Lucene search
K

6 matches found

EUVD
EUVD
added 2026/06/12 3:52 p.m.11 views

EUVD-2026-36502

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 fail to validate that a username returned during bot registration belongs to a bot account, which allows an unprivileged attacker to intercept private messages sent by plugins via direct message channels ...

5.3CVSS5.2AI score0.0019EPSS
Exploits0References1
NVD
NVD
added 2023/04/04 3:15 p.m.32 views

CVE-2020-20522

Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the registering user parameter...

6.1CVSS6.4AI score0.00565EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/04/04 12:0 a.m.6 views

KiteCMS 跨站脚本漏洞

KiteCMS is a website CMS. A security vulnerability exists in KiteCMS v.1.1. An attacker can exploit this vulnerability to execute arbitrary code via the registering user parameter...

6.1CVSS6.8AI score0.00565EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/04/04 12:0 a.m.5 views

PT-2023-11555 · Kitecms · Kitecms

Name of the Vulnerable Software and Affected Versions: KiteCMS version 1.1 Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the registering user parameter. This enables the attacker to perform unauthorized actions on the system. Recommendations: For...

6.1CVSS7.5AI score0.00565EPSS
Exploits1References4
0day.today
0day.today
added 2008/09/10 12:0 a.m.28 views

Wordpress 2.6.1 (SQL Column Truncation) Admin Takeover Exploit

Exploit for unknown platform in category web applications ============================================================== Wordpress 2.6.1 SQL Column Truncation Admin Takeover Exploit ============================================================== !/usr/bin/php =5.2.1 you'll need to be as well, in...

7.1AI score
Exploits0
Prion
Prion
added 2007/12/17 6:46 p.m.21 views

Code injection

Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the 1 username, 2 password, and 3 email parameters when registering a user account, which can be executed by accessing the user's php file for this...

7.5CVSS7.8AI score0.02412EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder