Lucene search
K

967 matches found

OSV
OSV
added 2019/03/21 4:1 p.m.4 views

CVE-2019-7424

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. The latter is related to...

6.1CVSS6.4AI score
Exploits0References3
NVD
NVD
added 2019/03/21 4:0 p.m.30 views

CVE-2018-19934

SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting XSS in the Web management interface via URL path and HTTP POST parameter...

4.8CVSS5AI score0.05424EPSS
Exploits3References3
OSV
OSV
added 2019/03/21 4:0 p.m.5 views

CVE-2018-19934

SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting XSS in the Web management interface via URL path and HTTP POST parameter...

4.8CVSS5.7AI score0.05424EPSS
Exploits3References3
Prion
Prion
added 2019/03/21 4:0 p.m.19 views

Cross site scripting

SolarWinds Serv-U FTP Server 15.1.6.25 has reflected cross-site scripting XSS in the Web management interface via URL path and HTTP POST parameter...

3.5CVSS5.1AI score0.05424EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2019/03/20 8:3 p.m.30 views

CVE-2019-7438

cgi-bin/qcmapwebcgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter...

6.2AI score0.03991EPSS
Exploits5References4
exploitpack
exploitpack
added 2019/03/04 12:0 a.m.74 views

Fiberhome AN5506-04-F RP2669 - Persistent Cross-Site Scripting

Fiberhome AN5506-04-F RP2669 - Persistent Cross-Site Scripting Exploit Title: Fiberhome AN5506-04-F - Stored Cross Site Scripting Date: 04.03.2019 Exploit Author: Tauco Vendor Homepage: http://www.fiberhomegroup.com/en/ Version: RP2669 Tested on: Windows 10 CVE : CVE-2019-9556 Description:...

3.5CVSS5.4AI score0.01122EPSS
Exploits5
CNVD
CNVD
added 2019/02/20 12:0 a.m.1 views

File inclusion vulnerability in BlueCMS us***.php9 page

BlueCMS is a free professional local portal system developed by open source combination PHP + MYSQL, focusing on local portal CMS. A file inclusion vulnerability exists in the BlueCMS us.php9 page. A remote attacker can construct a payload with the parameter $POST'pay' in the script and utilize t...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2019/02/02 12:0 a.m.498 views

SolarWinds Serv-U FTP 15.1.6.25 Cross Site Scripting

Issue: Reflected Cross-Site Scripting CVE: CVE-2018-19934 Security researcher: Chris Moberly @ The Missing Link Security Product name: Serv-U FTP Server Product version: Tested on 15.1.6.25 current as of Dec 2018 Fixed in: Serv-U 15.1.6 hotfix 3 Overview The Serv-U FTP Server is vulnerable to a...

5.3AI score0.05424EPSS
Exploits3
0day.today
0day.today
added 2019/02/02 12:0 a.m.69 views

SolarWinds Serv-U FTP 15.1.6.25 Cross Site Scripting Vulnerability

Exploit for windows platform in category web applications Issue: Reflected Cross-Site Scripting CVE: CVE-2018-19934 Security researcher: Chris Moberly @ The Missing Link Security Product name: Serv-U FTP Server Product version: Tested on 15.1.6.25 current as of Dec 2018 Fixed in: Serv-U 15.1.6...

5.7AI score0.05424EPSS
Exploits3
OSV
OSV
added 2019/01/03 7:29 p.m.12 views

CVE-2018-19995

A stored cross-site scripting XSS vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" POST or "town" POST parameter to user/card.php...

5.4CVSS5AI score0.01114EPSS
Exploits0References2
OSV
OSV
added 2019/01/03 7:29 p.m.12 views

CVE-2018-19992

A stored cross-site scripting XSS vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" POST or "town" POST parameter to adherents/type.php...

5.4CVSS5AI score0.01075EPSS
Exploits0References1
NVD
NVD
added 2019/01/03 7:29 p.m.23 views

CVE-2018-19992

A stored cross-site scripting XSS vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" POST or "town" POST parameter to adherents/type.php...

5.4CVSS5AI score0.01075EPSS
Exploits0References1
Prion
Prion
added 2019/01/03 7:29 p.m.14 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" POST or "town" POST parameter to adherents/type.php...

3.5CVSS5AI score0.01075EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/01/03 7:0 p.m.27 views

CVE-2018-19992

A stored cross-site scripting XSS vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" POST or "town" POST parameter to adherents/type.php...

5.2AI score0.01075EPSS
Exploits0References1
NVD
NVD
added 2018/12/06 4:29 a.m.17 views

CVE-2018-19898

ThinkCMF X2.2.2 has SQL Injection via the method editpost in ArticleController.class.php and is exploitable by normal authenticated users via the postid1 parameter in an article editpost action...

8.8CVSS9.1AI score0.01387EPSS
Exploits1References1
OSV
OSV
added 2018/12/06 4:29 a.m.17 views

CVE-2018-19898

ThinkCMF X2.2.2 has SQL Injection via the method editpost in ArticleController.class.php and is exploitable by normal authenticated users via the postid1 parameter in an article editpost action...

8.8CVSS8AI score
Exploits0References1
OSV
OSV
added 2018/12/04 5:29 p.m.3 views

CVE-2018-12307

OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter...

8.8CVSS5.9AI score0.03443EPSS
Exploits1References1
NVD
NVD
added 2018/12/04 5:29 p.m.20 views

CVE-2018-12317

OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter...

9CVSS9.2AI score0.03443EPSS
Exploits1References1
Prion
Prion
added 2018/12/04 5:29 p.m.18 views

Command injection

OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the "name" POST parameter...

9CVSS9.1AI score0.03443EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/12/04 5:0 p.m.13 views

CVE-2018-12317

OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter...

9.6AI score0.03443EPSS
Exploits1References1
Rows per page
Query Builder