Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OSV
OSVadded 2025/09/16 12:15 p.m.1 views

CVE-2025-56697

A Stored Cross-Site Scripting XSS vulnerability was discovered in the /users/adminpanel/admin/home.php?page=feedbacks file of Kashipara Computer Base Test v1.0. Attackers can inject malicious scripts via the smyFeedbacks POST parameter in /users/home.php...

6.1CVSS5.8AI score
Exploits0References1
Cvelist
Cvelistadded 2025/09/16 12:0 a.m.4 views

CVE-2025-56697

A Stored Cross-Site Scripting XSS vulnerability was discovered in the /users/adminpanel/admin/home.php?page=feedbacks file of Kashipara Computer Base Test v1.0. Attackers can inject malicious scripts via the smyFeedbacks POST parameter in /users/home.php...

0.00053EPSS
Exploits1References1
CVE
CVEadded 2025/09/16 12:0 a.m.9 views

CVE-2025-56697

CVE-2025-56697 describes a Stored Cross-Site Scripting (XSS) vulnerability in Kashipara Computer Base Test v1.0, specifically in the /users/adminpanel/admin/home.php?page=feedbacks page. The underlying issue is unsanitized input through the smyFeedbacks POST parameter (affecting /users/home.php),...

6.1CVSS5.1AI score0.00053EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2024/11/07 3:2 p.m.37 views

CVE-2024-9926 Jetpack < 13.9.1 - Subscriber+ Arbitrary Feedback Access

The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpack Contact Form...

6.6AI score0.22802EPSS
Exploits3References1
OSV
OSVadded 2022/10/17 12:15 p.m.7 views

CVE-2022-2834

The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin's settings...

5.3CVSS6.2AI score
Exploits0References1
Prion
Prionadded 2022/10/17 12:15 p.m.12 views

Information disclosure

The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin's settings...

5CVSS5AI score0.00477EPSS
Exploits2References1Affected Software1
CVE
CVEadded 2022/10/17 12:0 a.m.52 views

CVE-2022-2834

The CVE-2022-2834 entry concerns the WordPress Helpful plugin (versions before 4.5.26). The vulnerability arises because exported logs and feedbacks are stored in publicly accessible locations with guessable file names, enabling attackers to download them and potentially retrieve sensitive inform...

5.3CVSS5AI score0.00477EPSS
Exploits2References1Affected Software1
OSV
OSVadded 2020/03/12 2:15 p.m.0 views

CVE-2020-10423

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-feedbacks.php by adding a question mark ? followed by the payload...

4.8CVSS5.9AI score0.00321EPSS
Exploits2References2
Rows per page
Query Builder