Lucene search
+L

143 matches found

RedhatCVE
RedhatCVE
added 2025/03/29 12:31 a.m.17 views

CVE-2025-29306

An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component...

9.8CVSS8.2AI score0.43655EPSS
Exploits11References1
NVD
NVD
added 2025/03/27 7:15 p.m.22 views

CVE-2025-29306

An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component...

9.8CVSS0.43655EPSS
Exploits11References1
Positive Technologies
Positive Technologies
added 2025/03/27 12:0 a.m.7 views

PT-2025-13394

Name of the Vulnerable Software and Affected Versions FoxCMS version 1.2.5 Description An issue in FoxCMS allows a remote attacker to execute arbitrary code via the case display page in the index.html component. The vulnerability is related to a remote code execution issue. Recommendations For...

10CVSS8.1AI score0.43655EPSS
Exploits11References27
CNNVD
CNNVD
added 2025/03/27 12:0 a.m.20 views

FoxCMS 代码注入漏洞

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS company. A security vulnerability exists in FoxCMS version 1.2.5, which originates from the index.html component that allows execution of arbitrary code...

9.8CVSS6.8AI score0.43655EPSS
Exploits11References3
CVE
CVE
added 2025/03/27 12:0 a.m.154 views

CVE-2025-29306

FoxCMS v1.2.5 (and older) contains CVE-2025-29306, a remote code execution via the id parameter on /images/index.html caused by unsafe handling of user input (unserialize()). Unauthenticated attackers can trigger arbitrary PHP code, potentially leading to full server compromise. Affected endpoint...

9.8CVSS7.6AI score0.43655EPSS
Exploits11References1Affected Software1
NVD
NVD
added 2025/03/03 7:15 p.m.12 views

CVE-2025-26206

Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component...

9CVSS0.00573EPSS
Exploits3References2
Cvelist
Cvelist
added 2025/03/03 12:0 a.m.17 views

CVE-2025-26206

Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component...

0.00573EPSS
Exploits3References2
CVE
CVE
added 2024/10/30 12:0 a.m.63 views

CVE-2024-31973

Hitron CODA-4582 2AHKM-CODA4589 devices (firmware version 7.2.4.5.1b8) are affected by CVE-2024-31973, a stored XSS vulnerability in the SSID field of the /index.html#wireless_basic page. The issue allows a remote attacker within Wi‑Fi proximity to inject script via the Network Name (SSID) input,...

5.2CVSS5.8AI score0.00458EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/30 12:0 a.m.18 views

CVE-2024-31973

Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via the 'Network Name SSID' input fields to the /index.htmlwirelessbasic page...

0.00458EPSS
Exploits0References1
NVD
NVD
added 2024/08/30 2:15 p.m.22 views

CVE-2024-8337

A vulnerability, which was classified as problematic, has been found in SourceCodester Contact Manager with Export to VCF 1.0. Affected by this issue is some unknown functionality of the file index.html. The manipulation of the argument contactname leads to cross site scripting. The attack may be...

5.4CVSS0.00422EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/08/30 1:31 p.m.16 views

CVE-2024-8337 SourceCodester Contact Manager with Export to VCF index.html cross site scripting

A vulnerability, which was classified as problematic, has been found in SourceCodester Contact Manager with Export to VCF 1.0. Affected by this issue is some unknown functionality of the file index.html. The manipulation of the argument contactname leads to cross site scripting. The attack may be...

5.3CVSS3.8AI score0.00422EPSS
Exploits1References5
CVE
CVE
added 2024/08/30 1:31 p.m.56 views

CVE-2024-8337

The CVE-2024-8337 entry affects SourceCodester Contact Manager with Export to VCF 1.0. The vulnerability is a Cross-Site Scripting in the index.html, caused by manipulating the contact_name argument. Affected functionality is unknown in detail across sources, but multiple documents state the issu...

5.4CVSS3.9AI score0.00422EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2024/08/21 12:0 a.m.66 views

CVE-2024-42939

CVE-2024-42939 affects YZNCMS v1.4.2, specifically the /index/index.html component. The vulnerability is a cross-site scripting (XSS) flaw that allows an attacker to inject arbitrary web scripts or HTML via a crafted payload placed in the configured remarks text field. Public details confirm the ...

5.4CVSS5.6AI score0.00308EPSS
Exploits1References1Affected Software1
Oracle linux
Oracle linux
added 2024/08/08 12:0 a.m.74 views

httpd security update

2.4.57-11.0.1.el94.1 - Replace index.html with Oracle's index page oracleindex.html. 2.4.57-11.1 - Resolves: RHEL-46047 - httpd: Security issues via backend applications whose response headers are malicious or exploitable CVE-2024-38476 - Resolves: RHEL-53021 - Regression introduced by...

9.8CVSS7AI score0.41611EPSS
Exploits0
Oracle linux
Oracle linux
added 2024/07/23 12:0 a.m.60 views

httpd:2.4 security update

httpd 2.4.37-65.0.1.1 - Replace index.html with Oracle's index page oracleindex.html 2.4.37-65.1 - Resolves: RHEL-45812 - httpd:2.4/httpd: Substitution encoding issue in modrewrite CVE-2024-38474 - Resolves: RHEL-45785 - httpd:2.4/httpd: Encoding problem in modproxy CVE-2024-38473 - Resolves:...

9.8CVSS7.3AI score0.99957EPSS
Exploits2
NVD
NVD
added 2024/06/24 8:15 p.m.35 views

CVE-2024-37681

An issue the background management system of Shanxi Internet Chuangxiang Technology Co., Ltd v1.0.1 allows a remote attacker to cause a denial of service via the index.html component...

6.5CVSS0.00467EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/24 12:0 a.m.6 views

Shanxi Internet Chuangxiang Technology the background management system security vulnerability

Shanxi Internet Chuangxiang Technology the background management system is a background management system of Shanxi Internet Chuangxiang Technology. A security vulnerability exists in Shanxi Internet Chuangxiang Technology the background management system version v1.0.1, which could allow a remot...

6.5CVSS6.7AI score0.00467EPSS
Exploits0References3
CVE
CVE
added 2024/06/24 12:0 a.m.51 views

CVE-2024-37681

The CVE-2024-37681 entry concerns Shanxi Internet Chuangxiang Technology Co., Ltd. v1.0.1. Multiple sources (NVD/Red Hat/CNNVD/CVE list) confirm a DoS condition that can be triggered remotely via the index.html component of the background management system. The vulnerability is described as an is...

6.5CVSS7AI score0.00467EPSS
Exploits0References1
NVD
NVD
added 2024/03/11 5:15 a.m.11 views

CVE-2024-28823

Amazon AWS aws-js-s3-explorer aka AWS JavaScript S3 Explorer 1.0.0 allows XSS via a crafted S3 bucket name to index.html...

6.1CVSS5.5AI score0.00386EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/03/11 12:0 a.m.20 views

CVE-2024-28823

Amazon AWS aws-js-s3-explorer aka AWS JavaScript S3 Explorer 1.0.0 allows XSS via a crafted S3 bucket name to index.html...

5.6AI score0.00386EPSS
Exploits0References2
Rows per page
Query Builder