Lucene search
K

13 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-5809

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00845EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/09/06 11:25 a.m.7 views

CVE-2025-41044

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataPagename' parameter in /apprain/page/manage-static-pages/create...

5.4CVSS6.1AI score0.00162EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/04 11:46 a.m.4 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the dataPagename parameter in the /apprain/page/manage-static-pages/create/ path. An attacker can retrieve, create, update, or delete database records by injecting crafted input. Remediation There is no fixed version f...

9.8CVSS7.9AI score0.00353EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.5 views

PT-2025-35905

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: An SQL injection flaw exists in appRain CMF version 4.0.5. This flaw allows an attacker to retrieve, create, update, and delete the database through the data%5BPage%5D%5Bname%5D parameter in the...

9.8CVSS7.3AI score0.00353EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.3 views

PT-2025-35904

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: An SQL injection vulnerability exists that allows an attacker to retrieve, create, update, and delete the database. This is possible through the data%5BPage%5D%5Bname%5D parameter in the...

9.8CVSS7.4AI score0.00353EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.5 views

PT-2025-35915

Name of the Vulnerable Software and Affected Versions appRain CMF version 4.0.5 Description A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user input. The vulnerability is located in the dataPagename parameter within the...

5.4CVSS5.6AI score0.00162EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/27 12:0 a.m.3 views

PiHome 代码注入漏洞

PiHome is a home automation system from the individual developer of PiHomeHVAC. A code injection vulnerability exists in PiHome version 2.0, which stems from the fact that incorrect manipulation of the parameter pagename can lead to cross-site scripting...

6.1CVSS4.8AI score0.00472EPSS
Exploits1References6
Snyk
Snyk
added 2022/05/17 12:30 a.m.2 views

Cross-site Scripting (XSS)

Overview UmbracoCms.Core is an ASP.NET CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user input sanitization. Exploiting this vulnerability is possible via the PageName aka nodename parameter during the creation of a new page. Details Cross-site...

5.4CVSS5.3AI score0.00845EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/17 12:30 a.m.23 views

Umbraco CMS vulnerable to stored XSS

Cross-site scripting XSS vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" aka nodename parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and...

5.4CVSS6AI score0.00845EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2018/12/29 12:0 a.m.3 views

DouCo DouPHP Cross-Site Scripting Vulnerability (CNVD-2019-00995)

DouCo DouPHP is a lightweight open source CMS Content Management System based on PHP and MySQL. A cross-site scripting vulnerability exists in admin/page.php?rec=edit in DouCo DouPHP version 1.5 20181221. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with...

4.8CVSS6AI score0.00534EPSS
Exploits1References1
OSV
OSV
added 2018/12/28 4:29 p.m.4 views

CVE-2018-20557

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/page.php?rec=edit has XSS via the pagename parameter...

4.8CVSS5.8AI score0.00534EPSS
Exploits1References1
OSV
OSV
added 2017/10/12 8:29 a.m.13 views

CVE-2017-15279

Cross-site scripting XSS vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" aka nodename parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and...

5.4CVSS5.8AI score
Exploits0References2
CNVD
CNVD
added 2017/10/12 12:0 a.m.2 views

Umbraco CMS Cross-Site Scripting Vulnerability (CNVD-2017-30256)

Umbraco is the leading open source Microsoft ASP.NET CMS. A cross-site scripting vulnerability exists in Umbraco CMS, which allows remote attackers to inject arbitrary web script or HTML via the "page name" parameter during the creation of a new page...

5.4CVSS5AI score0.00845EPSS
Exploits0References1
Rows per page
Query Builder