Lucene search
K

44 matches found

CNVD
CNVD
added 2025/11/11 12:0 a.m.4 views

CMSimple_XH Cross-Site Scripting Vulnerability

CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a cross-site scripting vulnerability that stems from not cleaning or coding path segments under the control of an attacker, no details of the...

7.1CVSS6.3AI score0.00323EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/07 1:46 p.m.4 views

CVE-2025-63589

A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...

7.1CVSS6.4AI score0.00323EPSS
Exploits1References1
NVD
NVD
added 2025/11/06 5:15 p.m.3 views

CVE-2025-63589

A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...

7.1CVSS0.00323EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/11/06 12:0 a.m.9 views

CVE-2025-63589

A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...

0.00323EPSS
Exploits1References2
CVE
CVE
added 2025/11/06 12:0 a.m.23 views

CVE-2025-63589

CMSimple_XH 1.8 is affected by a reflected XSS in the index.php router: attacker-controlled path segments are not sanitized/encoded before being inserted into generated HTML (navigation links, breadcrumbs, search form action, footer links), allowing arbitrary JavaScript in victims’ browsers via a...

7.1CVSS6AI score0.00323EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.10 views

PT-2025-45332

Name of the Vulnerable Software and Affected Versions CMSimple XH version 1.8 Description A reflected Cross-Site Scripting XSS issue exists in the index.php router. The issue occurs because attacker-controlled path segments are not properly sanitized or encoded before being included in the...

7.1CVSS6AI score0.00323EPSS
Exploits1References4
OSV
OSV
added 2025/11/06 12:0 a.m.4 views

CVE-2025-63589

A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...

7.1CVSS6.2AI score0.00323EPSS
Exploits1References4
NVD
NVD
added 2025/11/03 8:19 p.m.5 views

CVE-2025-50735

Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints...

7.5CVSS0.00835EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/11/03 12:0 a.m.5 views

CVE-2025-50735

Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints...

6.3AI score0.00835EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-0549

Malware in sbrugna...

7.5CVSS7.6AI score0.02837EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-20866

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.01334EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/07/09 12:0 a.m.9 views

CVE-2025-53645

Zimbra Collaboration ZCS before 9.0.0 Patch 46, 10.0.x before 10.0.15, and 10.1.x before 10.1.9 is vulnerable to a denial of service condition due to improper handling of excessive, comma-separated path segments in the Admin Console. An unauthenticated remote attacker can send specially crafted G...

0.01334EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/07/09 12:0 a.m.2 views

CVE-2025-53645

Zimbra Collaboration ZCS before 9.0.0 Patch 46, 10.0.x before 10.0.15, and 10.1.x before 10.1.9 is vulnerable to a denial of service condition due to improper handling of excessive, comma-separated path segments in the Admin Console. An unauthenticated remote attacker can send specially crafted G...

6.5AI score0.01334EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/05/02 12:0 a.m.5 views

PT-2025-18925 · Opengrok · Opengrok

Name of the Vulnerable Software and Affected Versions: OpenGrok version 1.13.25 Description: The issue is a reflected Cross-Site Scripting XSS problem that occurs when the application generates the history view page. This happens due to improper handling of path segments, causing the application ...

6.1CVSS5.2AI score0.00202EPSS
Exploits0References8
OSV
OSV
added 2023/02/28 4:15 p.m.3 views

CVE-2023-25264

An issue was discovered in Docmosis Tornado prior to version 2.9.5. An unauthenticated attacker can bypass the authentication check filter completely by introducing a specially crafted request with relative path segments...

7.5CVSS5.8AI score0.00961EPSS
Exploits1References2
Prion
Prion
added 2023/02/28 4:15 p.m.19 views

Authentication flaw

An issue was discovered in Docmosis Tornado prior to version 2.9.5. An unauthenticated attacker can bypass the authentication check filter completely by introducing a specially crafted request with relative path segments...

5CVSS7.7AI score0.00961EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/02/28 12:0 a.m.27 views

CVE-2023-25264

An issue was discovered in Docmosis Tornado prior to version 2.9.5. An unauthenticated attacker can bypass the authentication check filter completely by introducing a specially crafted request with relative path segments...

7.9AI score0.00961EPSS
Exploits1References2
CNVD
CNVD
added 2020/11/10 12:0 a.m.2 views

Keycloak Path Traversal Vulnerability

Keycloak is an open source identity and access management solution for modern applications and services. A path traversal vulnerability exists in keycloak. The vulnerability stems from a resource endpoint converting a url path to a file path. An attacker can exploit this vulnerability by using...

7.5CVSS6.9AI score0.0136EPSS
Exploits0References1
NVD
NVD
added 2020/11/09 5:15 p.m.23 views

CVE-2020-14366

A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw...

7.5CVSS6.7AI score0.0136EPSS
Exploits0References1
NVD
NVD
added 2017/05/25 5:29 p.m.23 views

CVE-2016-5007

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space...

7.5CVSS7.6AI score0.02837EPSS
Exploits0References4
Rows per page
Query Builder