590850 matches found
EUVD-2026-43186
ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP data to trigger the vulnerability and cause application crashes...
Optergy Proton/Enterprise Building Management System - Open Redirect
Optergy Proton/Enterprise Building Management System contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-7275 info: name: Optergy Proton/Enterprise...
vBulletin - Open Redirect
vBulletin 3.x.x and 4.2.x through 4.2.5 contains an open redirect vulnerability via the redirector.php URL parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-6200 info: name:...
Label Studio < 1.16.0 - Cross-Site Scripting
Label Studio prior to version 1.16.0 contains a cross-site scripting caused by rendering unsanitized user-provided HTML in the /projects/upload-example endpoint, letting attackers execute arbitrary JavaScript via crafted labelconfig in a GET request, exploit requires victims to visit malicious UR...
mooSocial v.3.1.8 - Cross-Site Scripting
A cross-site Scripting XSS vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code by sending a crafted payload to the adminredirecturl parameter of the user login function. id: CVE-2023-44812 info: name: mooSocial v.3.1.8 - Cross-Site Scripting author: ritikchaddha...
b2evolution CMS <6.11.6 - Open Redirect
b2evolution CMS before 6.11.6 contains an open redirect vulnerability via the redirectto parameter in emailpassthrough.php. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-22840 info:...
EpiServer Find <13.2.7 - Open Redirect
EpiServer Find before 13.2.7 contains an open redirect vulnerability via the tredirect parameter in a crafted URL, such as a /findv2/click URL. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id:...
Revive Adserver 5.4.1 - Cross-Site Scripting
A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions. id: CVE-2023-38040 info: name: Revive Adserver 5.4.1 - Cross-Site Scripting author: ritikchaddha severity: medium description: | A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions...
Hoteldruid 3.0.5 - Cross-Site Scripting
A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data. id: CVE-2023-34537 info: name: Hoteldruid 3.0.5 - Cross-Site Scripting author: Harsh severity: medium...
XWiki - Open Redirect
XWiki Platform is vulnerable to open redirect attacks due to improper validation of the xredirect parameter. This allows an attacker to redirect users to an arbitrary website. The vulnerability is patched in versions 14.10.4 and 15.0. id: CVE-2023-32068 info: name: XWiki - Open Redirect author:...
Purchase Order Management v1.0 - Cross Site Scripting (Reflected)
Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the password parameter at /purchaseorder/classes/login.php. id: CVE-2023-29623 info: name: Purchase Order Management v1.0 - Cross Site Scripting Reflected author: theamanrawat severity:...
PowerJob <=4.3.2 - Unauthenticated Access
PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. id: CVE-2023-29923 info: name: PowerJob =4.3.2 - Unauthenticated Access author: For3stCo1d severity: medium description: | PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. impact: ...
Wordpress Multiple Themes - Reflected Cross-Site Scripting
All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...
Uniview NVR301-04S2-P4 - Cross-Site Scripting
Uniview NVR301-04S2-P4 contains a reflected cross-site scripting vulnerability via the PATH of LAPI. CISA and Uniview state that this vulnerability needs to be authenticated. This is incorrect. Any PATH payload can cause XSS. A submission to Mitre has been sent to update the verbiage in the findi...
Adobe AEM Dispatcher <4.15 - Rules Bypass
Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. id: CVE-2016-0957 info: name: Adobe AEM Dispatcher 4.15 - Rules Bypass author: geeknik severity:...
UpdraftPlus < 1.22.9 - Cross-Site Scripting
The plugin does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability. id: CVE-2022-0864 info: name: UpdraftPlus 1.22.9 - Cross-Site Scripting author: DhiyaneshDk severity: medium description...
Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion
A directory traversal vulnerability in the Preventive & Reservation compreventive component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1475 info: name: Joomla...
Travelpayouts <= 1.1.16 - Open Redirect
The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayoutsredirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. id: CVE-2024-0337...
Stable Diffusion Webui 1.10.0 - Open Redirect
An open redirect vulnerability exists in Stable-Diffusion-Webui 1.10.0, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. id: CVE-2024-11044...
SlideDeck 1 Lite Content Slider - Cross-Site Scripting
SlideDeck 1 Lite Content Slider WordPress plugin = 1.4.8 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13224 inf...