Lucene search
K

390960 matches found

Nuclei
Nuclei
added 17 hours ago40 views

phpPgAdmin <=4.1.1 - Cross-Site Scripting

phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via certain input available in PHPSELF in 1 redirect.php, possibly related to 2 login.php, which are different vectors than CVE-2007-2865. id:...

9.3CVSS6AI score0.14639EPSS
Exploits1References5
Nuclei
Nuclei
added 17 hours ago66 views

Devalcms 1.4a - Cross-Site Scripting

Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file. id: CVE-2008-6982 info: name: Devalcms 1.4a - Cross-Site Scripting author: arafatansari severity: medium description: | Devalcms 1.4a contains a cross-site scripting vulnerability in th...

4.3CVSS5.8AI score0.05735EPSS
Exploits1References5
Nuclei
Nuclei
added 17 hours ago26 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD through version 4.11.01 is vulnerable to cross-site scripting via the /assets/add/ssl-provider.php ssl-provider-name and ssl-provider's-url parameters. id: CVE-2018-20009 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD...

4.8CVSS6.2AI score0.04428EPSS
Exploits6References5
Nuclei
Nuclei
added 17 hours ago40 views

Contact Form Multi by BestWebSoft < 1.2.1 - Cross-Site Scripting

The contact-form-multi plugin before 1.2.1 for WordPress has multiple XSS issues. id: CVE-2017-18490 info: name: Contact Form Multi by BestWebSoft 1.2.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The contact-form-multi plugin before 1.2.1 for WordPress has multip...

6.1CVSS6.4AI score0.01464EPSS
Exploits1References4
Nuclei
Nuclei
added 17 hours ago43 views

Jolokia 1.3.7 - Cross-Site Scripting

Jolokia 1.3.7 is vulnerable to cross-site scripting in the HTTP servlet and allows an attacker to execute malicious JavaScript in the victim's browser. id: CVE-2018-1000129 info: name: Jolokia 1.3.7 - Cross-Site Scripting author: mavericknerd,0h1in9e,daffainfo severity: medium description: |...

6.1CVSS6.7AI score0.25459EPSS
Exploits1References5
Nuclei
Nuclei
added 17 hours ago256 views

Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting

Keycloak 10.0.0 to 18.0.0 contains a cross-site scripting vulnerability via the client-registrations endpoint. On a POST request, the application does not sanitize an unknown attribute name before including it in the error response with a 'Content-Type' of text/hml. Once reflected, the response i...

6.1CVSS6.6AI score0.37246EPSS
Exploits3References6
Nuclei
Nuclei
added 17 hours ago44 views

Netsweeper 4.0.4 - Cross-Site Scripting

A cross-site scripting vulnerability in remotereporter/loadlogfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter. id: CVE-2014-9607 info: name: Netsweeper 4.0.4 - Cross-Site Scripting author: daffainfo severity: medium...

6.1CVSS6.5AI score0.05452EPSS
Exploits1References4
Nuclei
Nuclei
added 17 hours ago34 views

WordPress defa-online-image-protector <=3.3 - Cross-Site Scripting

WordPress defa-online-image-protector 3.3 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.6AI score0.03236EPSS
Exploits2References5
Nuclei
Nuclei
added 17 hours ago37 views

WordPress Admin Font Editor <=1.8 - Cross-Site Scripting

WordPress Admin Font Editor 1.8 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.6AI score0.03223EPSS
Exploits2References5
Nuclei
Nuclei
added 17 hours ago27 views

Movies <= 0.6 - Cross-Site Scripting

A cross-site scripting vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. id: CVE-2014-4539 info: name: Movies = 0.6 - Cross-Site Scripting author: daffainfo...

6.1CVSS6.5AI score0.03983EPSS
Exploits2References4
Nuclei
Nuclei
added 17 hours ago34 views

Netsweeper 4.0.8 - Cross-Site Scripting

Multiple cross-site scripting vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 server parameter to remotereporter/loadlogfiles.php, 2 customctid parameter to...

6.1CVSS6.4AI score0.04292EPSS
Exploits1References4
Nuclei
Nuclei
added 17 hours ago33 views

Netsweeper 4.0.4 - Cross-Site Scripting

A cross-site scripting vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php. id: CVE-2014-9615 info: name: Netsweeper 4.0.4 - Cross-Site Scripting author: daffainfo severity: medium description: A...

6.1CVSS6.5AI score0.03705EPSS
Exploits1References4
Nuclei
Nuclei
added 17 hours ago229 views

Symfony - Authentication Bypass

Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including 1 no hash or 2 an invalid has...

4.3CVSS6AI score0.08269EPSS
Exploits0References5
Nuclei
Nuclei
added 17 hours ago28 views

Netsweeper 4.0.3 - Cross-Site Scripting

A cross-site scripting vulnerability in webadmin/policy/grouptableajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO. id: CVE-2014-9608 info: name: Netsweeper 4.0.3 - Cross-Site Scriptin...

6.1CVSS6.5AI score0.03939EPSS
Exploits1References4
Nuclei
Nuclei
added 17 hours ago32 views

Opsview Monitor Pro - Local File Inclusion

Opsview Monitor Pro prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch is vulnerable to unauthenticated local file inclusion and can be exploited by issuing a specially crafted HTTP GET request utilizing a simple bypass. id:...

7.5CVSS7AI score0.16109EPSS
Exploits1References5
Nuclei
Nuclei
added 17 hours ago29 views

WordPress WPSOLR <=8.6 - Cross-Site Scripting

WordPress WPSOLR 8.6 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credential...

6.1CVSS6.6AI score0.04486EPSS
Exploits2References5
Nuclei
Nuclei
added 17 hours ago49 views

Netsweeper 3.0.6 - Open Redirection

An open redirect vulnerability in remotereporter/loadlogfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. id: CVE-2014-9617 info: name: Netsweeper 3.0.6 - Open Redirection author:...

6.1CVSS6.6AI score0.08013EPSS
Exploits1References4
Nuclei
Nuclei
added 17 hours ago35 views

WordPress JSmol2WP <=1.07 - Cross-Site Scripting

WordPress JSmol2WP version 1.07 and earlier is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the jsmol.php data parameter. id: CVE-2018-20462 info: name: WordPress JSmol2WP =1.07 - Cross-Site Scripting author: daffainfo severity: medium...

7.5CVSS6.9AI score0.13078EPSS
Exploits4References5
Nuclei
Nuclei
added 17 hours ago21 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/dns.php Profile Name or notes field. id: CVE-2018-19914 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripting...

4.8CVSS6.2AI score0.03316EPSS
Exploits5References5
Nuclei
Nuclei
added 17 hours ago34 views

WebPort 1.19.1 - Cross-Site Scripting

Web Port 1.19.1 is vulnerable to cross-site scripting via the /log type parameter. id: CVE-2019-12461 info: name: WebPort 1.19.1 - Cross-Site Scripting author: pikpikcu severity: medium description: Web Port 1.19.1 is vulnerable to cross-site scripting via the /log type parameter. impact: |...

6.1CVSS6.3AI score0.09916EPSS
Exploits5References5
Rows per page
Query Builder