Lucene search
K

419 matches found

Cvelist
Cvelist
added 2023/10/04 12:29 p.m.33 views

CVE-2023-4495 Easy Chat Server XSS vulnerability

Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability stored via /registresult.htm POST method, in the Resume parameter. The XSS is loaded from /register.ghp...

6.1CVSS5.9AI score0.0037EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/10/04 12:29 p.m.16 views

CVE-2023-4495 Easy Chat Server XSS vulnerability

Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability stored via /registresult.htm POST method, in the Resume parameter. The XSS is loaded from /register.ghp...

6.1CVSS5.1AI score0.0037EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2023/10/02 9:39 p.m.15 views

Wallabag user can disable 2FA unintentionally

Impact wallabag was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily disable 2FA through /config/otp/app/disable and /config/otp/email/disable. This vulnerability has a CVSSv3.1 score of 4.3. You should upgrade your instance to version 2.6.7 or higher...

7AI score
Exploits0References4Affected Software1
OSV
OSV
added 2023/08/21 8:28 p.m.19 views

GHSA-P8GP-899C-JVQ9 Wallabag user can reset data unintentionally

Description wallabag was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily reset annotations, entries and tags, by the GET request to /reset/annotations, /reset/entries, /reset/tags, /reset/archived. This vulnerability has a CVSSv3.1 score of 4.3. You...

5.7CVSS5AI score0.00234EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2023/08/21 8:28 p.m.28 views

Wallabag user can reset data unintentionally

Description wallabag was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily reset annotations, entries and tags, by the GET request to /reset/annotations, /reset/entries, /reset/tags, /reset/archived. This vulnerability has a CVSSv3.1 score of 4.3. You...

5.7CVSS7AI score0.00234EPSS
Exploits1References4Affected Software1
0day.today
0day.today
added 2023/08/21 12:0 a.m.224 views

Color Prediction Game v1.0 - SQL Injection Vulnerability

Exploit Title: Color Prediction Game v1.0 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://www.codester.com/items/44411/color-prediction-game-php-script Tested on: Kali Linux & MacOS CVE: N/A Request POST /loginNow.php HTTP/1.1 Host: localhost Cookie:...

7.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2023/08/04 12:15 a.m.3 views

CVE-2023-38941

django-sspanel v2022.2.2 was discovered to contain a remote command execution RCE vulnerability via the component sspanel/adminview.py - GoodsCreateView.post...

9.8CVSS7.5AI score0.013EPSS
Exploits0References2
OSV
OSV
added 2023/05/24 9:15 p.m.5 views

CVE-2022-30025

SQL injection in "/Framewrk/Home.jsp" file POST method in tCredence Analytics iDEAL Wealth and Funds - 1.0 iallows authenticated remote attackers to inject payload via "v" parameter...

6.5CVSS5.9AI score0.0084EPSS
Exploits1References1
NVD
NVD
added 2023/05/24 9:15 p.m.12 views

CVE-2022-30025

SQL injection in "/Framewrk/Home.jsp" file POST method in tCredence Analytics iDEAL Wealth and Funds - 1.0 iallows authenticated remote attackers to inject payload via "v" parameter...

6.5CVSS6.9AI score0.0084EPSS
Exploits1References1
Prion
Prion
added 2023/05/24 9:15 p.m.19 views

Sql injection

SQL injection in "/Framewrk/Home.jsp" file POST method in tCredence Analytics iDEAL Wealth and Funds - 1.0 iallows authenticated remote attackers to inject payload via "v" parameter...

4CVSS6.9AI score0.0084EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/05/24 12:0 a.m.27 views

CVE-2022-30025

SQL injection in "/Framewrk/Home.jsp" file POST method in tCredence Analytics iDEAL Wealth and Funds - 1.0 iallows authenticated remote attackers to inject payload via "v" parameter...

7.1AI score0.0084EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/05/24 12:0 a.m.4 views

PT-2023-12994 · Tcredence · Tcredence Analytics Ideal Wealth/Funds

Name of the Vulnerable Software and Affected Versions: tCredence Analytics iDEAL Wealth and Funds version 1.0 Description: The issue allows authenticated remote attackers to inject a payload via the v parameter in the "/Framewrk/Home.jsp" file using the POST method. Recommendations: For version...

6.5CVSS6.8AI score0.0084EPSS
Exploits1References3
wpexploit
wpexploit
added 2023/04/12 12:0 a.m.134 views

ChatBot < 4.4.9 - Subscriber+ OpenAI Settings Update to Stored XSS

The plugin does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to Stored XSS Run the below command in...

5.4CVSS5.6AI score0.00242EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/02 12:0 a.m.69 views

Magazine Edge <= 1.13 - Subscriber+ Arbitrary Plugin Activation

The theme does not have authorisation and CSRF when activating plugins via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary plugins Run the below command in the developer console of the web browser while being on the blog as a subscriber user...

1AI score
Exploits0
Packet Storm
Packet Storm
added 2022/10/17 12:0 a.m.235 views

WiFi File Transfer 1.0.8 Cross Site Scripting

Document Title: =============== WiFi File Transfer v1.0.8 - Cross Site Scripting Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2322 Release Date: ============= 2022-10-17 Vulnerability Laboratory ID VL-ID:...

7.4AI score
Exploits0
wpexploit
wpexploit
added 2022/10/10 12:0 a.m.465 views

Newspaper < 12 - Reflected Cross-Site Scripting

Description The theme does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting. " / document.forms0.submit;...

6.1CVSS6.3AI score0.00969EPSS
Exploits2
Prion
Prion
added 2022/09/08 8:15 a.m.18 views

Command injection

PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as...

7.5CVSS9.7AI score0.01688EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/09/08 7:10 a.m.46 views

CVE-2022-33941

PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as...

9.9AI score0.01688EPSS
Exploits0References2
wpexploit
wpexploit
added 2022/08/15 12:0 a.m.231 views

Visual Portfolio < 2.19.0 - Contributor+ CSS Injection

The plugin does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts The postid is the ID of a saved layout As a contributor, get a REST nonce via...

5.4CVSS5.5AI score0.00416EPSS
Exploits2
wpexploit
wpexploit
added 2022/07/26 12:0 a.m.137 views

Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending

The plugin does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog fetch"/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded", , "method": "POST", "body":...

4.3CVSS1.7AI score0.00308EPSS
Exploits2
Rows per page
Query Builder