Lucene search
K

543 matches found

Cvelist
Cvelist
added 2024/11/15 3:11 p.m.37 views

CVE-2024-49754 LibreNMS has a stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/api-access.inc.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the API-Access page allows authenticated users to inject arbitrary JavaScript through the "token" parameter when creating a new API token. This vulnerability can result i...

7.5CVSS0.69818EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/10/01 8:30 p.m.33 views

CVE-2024-47524 LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is inside the name of...

7.2CVSS0.005EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/10/01 8:27 p.m.8 views

CVE-2024-47525 Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-alert-rules.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the execution of malicious...

7.5CVSS5.5AI score0.26242EPSS
Exploits1References3
CVE
CVE
added 2024/10/01 8:25 p.m.46 views

CVE-2024-47526

LibreNMS is affected by a Self-XSS in the Alert Templates feature. The vulnerability stems from insufficient sanitization of the template name before rendering in the UI, allowing arbitrary JavaScript to execute during template creation. The in-page script runs at submission time but does not per...

3.5CVSS3.6AI score0.00442EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2024/10/01 8:20 p.m.39 views

CVE-2024-47528 LibreNMS Contains a Stored XSS via File Upload

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting XSS can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload...

4.6CVSS0.00377EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2024/08/12 12:0 a.m.172 views

Computer Laboratory Management 1.0 SQL Injection

Exploit Title: Computer Laboratory Management - SQL Injection Authenticated Date: 11/08/2024 Exploit Author: Mert Kuvvet Vendor Homepage: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/02 12:0 a.m.348 views

ReadyMade Unilevel Ecommerce MLM Blind SQL Injection / Cross Site Scripting

x========================================================================================================================================x | Title : Readymade Unilevel Ecommerce MLM Blind SQL & XSS Vulnerabilities | Software : Readymade Unilevel Ecommerce | Last Update : 15/03/24 TESTED VERSION...

7.4AI score
Exploits0
NVD
NVD
added 2024/07/16 7:15 p.m.19 views

CVE-2024-40392

SourceCodester Pharmacy/Medical Store Point of Sale System Using PHP/MySQL and Bootstrap Framework with Source Code 1.0 was discovered to contain a SQL injection vulnerability via the name parameter under addnew.php...

9.8CVSS0.00502EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/07/16 12:0 a.m.14 views

CVE-2024-40394

Simple Library Management System Project Using PHP/MySQL v1.0 was discovered to contain an arbitrary file upload vulnerability via the component ajax.php...

7.5AI score0.00652EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2024/07/05 12:0 a.m.198 views

Cinema Booking System 1.0 SQL Injection / Cross Site Request Forgery

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title Cinema Booking System - Multiple Vulnerabilities .:. Google Dorks .:. intitle:Cinema Booking System .:. Date: July 5, 2024 .:. Exploit Author: bRpsd .:. Contact: cyatlive.no .:. Vendor -...

7.4AI score
Exploits0
CNVD
CNVD
added 2024/05/22 12:0 a.m.8 views

Emlog Pro License Issues Vulnerability

emlog is a PHP and MySQL based CMS builder for emlog personal developers. An authorization issue vulnerability exists in Emlog Pro version 2.3.4, which stems from incorrect authentication of the parameter AuthCookie of the component Cookie Handler. An attacker can exploit this vulnerability to...

8.1CVSS6.9AI score0.00959EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/05/17 1:43 p.m.16 views

CVE-2024-34919

An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a crafted file...

7.8AI score0.00852EPSS
Exploits0References1
CVE
CVE
added 2024/05/17 1:43 p.m.62 views

CVE-2024-34919

The CVE-2024-34919 entry describes an arbitrary file upload in Pisay Online E-Learning System v1.0, specifically the modstudent/controller.php component, enabling attackers to execute arbitrary code via crafted uploads. The vulnerability is associated with PHP/MySQL-based Pisay Online E-Learning ...

9.8CVSS7.7AI score0.00852EPSS
Exploits0References1
0day.today
0day.today
added 2024/04/29 12:0 a.m.369 views

Doctor Appointment Management System 1.0 Cross Site Scripting Vulnerability

Application Name: Doctor Appointment Management System Software Link: Download Link Vendor Homepage: Vendor Homepage BuG: XsS BUGAuthor: SoSPiro Version: 1.0 CVE: CVE-2024-4293 Vulnerable code section: - http://localhost/Doctor-Appointment-SystemPHP/dams/doctor/appointment-bwdates.php - Lines 57-...

5.4CVSS7.2AI score0.00635EPSS
Exploits3
NVD
NVD
added 2024/04/17 6:15 p.m.21 views

CVE-2024-30982

SQL Injection vulnerability in phpgurukul Cyber Cafe Management System Using PHP & MySQL 1.0 allows attackers to run arbitrary SQL commands via the upid parameter in the /view-user-detail.php file...

9.8CVSS7.9AI score0.00503EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/17 12:0 a.m.10 views

CVE-2024-30985

SQL Injection vulnerability in "B/W Dates Reports" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "todate" and "fromdate" parameters...

8.7AI score0.00695EPSS
Exploits1References1
Prion
Prion
added 2024/03/07 10:15 p.m.21 views

Design/Logic Flaw

A vulnerability, which was classified as problematic, was found in keerti1924 PHP-MYSQL-User-Login-System 1.0. This affects an unknown part of the file login.sql. The manipulation leads to inclusion of sensitive information in source code. It is possible to initiate the attack remotely. The explo...

5CVSS6.8AI score0.0083EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/03/07 9:31 p.m.19 views

CVE-2024-2265 keerti1924 PHP-MYSQL-User-Login-System login.sql inclusion of sensitive information in source code

A vulnerability, which was classified as problematic, was found in keerti1924 PHP-MYSQL-User-Login-System 1.0. This affects an unknown part of the file login.sql. The manipulation leads to inclusion of sensitive information in source code. It is possible to initiate the attack remotely. The explo...

5.3CVSS5.5AI score0.0083EPSS
Exploits1References3
Prion
Prion
added 2024/03/07 9:15 p.m.21 views

Sql injection

A vulnerability, which was classified as critical, has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The...

7.5CVSS7.7AI score0.00602EPSS
Exploits0References3
CVE
CVE
added 2024/03/07 9:0 p.m.71 views

CVE-2024-2264

CVE-2024-2264 concerns the keerti1924 PHP-MYSQL-User-Login-System 1.0. Multiple connected sources confirm a SQL injection vulnerability in the /login.php file, triggered by manipulating the email parameter. The issue is described as remote in attack surface, with the exploit disclosed publicly. C...

9.8CVSS7.4AI score0.00602EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder