Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:14 p.m.5 views

CVE-2022-37137

PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting XSS during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the vi...

5.4CVSS5.4AI score0.0049EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/09/14 11:15 a.m.3 views

CVE-2022-37140

PayMoney 3.3 is vulnerable to Client Side Remote Code Execution RCE. The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file...

8CVSS6.8AI score0.0133EPSS
Exploits2References3
NVD
NVD
added 2022/09/14 11:15 a.m.16 views

CVE-2022-37140

PayMoney 3.3 is vulnerable to Client Side Remote Code Execution RCE. The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file...

8CVSS0.0133EPSS
Exploits2References2
OSV
OSV
added 2022/09/14 11:15 a.m.6 views

CVE-2022-37140

PayMoney 3.3 is vulnerable to Client Side Remote Code Execution RCE. The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file...

8CVSS5.9AI score0.0133EPSS
Exploits2References2
NVD
NVD
added 2022/09/14 11:15 a.m.9 views

CVE-2022-37137

PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting XSS during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the vi...

5.4CVSS0.0049EPSS
Exploits2References2
Prion
Prion
added 2022/09/14 11:15 a.m.11 views

Cross site scripting

PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting XSS during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the vi...

4.9CVSS5.2AI score0.0049EPSS
Exploits2References2Affected Software1
Prion
Prion
added 2022/09/14 11:15 a.m.13 views

Remote code execution

PayMoney 3.3 is vulnerable to Client Side Remote Code Execution RCE. The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file...

6CVSS8AI score0.0133EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/14 3:24 a.m.4 views

CVE-2022-37137

PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting XSS during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the vi...

5.4AI score0.0049EPSS
Exploits2References2
0day.today
0day.today
added 2022/07/05 12:0 a.m.288 views

Paymoney 3.3 Cross Site Scripting Vulnerability

Title: paymoney-3.3 XSS-Reflected Author: nu11secur1ty Vendor: https://paymoney.techvill.org/ Software: paymoney-3.3 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/paymoney/2022/paymoney-3.3 Description: The parameters firstname and lastname in Users are vulnerable...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/07/04 12:0 a.m.288 views

Paymoney 3.3 Cross Site Scripting

Title: paymoney-3.3 XSS-Reflected Author: nu11secur1ty Date: 07.02.2022 Vendor: https://paymoney.techvill.org/ Software: paymoney-3.3 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/paymoney/2022/paymoney-3.3 Description: The parameters firstname and lastname in User...

7.4AI score
Exploits0
Rows per page
Query Builder