Lucene search
K

9 matches found

Nuclei
Nuclei
added 18 hours ago11 views

Gnuboard 5 - Cross-Site Scripting

Gnuboard 5 contains a cross-site scripting vulnerability via the $GET'LGDOID' parameter. id: CVE-2021-3831 info: name: Gnuboard 5 - Cross-Site Scripting author: arafatansari severity: medium description: | Gnuboard 5 contains a cross-site scripting vulnerability via the $GET'LGDOID' parameter...

7.1CVSS6.7AI score0.01812EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2024/10/13 10:34 p.m.261 views

Exploit for Code Injection in Sqlpad

CVE-2022-0944 PoC PoC for RCE in SQLPad. This example spawns a...

9.1CVSS8.3AI score0.08669EPSS
Exploits12
Github Security Blog
Github Security Blog
added 2024/05/14 8:14 p.m.19 views

Scrapy leaks the authorization header on same-domain but cross-origin redirects

Impact Since version 2.11.1, Scrapy drops the Authorization header when a request is redirected to a different domain. However, it keeps the header if the domain remains the same but the scheme http/https or the port change, all scenarios where the header should also be dropped. In the context of...

7.5CVSS7AI score0.00682EPSS
Exploits1References4Affected Software1
Packet Storm
Packet Storm
added 2024/02/19 12:0 a.m.270 views

InstantCMS 2.16.1 Cross Site Scripting

Exploit Title: InstantCMS - Store XSS Application: InstantCMS Version: v2.16.1 Bugs: Stored XSS Technology: PHP Vendor Homepage: https://instantcms.ru/ Software Link: https://instantcms.ru/get Date: 14.09.2023 Author: SoSPiro Tested on: Windows Description I noticed that you filtered the filter...

7.4AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/03/31 5:17 p.m.33 views

Pimcore vulnerable to Reflected XSS in Predefined Properties module in Settings

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.20 or apply this patch manually...

5.4CVSS5.6AI score0.00439EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/03/31 5:11 p.m.19 views

Pimcore Cross-site Scripting in Predefined Asset Metadata module in Settings

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.20 or apply this patch manually...

5.4CVSS5.6AI score0.00439EPSS
Exploits1References6Affected Software1
Huntr
Huntr
added 2022/03/12 2:18 a.m.31 views

Stored xss in showdoc through file upload

Description Hi. This is a bypass to the report in https://huntr.dev/bounties/df347aa9-ed9b-4f75-af99-c83b8aad3bcf/ . It fails to check for files with the extension .shtml which leads to stored xss Proof of Concept // poc.shtml adsasdadsdsa alert1 Impact Stored Xss...

3.5CVSS5.6AI score0.00538EPSS
Exploits1
OSV
OSV
added 2021/12/27 6:15 p.m.20 views

CVE-2021-43856

Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through non-image file uploads for file types that can be viewed directly inline in the browser. By creating a malicious file which can execute inline JS when viewed in the browser e.g...

5.4CVSS6.1AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2021/12/25 7:15 p.m.45 views

CVE-2021-4166

vim is vulnerable to Out-of-bounds Read...

7.1CVSS7.1AI score0.01586EPSS
Exploits1References2
Rows per page
Query Builder