CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

21 matches found

PHPJabbers Make an Offer Widget v1.0 - Cross-Site Scripting

There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0. id: CVE-2023-40752 info: name: PHPJabbers Make an Offer Widget v1.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | There is a Cross Site...

6.1CVSS6AI score0.02209EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 12:30 p.m.•5 views

CVE-2023-40752

There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0...

6.1CVSS5.9AI score0.02209EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-23156

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00108EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-45305

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.02209EPSS

Exploits0References3

RedhatCVE•added 2025/05/23 10:1 a.m.•5 views

CVE-2024-25849

In the module "Make an offer" makeanoffer = 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer and MakeOffers::addUserOffer...

9.8CVSS8.1AI score0.00108EPSS

Exploits0References1

OSV•added 2024/03/08 2:15 a.m.•2 views

CVE-2024-25849

In the module "Make an offer" makeanoffer = 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer and MakeOffers::addUserOffer...

9.8CVSS5.8AI score0.00108EPSS

Exploits0References2

Prion•added 2024/03/08 2:15 a.m.•10 views

Sql injection

In the module "Make an offer" makeanoffer = 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer and MakeOffers::addUserOffer...

8.4AI score0.00108EPSS

Exploits0References2

CVE•added 2024/03/08 12:0 a.m.•52 views

CVE-2024-25849

CVE-2024-25849 affects PrestaToolKit Make an offer module for PrestaShop (version ≤ 1.7.1). The vulnerability is a SQL injection in guest-accessible flows via MakeOffers::checkUserExistingOffer() and MakeOffers::addUserOffer(), leading to potential unauthorized data access or modification. Affect...

9.8CVSS7.9AI score0.00108EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2024/03/08 12:0 a.m.•8 views

CVE-2024-25849

In the module "Make an offer" makeanoffer = 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer and MakeOffers::addUserOffer...

8.1AI score0.00108EPSS

Exploits0References2

OSV•added 2023/08/28 1:15 p.m.•1 views

CVE-2023-40767

User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...

9.8CVSS5.7AI score0.00134EPSS

Exploits0References2

ATTACKERKB•added 2023/08/28 1:15 p.m.•1 views

CVE-2023-40767

9.8CVSS7.3AI score0.00134EPSS

Exploits0References4

ATTACKERKB•added 2023/08/28 1:15 p.m.•3 views

CVE-2023-40752

There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0...

6.1CVSS6.4AI score0.02209EPSS

Exploits0References5

NVD•added 2023/08/28 1:15 p.m.•17 views

CVE-2023-40752

There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0...

6.1CVSS6AI score0.02209EPSS

Exploits0References2

Prion•added 2023/08/28 1:15 p.m.•14 views

Cross site scripting

There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0...

5.8CVSS6AI score0.02209EPSS

Exploits0References2Affected Software1

CVE•added 2023/08/28 12:0 a.m.•32 views

CVE-2023-40767

CVE-2023-40767 affects PHPJabbers Make an Offer Widget v1.0. The issue is user enumeration during password recovery: messages differ between valid and invalid usernames, enabling brute-forcing with valid users. Base CVSS 3.1: 9.8 (Network, High impact on confidentiality, integrity, availability)....

9.8CVSS9.2AI score0.00134EPSS

Exploits0References2Affected Software1

Cvelist•added 2023/08/28 12:0 a.m.•14 views

CVE-2023-40767

9.6AI score0.00134EPSS

Exploits0References2

Cvelist•added 2023/08/28 12:0 a.m.•17 views

CVE-2023-40752

There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0...

6.2AI score0.02209EPSS

Exploits0References2

Vulnrichment•added 2023/08/28 12:0 a.m.•12 views

CVE-2023-40767

7AI score0.00134EPSS

Exploits0References2

CVE•added 2023/08/28 12:0 a.m.•50 views

CVE-2023-40752

PHPJabbers Make an Offer Widget v1.0 is affected by a Cross-Site Scripting (XSS) vulnerability in the action parameter of index.php. The issue, confirmed across multiple sources, allows unauthenticated input in the action parameter to be reflected in the page, with user interaction required. This...

6.1CVSS6AI score0.02209EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2023/08/28 12:0 a.m.•11 views

CVE-2023-40752

There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0...

5.9AI score0.02209EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by