CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Exploit DB•added 2020/02/18 12:0 a.m.•371 views

WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting

Exploit Title: WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting Dork:N/A Date: 2020-02-17 Exploit Author: UltraSecurityTeam Team Member = Ashkan Moghaddas , AmirMohammad Safari , Behzad khalife , Milad Ranjbar Vendor Homepage: UltraSec.Org Software Link:...

7.4AI score

Exploit DB•added 2020/02/13 12:0 a.m.•189 views

WordPress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting

Tile: Wordpress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting Author: mehran feizi Category: webapps Date: 2020-02-12 vendor home page: https://wordpress.org/plugins/tutor/ =================================================================== Vulnerable page: /Quiz.php...

7.4AI score

Malwarebytes•added 2020/02/12 6:15 p.m.•35 views

Android Trojan xHelper uses persistent re-infection tactics: here’s how to remove

We first stumbled upon the nasty Android Trojan xHelper, a stealthy malware dropper, in May 2019. By mid-summer 2019, xHelper was topping our detection charts—so we wrote an article about it. After the blog, we thought the case was closed on xHelper. Then a tech savvy user reached out to us in...

7AI score

Prion•added 2020/02/11 2:15 p.m.•18 views

Cross site scripting

Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows authenticated users Teacher and above to inject JavaScript into the session of another user e.g., enrolled student or site administrator via the introeditortext parameter. NOTE: the discoverer and vendor disagree on whether Mood...

3.5CVSS5.2AI score0.00791EPSS

CVE•added 2020/02/11 1:43 p.m.•76 views

CVE-2019-18210

CVE-2019-18210 describes a persistent XSS in Moodle via the /course/modedit.php interface, exploitable through the introeditor[text] parameter. The issue affects Moodle up to version 3.7.2 (and earlier, per entries) where an authenticated user with Teacher role or higher can inject JavaScript tha...

5.4CVSS5.1AI score0.00791EPSS

exploitpack•added 2020/02/11 12:0 a.m.•42 views

Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting

Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting Exploit Title: Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-02-10 Exploit Author: Sayak Naskar Vendor Homepage: https://vanillaforums.com/en/ Version: 2.6.3 Tested on: Windows, Linux CVE : CVE-2020-8825 A...

3.5CVSS5.4AI score0.01875EPSS

0day.today•added 2020/02/11 12:0 a.m.•65 views

Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting Exploit Author: Sayak Naskar Vendor Homepage: https://vanillaforums.com/en/ Version: 2.6.3 Tested on: Windows, Linux CVE : CVE-2020-8825 A Stored xss was found in Vanillafor...

3.5CVSS5.6AI score0.01875EPSS

Exploit DB•added 2020/02/11 12:0 a.m.•160 views

Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting

Exploit Title: Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-02-10 Exploit Author: Sayak Naskar Vendor Homepage: https://vanillaforums.com/en/ Version: 2.6.3 Tested on: Windows, Linux CVE : CVE-2020-8825 A Stored xss was found in Vanillaforum 2.6.3...

5.4CVSS5.5AI score0.01875EPSS

OSV•added 2020/02/06 4:34 p.m.•7 views

SUSE-SU-2020:0353-1 Security update for systemd

This update for systemd provides the following fixes: - CVE-2020-1712 bscbsc1162108 Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or...

7.8CVSS7.8AI score0.0046EPSS

Exploits0References16

OpenVAS•added 2020/02/04 12:0 a.m.•46 views

Liferay Portal 7.1.0 - 7.2.1 XSS Vulnerability

Liferay Portal is prone to an authenticated cross-site scripting vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.4CVSS5.3AI score0.04457EPSS

Exploits3References1

OSV•added 2020/01/29 4:41 p.m.•10 views

OPENSUSE-SU-2020:0139-1 Security update for rubygem-excon

This update for rubygem-excon fixes the following issues: CVE-2019-16779 boo1159342: Fix a race condition around persistent connections, where a connection, which was interrupted, would leave data on the socket. Subsequent requests would then read this data, returning content from the previous...

5.9CVSS5.5AI score0.014EPSS

Exploits0References3

Exploit DB•added 2020/01/29 12:0 a.m.•212 views

Fifthplay S.A.M.I 2019.2_HP - Persistent Cross-Site Scripting

Exploit Title: Fifthplay S.A.M.I 2019.2HP - Persistent Cross-Site Scripting Date: 2020-01-29 Exploit Author: LiquidWorm Vendor: Fifthplay NV Vendor Homepage: https://www.fifthplay.com Version: 2019.2HP Tested on: Linux CVE : - Fifthplay S.A.M.I - Service And Management Interface Unauthenticated...

7.4AI score

Prion•added 2020/01/28 7:15 p.m.•12 views

Cross site scripting

The user interface component of TIBCO Software Inc.'s TIBCO Patterns - Search contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting XSS attacks. Affected releases are TIBCO Software Inc.'s TIBCO Patterns - Search: versions 5.4.0...

3.5CVSS5.4AI score0.00609EPSS

CVE•added 2020/01/28 6:0 p.m.•54 views

CVE-2019-17338

CVE-2019-17338 affects TIBCO Patterns - Search (UI component). The issue is a set of vulnerabilities enabling authenticated users to perform persistent cross-site scripting (XSS). Affected releases are versions 5.4.0 and below. The TIBCO advisory notes remediation by upgrading to 5.5.0 or later. ...

7.3CVSS5.7AI score0.00609EPSS