CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

CNVD•added 2025/12/29 12:0 a.m.•3 views

Orangescrum Cross-Site Scripting Vulnerability

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. A cross-site scripting vulnerability exists in Orangescrum, which stems from insufficient validation of parameter inputs such as projid, CSmessage, and...

5.4CVSS6.6AI score0.00025EPSS

Exploits1References1

OSV•added 2025/12/23 8:15 p.m.•0 views

CVE-2021-47716

Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CSmessage', and 'name' to execute arbitrary JavaScript code in victim's browse...

5.1CVSS6AI score0.00025EPSS

Exploits1References3

CVE•added 2025/12/23 7:35 p.m.•4 views

CVE-2021-47716

Orangescrum 1.8.0 is affected by multiple cross-site scripting (XSS) vulnerabilities exposed via authenticated endpoints. The issue arises from insufficient validation of inputs such as projid, CS_message, and name, allowing an attacker to inject arbitrary JavaScript into victims’ browsers by sub...

5.4CVSS6.3AI score0.00025EPSS

Exploits1References3Affected Software1

CNNVD•added 2025/12/23 12:0 a.m.•3 views

OrangeScrum 跨站脚本漏洞

5.4CVSS5.9AI score0.00025EPSS

Exploits1References4

CNVD•added 2017/12/15 12:0 a.m.•1 views

PHP Scripts Mall Kickstarter Clone Script SQL Injection Vulnerability

PHP Scripts Mall Kickstarter Clone Script is a set of PHP based scripts for crowdfunding websites by PHP Scripts Mall India. A SQL injection vulnerability exists in PHP Scripts Mall Kickstarter Clone Script version 2.0. A remote attacker can exploit the vulnerability by sending the 'projid'...

9.8CVSS8.2AI score0.02512EPSS

Exploits1References1

NVD•added 2017/12/13 9:29 a.m.•8 views

CVE-2017-17618

Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter...

9.8CVSS10AI score0.02512EPSS

Exploits1References2

Prion•added 2017/12/13 9:29 a.m.•11 views

Sql injection

Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter...

7.5CVSS9.9AI score0.02512EPSS

Exploits1References2Affected Software1

Cvelist•added 2017/12/13 9:0 a.m.•12 views

CVE-2017-17618

Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter...

10AI score0.02512EPSS

Exploits1References2

CVE•added 2017/12/13 9:0 a.m.•42 views

CVE-2017-17618

CVE-2017-17618 affects Kickstarter Clone Script 2.0 and is a SQL Injection vulnerability in investcalc.php via the projid parameter. Public records describe injection as the root cause, with high impact (C/H/I/A) per CVSS v3.0 (9.8) and CVSS v2.0 (7.5). Exploitation is documented (exploit-db link...

9.8CVSS9.9AI score0.02512EPSS

Exploits1References2Affected Software1

NVD•added 2007/05/22 9:30 p.m.•12 views

CVE-2007-2819

Cross-site scripting XSS vulnerability in reportItem.do in Track+ 3.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the projId parameter...

4.3CVSS5.7AI score0.01EPSS

Exploits0References4

Prion•added 2007/05/22 9:30 p.m.•6 views

Cross site scripting

Cross-site scripting XSS vulnerability in reportItem.do in Track+ 3.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the projId parameter...

4.3CVSS6.2AI score0.01EPSS

Exploits0References4Affected Software1

Cvelist•added 2007/05/22 9:0 p.m.•13 views

CVE-2007-2819

Cross-site scripting XSS vulnerability in reportItem.do in Track+ 3.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the projId parameter...

5.7AI score0.01EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by