Lucene search
K

24 matches found

CVE
CVE
added 2026/07/02 8:33 a.m.15 views

CVE-2026-12134

The CVE concerns the WordPress plugin JoomSport – for Sports: Team & League, Football, Hockey & more (up to and including version 5.7.8). It describes an authorization bypass where authenticated users with subscriber-level access and above can create arbitrary season groups or modify group names,...

4.3CVSS5.9AI score0.00232EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.26 views

CVE-2026-57995 phpMyFAQ - Privilege Escalation via Missing Self-Rights Constraint in GroupController::updatePermissions

phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController::updatePermissions that allows GROUPEDIT administrators to grant arbitrary rights to groups without verifying they hold those rights themselves. A delegated administrator can exploit this by assigning high-valu...

8.8CVSS0.00325EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/20 7:41 p.m.9 views

CVE-2026-26059

ChurchCRM is an open-source church management system. In versions prior to 6.8.2, it was possible for an authenticated user with permission to edit groups to store a JavaScript payload that would execute when the group was viewed in the Group View. Version 6.8.2 fixes this issue...

5.4CVSS5.6AI score0.00189EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/19 6:45 p.m.6 views

CVE-2026-26059 ChurchCRM has Stored Cross-Site Scripting (XSS) in GroupEditor.php

ChurchCRM is an open-source church management system. In versions prior to 6.8.2, it was possible for an authenticated user with permission to edit groups to store a JavaScript payload that would execute when the group was viewed in the Group View. Version 6.8.2 fixes this issue...

5.3CVSS5.5AI score0.00189EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-33122

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01211EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-13405

Malicious code in bioql PyPI...

5.4CVSS4AI score0.0026EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/07 11:16 p.m.17 views

CVE-2025-4293

A vulnerability was found in MRCMS 3.1.3 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/group/edit.do of the component Group Edit Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been...

5.4CVSS6.2AI score0.0026EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/05 10:31 p.m.9 views

CVE-2025-4293 MRCMS Group Edit Page edit.do cross site scripting

A vulnerability was found in MRCMS 3.1.3 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/group/edit.do of the component Group Edit Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been...

4.8CVSS6.2AI score0.0026EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/05/05 10:31 p.m.32 views

CVE-2025-4293 MRCMS Group Edit Page edit.do cross site scripting

A vulnerability was found in MRCMS 3.1.3 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/group/edit.do of the component Group Edit Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been...

4.8CVSS0.0026EPSS
Exploits1References4
CVE
CVE
added 2025/05/05 10:31 p.m.65 views

CVE-2025-4293

CVE-2025-4293 affects MRCMS 3.1.3, specifically the Group Edit Page component’s /admin/group/edit.do. The root cause is a cross-site scripting vulnerability in an unknown functionality of that endpoint, which can be exploited remotely. Public disclosure and available details indicate exploitation...

5.4CVSS3.5AI score0.0026EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/05/05 10:31 p.m.5 views

CVE-2025-4293 MRCMS Group Edit Page edit.do cross site scripting

A vulnerability was found in MRCMS 3.1.3 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/group/edit.do of the component Group Edit Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been...

4.8CVSS3.7AI score0.0026EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/05/05 12:0 a.m.6 views

MRCMS 代码注入漏洞

MRCMS is a content management system by the individual developer of marker. A code injection vulnerability exists in MRCMS version 3.1.3, which originates from a cross-site scripting attack due to a misuse of the file /admin/group/edit.do...

5.4CVSS4.3AI score0.0026EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/05/05 12:0 a.m.13 views

PT-2025-19807 · Mrcms · Mrcms

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.3 Description: A vulnerability was found in the Group Edit Page component, specifically affecting some unknown functionality of the file /admin/group/edit.do. This issue leads to cross-site scripting and can be exploited...

5.4CVSS3.4AI score0.0026EPSS
Exploits1References11
OSV
OSV
added 2024/05/07 2:15 p.m.8 views

CVE-2024-4592

A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the file /src/dede/sysgroupedit.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be...

4.3CVSS4.7AI score0.00428EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/05/07 12:0 a.m.3 views

Desdev DedeCMS 跨站请求伪造漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open source content management system CMS from China's Desdev Network Desdev. The system has content publishing, content management, content editing and content retrieval functions. A cross-site request forgery vulnerability...

5CVSS5AI score0.00428EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/06/14 12:0 a.m.4 views

PT-2023-24997 · Bloofox · Bloofox

Name of the Vulnerable Software and Affected Versions: bloofox version 0.5.2.1 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the gid parameter at the "admin/index.php?mode=user&page=groups&action=edit" endpoint. Recommendations: For...

9.8CVSS7.4AI score0.04228EPSS
Exploits1References6
OSV
OSV
added 2022/01/28 10:15 p.m.2 views

CVE-2021-46444

H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admingroupedit&agID...

9.8CVSS5.8AI score0.01195EPSS
Exploits1References2
NVD
NVD
added 2022/01/28 10:15 p.m.19 views

CVE-2021-46446

H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=adminaccessgroupedit&aagID...

9.8CVSS0.01211EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/01/28 10:15 p.m.7 views

CVE-2021-46444

H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admingroupedit&agID...

9.8CVSS8AI score0.01195EPSS
Exploits1References3
Prion
Prion
added 2022/01/28 10:15 p.m.17 views

Sql injection

H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=adminaccessgroupedit&aagID...

7.5CVSS9.8AI score0.01211EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder