Lucene search
K

33 matches found

OSV
OSV
added 2022/03/03 7:15 p.m.5 views

CVE-2022-23899

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java...

9.8CVSS5.8AI score0.01064EPSS
Exploits1References1
OSV
OSV
added 2022/03/03 7:15 p.m.2 views

CVE-2022-23898

MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml...

9.8CVSS5.8AI score0.07734EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/03/03 12:0 a.m.7 views

MingSoft Mcms SQL注入漏洞

MingSoft Mcms is China's MingFei MingSoft company's a complete open source J2ee system . A security vulnerability exists in MingSoft Mcms v5.2.5 that allows an attacker to perform a SQL injection attack via the search.do parameter in the file /web/MCmsAction.java. No details of the vulnerability...

9.8CVSS5.8AI score0.01064EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/02/18 8:15 p.m.8 views

CVE-2021-46063

MCMS v5.2.5 was discovered to contain a Server Side Template Injection SSTI vulnerability via the Template Management module...

9.1CVSS7.8AI score0.02731EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/01/26 12:0 a.m.4 views

MingSoft MCMS 代码问题漏洞

MingSoft MCMS is a complete open source J2ee system from China's MingSoft. A code issue vulnerability exists in MingSoft MCMS, which stems from a file upload vulnerability in MCMS version =5.2.5. An attacker can exploit this vulnerability to execute arbitrary code remotely...

9.8CVSS8.8AI score0.03111EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/08/03 12:0 a.m.5 views

Fortinet FortiPortal 代码问题漏洞

Fortinet FortiPortal is a hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs.Fortinet FortiPortal is vulnerable in versions 6.0.0 to 6.0.4, 5.3 .0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2...

8.1CVSS5.6AI score0.00734EPSS
Exploits0References4
CNVD
CNVD
added 2020/05/21 12:0 a.m.9 views

Ruby on Rails Cross-Site Request Forgery Vulnerability (CNVD-2020-32423)

Ruby on Rails is a set of Rails team based on the Ruby language open source Web application framework. A cross-site request forgery vulnerability exists in Ruby on Rails versions prior to 5.2.5 and 6.0.4, which stems from a WEB application that does not adequately validate that a request is comin...

4.3CVSS8.7AI score0.01673EPSS
Exploits1References1
OSV
OSV
added 2020/01/28 1:15 a.m.5 views

CVE-2019-17651

An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack XSS by injecting malicious JavaScript code into...

5.4CVSS6.1AI score0.00622EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/12/02 12:0 a.m.6 views

PT-2019-15858 · Alfresco · Alfresco Enterprise

Name of the Vulnerable Software and Affected Versions: Alfresco Enterprise versions prior to 5.2.5 Description: The issue allows for stored XSS via an uploaded HTML document. This means an attacker can upload a malicious HTML file to the system, which can then execute scripts on the user's browse...

5.4CVSS5.3AI score0.00602EPSS
Exploits1References4
CNVD
CNVD
added 2018/03/27 12:0 a.m.5 views

Acrolinx Server for Windows Path Traversal Vulnerability

Acrolinx Server for Windows is a Windows-based intelligent language analysis server from Acrolinx Germany. A path traversal vulnerability exists in versions of Acrolinx Server for Windows based platforms prior to 5.2.5. No details of the vulnerability are available at this time...

7.5CVSS6.8AI score0.46312EPSS
Exploits3References1
CNVD
CNVD
added 2017/09/06 12:0 a.m.56 views

Shopware content management system backend module cross-site scripting vulnerability

Shopware is the German Shopware company's open source e-commerce software. content management system backend modules is one of the content system backend module. A cross-site scripting vulnerability exists in the customer and order section of the content management system backend module in Shopwa...

6.1CVSS6.1AI score0.04812EPSS
Exploits7References1
RedHat Linux
RedHat Linux
added 2015/07/21 10:14 a.m.4 views

wireshark: TN5250 infinite loop (wnpa-sec-2014-23)

The dissectwritestructuredfield function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service infinite loop via a crafted packet...

5CVSS7.4AI score0.03488EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2008/07/22 12:30 p.m.5 views

php htmlentities/htmlspecialchars multibyte sequences

The 1 htmlentities and 2 htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465...

7.5CVSS5.8AI score0.0751EPSS
Exploits1References4
Rows per page
Query Builder