Lucene search
K

32 matches found

Cvelist
Cvelist
added 2025/01/10 12:0 a.m.14 views

CVE-2025-23110

An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting XSS vulnerability in the email-subject field exists while performing an upload of a CSV file containing a list of alert configurations. An attacker can send the victim a CSV file containing the XSS payload in the...

6.1CVSS0.00273EPSS
Exploits0References1
OSV
OSV
added 2025/01/09 9:15 p.m.4 views

CVE-2024-55224

An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows attackers to execute arbitrary code via injecting a crafted payload into the username field of an e-mail message...

9.6CVSS8AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/04/25 12:0 a.m.7 views

CVE-2023-25348

ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file...

7.9AI score0.00437EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/12/13 12:0 a.m.6 views

PT-2022-27723 · Aerocms · Aerocms

Name of the Vulnerable Software and Affected Versions: AeroCMS version 0.0.1 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field in the add post.php file. This enables the execution of malicious code,...

4.8CVSS5.4AI score0.00457EPSS
Exploits1References5
wpexploit
wpexploit
added 2022/06/27 12:0 a.m.252 views

Page Generator Plugin < 1.6.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Got to Page Generator - Keywords - Add Keyword and put the following payload in the "Terms" field then...

4.8CVSS0.5AI score0.00493EPSS
Exploits2
CNVD
CNVD
added 2018/04/16 12:0 a.m.5 views

Monstra CMS Cross-Site Scripting Vulnerability (CNVD-2018-08254)

Monstra CMS is a lightweight PHP-based content management system CMS developed by Ukrainian software developer Sergey Romanenko. The system is easy to install and use, scalable and so on. A cross-site scripting vulnerability exists in Monstra CMS version 3.0.4. A remote attacker can exploit the...

4.8CVSS6.2AI score0.02898EPSS
Exploits2References1
0day.today
0day.today
added 2007/03/01 12:0 a.m.30 views

WebMod 0.48 (Content-Length) Remote Buffer Overflow Exploit PoC

Exploit for unknown platform in category remote exploits =============================================================== WebMod 0.48 Content-Length Remote Buffer Overflow Exploit PoC =============================================================== / WebMod Stack Buffer Overflow by cybermind Kevin...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2005/09/14 12:0 a.m.24 views

ATutor 1.5.1 - &#039;password_reminder.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/14831/info ATutor is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2004/04/23 12:0 a.m.12 views

Advanced Guestbook 2.2 - Password SQL Injection

Advanced Guestbook 2.2 - Password SQL Injection source: https://www.securityfocus.com/bid/10209/info It has been reported that Advanced Guestbook is prone to a SQL injection vulnerability that could allow an attacker to gain administrative access to the application. This issue is reported to exis...

0.6AI score
Exploits0
exploitpack
exploitpack
added 2000/11/23 12:0 a.m.33 views

Network Associates Webshield SMTP 4.5 - Invalid Outgoing Recipient Field Denial of Service

Network Associates Webshield SMTP 4.5 - Invalid Outgoing Recipient Field Denial of Service source: https://www.securityfocus.com/bid/1999/info Network Associates WebShield SMTP is an email virus scanner designed for internet gateways. In the event that WebShield SMTP receives an outgoing email...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2000/11/01 12:0 a.m.9 views

Debian 2.x RedHat 6.2 IRIX 56 Solaris 2.x - Mail Reply-To Field

Debian 2.x RedHat 6.2 IRIX 56 Solaris 2.x - Mail Reply-To Field source: https://www.securityfocus.com/bid/1910/info mail is a simple console e-mail client. A vulnerability exists in several vendors' distributions of this program. An attacker can compose an email message with a carefully-formed...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2000/07/18 12:0 a.m.19 views

Microsoft Outlook 97/98/2000 / Outlook Express 4.0/5.0 - GMT Field Buffer Overflow (2)

source: https://www.securityfocus.com/bid/1481/info All versions of Microsoft Outlook and Outlook Express are vulnerable to buffer overflow attacks where a remote user is capable of executing arbitrary code on an email recipient's system. The problem lies in how Outlook and Outlook Express handle...

7AI score
Exploits0
Rows per page
Query Builder