Lucene search
K

64 matches found

WPVulnDB
WPVulnDB
added 2021/07/12 12:0 a.m.18 views

Page View Counts < 2.4.9 - Contributor+ Stored XSS

The plugin does not escape the postid parameter of pvcstats shortcode, allowing users with a role as low as Contributor to perform Stored XSS attacks. A post made by a contributor would still have to be approved by an admin to have the XSS triggered in the frontend, however, higher privilege user...

3.5CVSS2.3AI score0.00624EPSS
Exploits2Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

BBlog 0.7.4 PostID Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13398/info bBlog is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result...

7.1AI score
Exploits0
NVD
NVD
added 2012/11/19 12:10 p.m.20 views

CVE-2012-5919

Multiple cross-site scripting XSS vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 find or 2 replace fields to havalite/findReplace.php; 3 username parameter to havalite/havalogin.php, 4 the Edit Article module, or 5 havapost.ph...

4.3CVSS5.8AI score0.01822EPSS
Exploits1References6
Prion
Prion
added 2012/11/19 12:10 p.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Havalite 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 find or 2 replace fields to havalite/findReplace.php; 3 username parameter to havalite/havalogin.php, 4 the Edit Article module, or 5 havapost.ph...

4.3CVSS6.1AI score0.01822EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2012/11/17 9:55 p.m.13 views

Sql injection

SQL injection vulnerability in havapost.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter...

7.5CVSS9AI score0.01119EPSS
Exploits2References4Affected Software1
NVD
NVD
added 2011/10/07 10:55 a.m.18 views

CVE-2010-4876

SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter...

7.5CVSS8.4AI score0.00929EPSS
Exploits1References2
Prion
Prion
added 2011/10/07 10:55 a.m.13 views

Sql injection

SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter...

7.5CVSS9.1AI score0.00929EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2011/10/07 10:0 a.m.20 views

CVE-2010-4876

SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter...

8.4AI score0.00929EPSS
Exploits1References2
NVD
NVD
added 2009/10/08 5:30 p.m.11 views

CVE-2009-3594

Cross-site scripting XSS vulnerability in bpost.php in BLOB Blog System before 1.2 allows remote attackers to inject arbitrary web script or HTML via the postid parameter...

4.3CVSS5.7AI score0.01033EPSS
Exploits0References4
Prion
Prion
added 2009/10/08 5:30 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in bpost.php in BLOB Blog System before 1.2 allows remote attackers to inject arbitrary web script or HTML via the postid parameter...

4.3CVSS6.1AI score0.01033EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2009/10/08 5:0 p.m.20 views

CVE-2009-3594

Cross-site scripting XSS vulnerability in bpost.php in BLOB Blog System before 1.2 allows remote attackers to inject arbitrary web script or HTML via the postid parameter...

5.7AI score0.01033EPSS
Exploits0References4
NVD
NVD
added 2008/11/13 2:30 a.m.14 views

CVE-2008-5051

SQL injection vulnerability in the JooBlog comjb2 component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php...

7.5CVSS8.4AI score0.01014EPSS
Exploits1References5
Prion
Prion
added 2008/05/22 1:9 p.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in sendemail.php in AN Guestbook ANG 0.4 allows remote attackers to inject arbitrary web script or HTML via the postid parameter...

4.3CVSS6.1AI score0.01446EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2008/05/22 10:0 a.m.19 views

CVE-2008-2414

Cross-site scripting XSS vulnerability in sendemail.php in AN Guestbook ANG 0.4 allows remote attackers to inject arbitrary web script or HTML via the postid parameter...

5.7AI score0.01446EPSS
Exploits0References3
Prion
Prion
added 2008/04/08 5:5 p.m.15 views

Sql injection

SQL injection vulnerability in permalink.php in Desi Quintans Writer's Block CMS 3.8a allows remote attackers to execute arbitrary SQL commands via the PostID parameter...

7.5CVSS9.1AI score0.01096EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2008/04/08 5:0 p.m.17 views

CVE-2008-1699

SQL injection vulnerability in permalink.php in Desi Quintans Writer's Block CMS 3.8a allows remote attackers to execute arbitrary SQL commands via the PostID parameter...

8.4AI score0.01096EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2007/04/12 1:19 a.m.4 views

CVE-2007-1979

SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the getblogidfrompostid function in class/PopnupBlogUtils.php. NOTE: later versions such as 3.03 and...

7.5CVSS6.4AI score0.02175EPSS
Exploits1References5
Prion
Prion
added 2007/03/20 10:19 a.m.14 views

Sql injection

SQL injection vulnerability in post.php in Particle Blogger 1.0.0 through 1.2.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter...

7.5CVSS9AI score0.02004EPSS
Exploits0References9Affected Software1
Prion
Prion
added 2006/04/06 10:4 a.m.17 views

Sql injection

SQL injection vulnerability in index.php in wpBlog 0.4 allows remote attackers to execute arbitrary SQL commands via the postid parameter...

5.1CVSS9AI score0.0155EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2006/04/06 10:4 a.m.16 views

CVE-2006-1639

SQL injection vulnerability in index.php in wpBlog 0.4 allows remote attackers to execute arbitrary SQL commands via the postid parameter...

5.1CVSS8.4AI score0.0155EPSS
Exploits0References9
Rows per page
Query Builder