.3CVSS5.6AI score0.05614EPSS
Exploits6References1
Rows per page
Query Builder