54730 matches found
CVE-2023-54343
QWE DL 2.0.1 mobile web application contains a persistent input validation vulnerability allowing remote attackers to inject malicious script code through path parameter manipulation. Attackers can exploit the vulnerability to execute persistent cross-site scripting attacks, potentially leading t...
CVE-2023-54343
CVE-2023-54343 affects the mobile web application QWE DL 2.0.1 . The issue is a persistent input validation vulnerability that allows remote attackers to inject malicious script through path parameter manipulation, enabling persistent cross-site scripting (XSS) attacks. Reported impact includes p...
CVE-2022-50940
Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially...
CVE-2022-50797
Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and...
EUVD-2022-55951
Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and...
CVE-2021-47918 Simple CMS 2.1 SQL Injection Vulnerability via Users Module
Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...
CVE-2021-47917 Simple CMS 2.1 Persistent Cross-Site Scripting via User Input Parameters
Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...
CVE-2021-47917
Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...
EUVD-2021-34754
Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...
CVE-2021-47918 Simple CMS 2.1 SQL Injection Vulnerability via Users Module
Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...
CVE-2021-47917
CVE-2021-47917 affects Simple CMS 2.1. It describes a persistent cross-site scripting (XSS) vulnerability in user input parameters that attackers can inject via the newUser and editUser modules. The injected scripts can execute on the user list preview, potentially leading to session hijacking an...
CVE-2021-47918
CVE-2021-47918 concerns Simple CMS 2.1 with a remote SQL injection in the users module. The vulnerability arises from unvalidated input in the admin.php handler, allowing an attacker with privileges to inject arbitrary SQL commands, potentially compromising both the database management system and...
EUVD-2021-34753
Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...
CVE-2021-47918
Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...
CVE-2021-47917 Simple CMS 2.1 Persistent Cross-Site Scripting via User Input Parameters
Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...
CVE-2021-47915 PHP Melody 3.0 SQL Injection Vulnerability via Edit Video Parameter
PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...
CVE-2021-47916
...
CVE-2021-47915
PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...
CVE-2021-47916
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
EUVD-2021-34755
Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...