Lucene search
+L

358 matches found

CVE
CVE
added 2022/05/26 12:55 p.m.71 views

CVE-2022-29721

Affected software: 74cmsSE v3.5.1 (74cmsSE is an online recruitment system based on PHP/MySQL). Vulnerability: SQL injection via the keyword parameter in /home/jobfairol/resumelist. Root cause described as lack of input validation on the parameter, enabling externally entered SQL statements. Impa...

7.5CVSS7.8AI score0.00991EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2022/04/11 3:15 p.m.7 views

CVE-2021-24986

The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Grid with a search form...

6.1CVSS6.4AI score0.00788EPSS
Exploits2References1
Veracode
Veracode
added 2022/03/07 10:18 a.m.29 views

Cross-site Scripting (XSS)

Liferay Frontend Taglib Clay is vulnerable to cross-site scripting. The vulnerability exists in the processStartTag function of ManagementToolbarTag.java because the keyword parameter of the search function is not properly escaped, which allows an attacker to inject and execute arbitrary web...

6.1CVSS2.8AI score0.00714EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2021/11/15 12:0 a.m.5 views

Montala ResourceSpace SQL注入漏洞

ResourceSpace is a digital asset management tool that enables users to organize their digital assets. a SQL injection vulnerability exists in pages/editfields/9ajax/addkeyword.php in ResourceSpace. The vulnerability can be exploited by an attacker to execute arbitrary SQL commands via the k...

9.8CVSS6.6AI score0.67845EPSS
Exploits1References3
OSV
OSV
added 2021/10/22 8:15 p.m.5 views

CVE-2020-36492

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component selectmedia.php via the activepath, keyword, tag, fmdo=x&filename, CKEditor and CKEditorFuncNum parameters...

5.4CVSS5.7AI score0.00562EPSS
Exploits1References1
OSV
OSV
added 2021/10/22 8:15 p.m.6 views

CVE-2020-36491

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component tagsmain.php via the activepath, keyword, tag, fmdo=x&filename, CKEditor and CKEditorFuncNum parameters...

5.4CVSS6AI score
Exploits0References1
NVD
NVD
added 2021/10/22 8:15 p.m.22 views

CVE-2020-23044

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component filepicview.php via the activepath, keyword, tag, fmdo=x&filename, CKEditor and CKEditorFuncNum parameters...

5.4CVSS0.00562EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/10/22 12:0 a.m.6 views

DedeCMS 跨站脚本漏洞

DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. DedeCMS has a cross-site scripting vulnerability that can be exploited to inject malicious script code via the activepath, keyword,...

5.4CVSS5.3AI score0.00562EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/10/22 12:0 a.m.7 views

Desdev DedeCMS 跨站脚本漏洞

DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. DedeCMS has a cross-site scripting vulnerability that can be exploited to inject malicious script code via the activepath, keyword,...

5.4CVSS5.3AI score0.00562EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/10/22 12:0 a.m.6 views

Desdev DedeCMS 跨站脚本漏洞

DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. DedeCMS has a cross-site scripting vulnerability that can be exploited to inject malicious script code via the activepath, keyword,...

5.4CVSS5.3AI score0.00562EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/10/22 12:0 a.m.5 views

Desdev DedeCMS 跨站脚本漏洞

DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. DedeCMS has a cross-site scripting vulnerability that can be exploited to inject malicious script code via activepath, keyword, tag,...

5.4CVSS5.3AI score0.00562EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/10/22 12:0 a.m.8 views

Desdev DedeCMS 跨站脚本漏洞

DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. DedeCMS has a cross-site scripting vulnerability that can be exploited to inject malicious script code via activepath, keyword, tag,...

5.4CVSS5.3AI score0.00562EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/08/26 12:0 a.m.4 views

Delta Electronics DIAEnergie SQL注入漏洞

A SQL blind injection vulnerability exists in the /DataHandler/HandlerCFG.ashx endpoint in DIAEnergie 1.7.5 and earlier versions. The vulnerability stems from the application not properly validating the value provided by the user via the parameter keyword before using the value as part of a SQL...

10CVSS6.5AI score0.03938EPSS
Exploits0References4
Snyk
Snyk
added 2021/08/15 8:44 a.m.1 views

SQL Injection

Overview s-cart/core is a free Laravel e-commerce for business. Affected versions of this package are vulnerable to SQL Injection via the keyword parameter in /scadmin/currency. Remediation Upgrade s-cart/core to version 6.3.0.3 or higher. References - GitHub Additional Information - GitHub Commi...

8.6CVSS7.9AI score
Exploits0References2
CNNVD
CNNVD
added 2021/05/24 12:0 a.m.8 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WooCommerce WordPress plugin for PickPlugins Product slider...

6.1CVSS5.8AI score0.10587EPSS
Exploits5References3
OSV
OSV
added 2021/05/15 12:15 a.m.3 views

CVE-2020-16632

A XSS Vulnerability in /uploads/dede/actionsearch.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter...

5.4CVSS6.3AI score0.00545EPSS
Exploits1References1
Prion
Prion
added 2021/05/15 12:15 a.m.17 views

Cross site scripting

A XSS Vulnerability in /uploads/dede/actionsearch.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter...

3.5CVSS5.7AI score0.00545EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2020/11/19 12:0 a.m.4 views

cxuucms SQL Injection Vulnerability

Cxuucms is a PHP-based content relationship building system. cxuucms v3 suffers from a SQL injection vulnerability that originates from leaking all database data via search.php via the keyword parameter. No detailed vulnerability details are available at this time...

7.5CVSS8.1AI score0.03751EPSS
Exploits3References1
Prion
Prion
added 2020/08/14 2:15 p.m.21 views

Cross site scripting

A Cross-site scripting XSS vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter aka $searchterm or the Search field...

4.3CVSS6.1AI score0.09221EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/08/14 1:42 p.m.21 views

CVE-2019-6112

A Cross-site scripting XSS vulnerability in /inc/class-search.php in the Sell Media plugin v2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the keyword parameter aka $searchterm or the Search field...

6.1AI score0.09221EPSS
Exploits1References2
Rows per page
Query Builder