CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2023/01/19 12:0 a.m.•3 views

PT-2023-15095 · Nexusphp · Nexusphp

Name of the Vulnerable Software and Affected Versions: NexusPHP versions prior to 1.7.33 Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to reflective cross-site scripting XSS attacks. This can be achieved by injecting malicious input int...

6.1CVSS6.2AI score0.15097EPSS

Exploits1References6

NVD•added 2021/11/05 4:15 p.m.•6 views

CVE-2021-39413

Multiple Cross Site Scripting XSS vulnerabilities exits in SEO Panel v4.8.0 via the 1 totime parameter in a backlinks.php, b analytics.php, c log.php, d overview.php, e pagespeed.php, f rank.php, g review.php, h saturationchecker.php, i socialmedia.php, and j reports.php; the 2 fromtime parameter...

6.1CVSS0.0023EPSS

Cvelist•added 2021/11/05 3:12 p.m.•13 views

CVE-2021-39413

6.3AI score0.0023EPSS

Veracode•added 2021/09/30 5:56 a.m.•22 views

Cross-site Scripting (XSS)

zoneminder is vulnerable to Cross Site Scripting. The vulnerability exists due to a lack of validation of the 'level' parameter value in the view log log.php...

6.1CVSS1.8AI score0.0024EPSS

Exploits1References2Affected Software1

NVD•added 2021/08/19 5:15 p.m.•14 views

CVE-2021-39302

MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions'org' value...

9.8CVSS0.00264EPSS

Prion•added 2021/08/19 5:15 p.m.•15 views

Sql injection

MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions'org' value...

6.8CVSS9.8AI score0.00264EPSS

Cvelist•added 2021/08/19 4:25 p.m.•13 views

CVE-2021-39302

MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions'org' value...

10AI score0.00264EPSS

OSV•added 2019/08/27 1:15 p.m.•0 views

CVE-2017-18591

The gd-rating-system plugin before 2.1 for WordPress has XSS in log.php...

6.1CVSS5.8AI score

Prion•added 2019/08/27 1:15 p.m.•11 views

Design/Logic Flaw

The gd-rating-system plugin before 2.1 for WordPress has XSS in log.php...

4.3CVSS6AI score0.0021EPSS

Cvelist•added 2019/08/27 12:3 p.m.•13 views

CVE-2017-18591

The gd-rating-system plugin before 2.1 for WordPress has XSS in log.php...

6.1AI score0.0021EPSS

CVE•added 2019/08/27 12:3 p.m.•84 views

CVE-2017-18591

Summary: CVE-2017-18591 affects the WordPress gd-rating-system plugin prior to 2.1, with an XSS in log.php. The issue stems from insufficient validation in the log.php handling, enabling possible client-side script execution. Affected software: WordPress site using the gd-rating-system plugin (ve...

6.1CVSS6AI score0.0021EPSS

Prion•added 2019/01/15 12:29 a.m.•9 views

Design/Logic Flaw

The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for WordPress has XSS via a crafted GET request that is mishandled during log viewing at the templates/admin/redirect-log.php URI...

4.3CVSS5.9AI score0.00245EPSS

Exploits1References3Affected Software1

Prion•added 2018/10/29 12:29 p.m.•9 views

Sql injection

ProjectSend formerly cFTP r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selectedclients, clients.php with the request parameter status, process-zip-download.php with the...

7.5CVSS8.3AI score0.00292EPSS

CVE•added 2018/10/28 3:0 a.m.•40 views

CVE-2016-10731

CVE-2016-10731 affects ProjectSend (formerly cFTP) r582 and enables SQL injection via multiple PHP endpoints: manage-files.php (status, files), clients.php (selected_clients, status), process-zip-download.php (file), or home-log.php (action). Root cause: input parameters are used in SQL queries w...

9.8CVSS9.9AI score0.00292EPSS

Openbugbounty•added 2018/04/07 8:32 p.m.•10 views

totem.cz XSS vulnerability

Open Bug Bounty ID: OBB-598625 Description| Value ---|--- Affected Website:| totem.cz Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0

NVD•added 2018/03/06 4:29 p.m.•11 views

CVE-2017-9786

Cross-site scripting XSS vulnerability in ProjectSend formerly cFTP before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in My account Name updated, related to home.php and actions-log.php...

6.1CVSS6.1AI score0.00315EPSS

Cvelist•added 2018/03/06 4:0 p.m.•11 views

CVE-2017-9786

6.1AI score0.00315EPSS

CNVD•added 2017/08/08 12:0 a.m.•2 views

NexusPHP Cross-Site Scripting Vulnerability

NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A cross-site scripting vulnerability exists in the 'query' parameter of the log.php file in NexusPHP version 1.5. A remote attacker can exploit this vulnerability to inject arbitrary Web script ...

6.1CVSS6.4AI score0.0024EPSS

NVD•added 2017/08/07 8:29 p.m.•13 views

CVE-2017-12655

Cross-Site Scripting XSS exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action...

6.1CVSS6AI score0.0024EPSS