Lucene search
+L

157 matches found

Prion
Prion
added 2022/08/08 2:15 p.m.20 views

Design/Logic Flaw

The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation...

5CVSS7.5AI score0.00987EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/06/23 5:15 p.m.4 views

CVE-2022-34178

Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site scripting XSS vulnerability...

6.1CVSS6.2AI score0.00911EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/06/22 12:0 a.m.5 views

PT-2022-22045 · Jenkins · Jenkins Embeddable Build Status Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Embeddable Build Status Plugin version 2.0.3 Description: The issue allows specifying a link query parameter for build status badges without restricting possible values, resulting in a reflected cross-site scripting XSS vulnerability...

8.8CVSS5.9AI score0.00911EPSS
Exploits0References7
OSV
OSV
added 2022/05/05 4:15 p.m.5 views

CVE-2021-39020

IBM Guardium Data Encryption GDE 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 213855...

5.3CVSS5.8AI score0.0047EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/02/24 6:53 p.m.23 views

CVE-2021-44662

A Site Scripting XSS vulnerability exists in the Xerte Project Xerte through 3.8.4 via the link parameter in print.php...

6.1AI score0.01079EPSS
Exploits1References3
OSV
OSV
added 2021/12/14 4:15 p.m.3 views

CVE-2021-38361

The .htaccess Redirect WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the link parameter found in the /htaccess-redirect.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.3.1...

6.1CVSS5.8AI score0.00757EPSS
Exploits0References2
Prion
Prion
added 2021/12/14 4:15 p.m.17 views

Cross site scripting

The .htaccess Redirect WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the link parameter found in the /htaccess-redirect.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.3.1...

4.3CVSS6.1AI score0.00757EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/08/31 12:0 a.m.9 views

PT-2021-22525 · WordPress · Zoomsounds

Name of the Vulnerable Software and Affected Versions: Zoomsounds plugin versions = 6.45 for WordPress Description: The issue allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the dzsap download action using directory traversal in the link...

7.5CVSS9.4AI score0.66543EPSS
Exploits5References7
CNNVD
CNNVD
added 2021/01/13 12:0 a.m.8 views

Cisco Webex Meetings 输入验证错误漏洞

Cisco Webex Meetings provides affordable enterprise virtual meeting solutions. An open redirect vulnerability exists in the Web management interface of Cisco Webex Meetings. The vulnerability stems from improper validation of the input of URL parameters in an HTTP request. An attacker could explo...

4.7CVSS6.1AI score0.01582EPSS
Exploits0References4
OSV
OSV
added 2021/01/11 3:15 a.m.5 views

CVE-2020-35719

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Search/index.jsp file via the added parameter. NOTE: This vulnerability only affects products that are no longer supported by...

6.1CVSS6.5AI score0.01581EPSS
Exploits1References2
OSV
OSV
added 2020/08/25 8:15 a.m.3 views

CVE-2020-17386

Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system...

6.5CVSS5.9AI score0.01098EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/07/14 12:0 a.m.6 views

The vulnerability of the automated information system “Web-Torghi KS” arises from the lack of measures taken to protect the website structure. This allows attackers to obtain users’ access passwords for the AIIS.

The vulnerability of the automated information system “Web-Torghi KS” is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain users’ access passwords for the AIIS by changing the...

7.4CVSS5.5AI score
Exploits0Affected Software1
Prion
Prion
added 2020/03/19 2:15 p.m.13 views

Cross site scripting

ilchCMS 2.1.23 allows XSS via the index.php/partner/index Link parameter...

4.3CVSS6AI score0.00686EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/07/23 4:15 p.m.16 views

CVE-2018-18673

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Menu Link" parameter, aka the adm/menulistupdate.php melink parameter...

6.1CVSS6AI score0.01518EPSS
Exploits0References3
OSV
OSV
added 2019/07/23 4:15 p.m.19 views

CVE-2018-18673

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Menu Link" parameter, aka the adm/menulistupdate.php melink parameter...

6.1CVSS5.9AI score
Exploits0References3
Prion
Prion
added 2019/07/23 4:15 p.m.23 views

Code injection

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Menu Link" parameter, aka the adm/menulistupdate.php melink parameter...

4.3CVSS6AI score0.01518EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/07/23 3:48 p.m.18 views

CVE-2018-18673

GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "Menu Link" parameter, aka the adm/menulistupdate.php melink parameter...

6AI score0.01518EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/07/23 12:0 a.m.6 views

PT-2019-9619 · Gnuboard · Gnuboard5

Name of the Vulnerable Software and Affected Versions: GNUBOARD5 version 5.3.1.9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the me link parameter, also known as the "Menu Link" parameter, in the adm/menu list update.php endpoint. This can be exploite...

6.1CVSS6.5AI score0.01518EPSS
Exploits0References8
CNVD
CNVD
added 2018/04/19 12:0 a.m.5 views

MiniCMS Cross-Site Scripting Vulnerability

MiniCMS is a mini content management system CMS designed for personal websites. A cross-site scripting vulnerability exists in MiniCMS version 1.10. A remote attacker can exploit this vulnerability by sending the 'sitelink' parameter to the mc-admin/conf.php file to execute commands...

5.4CVSS6.5AI score0.00684EPSS
Exploits1References1
OSV
OSV
added 2018/04/13 4:29 p.m.22 views

CVE-2017-0370

Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter...

5.3CVSS5.7AI score0.01429EPSS
Exploits0References3
Rows per page
Query Builder