CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Exploit DB•added 2024/05/31 12:0 a.m.•237 views

iMLog < 1.307 - Persistent Cross Site Scripting (XSS)

Exploit Title: iMLog "User Maintenance" 3. Click on "Search" and then select your UserID. 4. Change the "Last Name" input to 5. Click on "Save" 6. Refresh the page, XSS will be triggered...

7.4AI score

Exploits0

Packet Storm•added 2024/05/31 12:0 a.m.•216 views

iMLog Cross Site Scripting

Exploit Title: iMLog "User Maintenance" 3. Click on "Search" and then select your UserID. 4. Change the "Last Name" input to 5. Click on "Save" 6. Refresh the page, XSS will be triggered...

7.4AI score

Exploits0

Qualys Blog•added 2024/05/29 3:41 p.m.•19 views

2024 Cybersecurity Trends: What’s Observable Already?

2024 has already witnessed a staggering number of cyber incidents, with over 29.5 billion records breached across 4,645 publicly disclosed incidents in January alone, according to the IT Governance Security Spotlight. Moreover, CVEs are growing significantly year over year, with 13% growth from...

7.4AI score

Exploits0

OSV•added 2024/05/24 1:15 p.m.•2 views

CVE-2023-49575

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, in Sync Breeze Enterprise Server 10.4.18 version, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setupsmtp in smtpserver, smtpuser, smtppassword an...

6.1CVSS5.8AI score0.0011EPSS

NVD•added 2024/05/24 1:15 p.m.•10 views

CVE-2023-49575

7.1CVSS6.7AI score0.0011EPSS

NVD•added 2024/05/24 1:15 p.m.•15 views

CVE-2023-49574

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /addjob in jobname. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page...

OSV•added 2024/05/24 1:15 p.m.•4 views

CVE-2023-49572

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setupodbc in odbcdatasource, odbcuser and odbcpassword parameters. This vulnerability could allow an...

6.1CVSS5.8AI score

NVD•added 2024/05/24 1:15 p.m.•12 views

CVE-2023-49573

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /addcommandaction in actionvalue. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered wh...

OSV•added 2024/05/24 1:15 p.m.•1 views

CVE-2023-49573

6.1CVSS5.8AI score

NVD•added 2024/05/24 1:15 p.m.•11 views

CVE-2023-49572

7.1CVSS6.7AI score0.0011EPSS

Vulnrichment•added 2024/05/24 12:40 p.m.•12 views

CVE-2023-49575 XSS vulnerability in VX Search Enterprise

7.1CVSS6.3AI score0.0011EPSS

Cvelist•added 2024/05/24 12:40 p.m.•19 views

CVE-2023-49575 XSS vulnerability in VX Search Enterprise

7.1CVSS6.7AI score0.0011EPSS

CVE•added 2024/05/24 12:40 p.m.•62 views

CVE-2023-49575

CVE-2023-49575 affects VX Search Enterprise (v10.2.14) and related Flexense products (Sync Breeze Enterprise Server 10.4.18, Disk Pulse Enterprise 10.4.18). A persistent XSS vulnerability exists via the /setup_smtp API endpoints, specifically in smtp_server, smtp_user, smtp_password, and smtp_ema...

7.1CVSS6.3AI score0.0011EPSS

CVE•added 2024/05/24 12:40 p.m.•52 views

CVE-2023-49574

VX Search Enterprise 10.2.14 is affected by a persistent XSS vulnerability affecting the /add_job API (job_name / add job parameter). Attackers could store malicious JavaScript payloads that execute when the page loads. Public sources confirm the vulnerability impact but do not provide exploitati...

Vulnrichment•added 2024/05/24 12:40 p.m.•15 views

CVE-2023-49574 XSS vulnerability in VX Search Enterprise

7.1CVSS6.2AI score0.00106EPSS

Cvelist•added 2024/05/24 12:40 p.m.•12 views

CVE-2023-49574 XSS vulnerability in VX Search Enterprise

Cvelist•added 2024/05/24 12:39 p.m.•13 views

CVE-2023-49573 XSS vulnerability in VX Search Enterprise

Vulnrichment•added 2024/05/24 12:39 p.m.•13 views

CVE-2023-49573 XSS vulnerability in VX Search Enterprise

7.1CVSS6.2AI score0.00106EPSS

CVE•added 2024/05/24 12:39 p.m.•56 views

CVE-2023-49573

VX Search Enterprise 10.2.14 is affected by a persistent XSS in the API endpoint exposed via the /add_command_action (action_value) field. The issue allows storing malicious JavaScript payloads that execute when the page loads. The connected PT-2024-13752 entry corroborates an XSS via the /add co...