Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Veracode
Veracodeadded 2022/11/10 3:28 a.m.17 views

Cross-Site Scripting (XSS)

intelliants/subrion is vulnerable to cross-site scripting. The vulnerability exists due to lack of sanitization in admin-controllable input caused by the assignValues function of fields.php, which allows an attacker to inject and execute malicious HTML and script code into the web site via the...

6.1CVSS6.1AI score0.00673EPSS
Exploits1References2Affected Software1
NVD
NVDadded 2020/03/12 2:15 p.m.14 views

CVE-2020-10424

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-fields.php by adding a question mark ? followed by the payload...

4.8CVSS5AI score0.00321EPSS
Exploits1References2
Prion
Prionadded 2020/03/12 2:15 p.m.11 views

Cross site scripting

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-fields.php by adding a question mark ? followed by the payload...

3.5CVSS4.9AI score0.00321EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2020/03/12 1:5 p.m.35 views

CVE-2020-10470

The CVE-2020-10470 issue affects Chadha PHPKB Standard Multi-Language version 9, where a Reflected XSS exists in admin/manage-fields.php through the GET parameter sort. Attackers can inject arbitrary web script or HTML. The primary affected component is the sort parameter in the admin/manage-fiel...

4.8CVSS4.8AI score0.00321EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessusadded 2018/11/05 12:0 a.m.30 views

Joomla! 3.7.x < 3.7.1 fields.php getListQuery() Method SQLi

According to its self-reported version number, the detected Joomla! application is affected by a SQL injection vulnerability in the fields.php script due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in th...

9.8CVSS8.2AI score0.94513EPSS
Exploits21References3
Tenable Nessus
Tenable Nessusadded 2018/05/24 12:0 a.m.19 views

Joomla! 3.7.0 < 3.7.1 fields.php getListQuery() Method SQLi

The Joomla! installation running on the remote web server is affected by a SQL injection vulnerability in the fields.php script due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database,...

9.8CVSS8.2AI score0.94513EPSS
Exploits21References3
Tenable Nessus
Tenable Nessusadded 2017/05/24 12:0 a.m.95 views

Joomla! 3.7.x < 3.7.1 fields.php getListQuery() Method SQLi

According to its self-reported version number, the Joomla! installation running on the remote web server is 3.7.x prior to 3.7.1. It is, therefore, affected by a SQL injection vulnerability in the fields.php script due to improper sanitization of user-supplied input. An unauthenticated, remote...

9.8CVSS9AI score0.94513EPSS
Exploits21References3
Rows per page
Query Builder