Lucene search
K

129 matches found

OSV
OSV
added 2021/08/16 7:15 p.m.3 views

CVE-2021-34653

The WP Fountain WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /wp-fountain.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.9...

6.1CVSS6.4AI score0.00884EPSS
Exploits1References2
NVD
NVD
added 2018/01/10 2:29 a.m.28 views

CVE-2017-1000428

flatCore-CMS 1.4.6 is vulnerable to reflected XSS in usermanagement.php due to the use of $SERVER'PHPSELF' to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string...

6.1CVSS6AI score0.00836EPSS
Exploits0References1
OSV
OSV
added 2017/09/18 4:29 a.m.7 views

CVE-2017-14534

Cross Site Scripting XSS exists in NexusPHP 1.5.beta5.20120707 via the PATHINFO to location.php, related to PHPSELF...

6.1CVSS5.8AI score0.00669EPSS
Exploits1References1
OSV
OSV
added 2016/07/03 1:59 a.m.1 views

DEBIAN-CVE-2016-5702

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHPSELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI...

3.7CVSS6.8AI score0.01689EPSS
Exploits0References1
OSV
OSV
added 2016/07/03 1:59 a.m.6 views

UBUNTU-CVE-2016-5702

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHPSELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI...

3.7CVSS6.8AI score0.01689EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2011/06/08 3:55 p.m.2 views

CVE-2009-5077

CRE Loaded before 6.2.14 allows remote attackers to bypass authentication and gain administrator privileges via vectors related to a modified PHPSELF variable, which is not properly handled by 1 includes/applicationtop.php and 2 admin/includes/applicationtop.php...

7.5CVSS5.6AI score0.01486EPSS
Exploits1References2
OSV
OSV
added 2007/05/11 5:19 p.m.3 views

DEBIAN-CVE-2007-2627

Cross-site scripting XSS vulnerability in sidebar.php in WordPress, when custom 404 pages that call getsidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string PHPSELF, a different vulnerability than CVE-2007-1622...

6.8CVSS5.8AI score0.02327EPSS
Exploits0References1
OSV
OSV
added 2006/02/21 2:2 a.m.1 views

DEBIAN-CVE-2006-0806

Multiple cross-site scripting XSS vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via 1 the nextpage parameter in adodb-pager.inc.php and 2 other unspecified vectors related to PHPSELF...

4.3CVSS6.1AI score0.05871EPSS
Exploits2References1
Exploit DB
Exploit DB
added 2002/04/25 12:0 a.m.42 views

PHProjekt 2.x/3.x - Authentication Bypass

source: https://www.securityfocus.com/bid/4596/info PHProjekt is a freely available, open source PHP Groupware package. It is actively maintained by the PHPProjekt Development Team. It will run on most Linux and Unix variants, in addition to Microsoft Windows operating systems. Some of the...

7.4AI score
Exploits0
Rows per page
Query Builder