CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Multiple cross-site request forgery CSRF and cross-site scripting XSS vulnerabilities in Axous 1.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 add an administrator account via an addnew action to admin/administratorsadd.php; or 2 conduct...

8.8CVSS8.6AI score0.0069EPSS

Exploits6References2

Prion•added 2018/12/28 4:29 p.m.•11 views

Design/Logic Flaw

An issue was discovered in DouCo DouPHP 1.5 20181221. admin/system.php?rec=update has XSS via the sitename parameter...

3.5CVSS4.8AI score0.00235EPSS

Exploits1References1Affected Software1

NVD•added 2018/10/19 10:29 p.m.•8 views

CVE-2018-18416

LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the sitename parameter to the admin/settings/update URI...

4.8CVSS5AI score0.00222EPSS

Exploits6References2

Prion•added 2018/10/19 10:29 p.m.•8 views

Cross site scripting

LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the sitename parameter to the admin/settings/update URI...

3.5CVSS4.8AI score0.00222EPSS

Exploits6References2Affected Software1

Cvelist•added 2018/10/19 10:0 p.m.•11 views

CVE-2018-18416

LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the sitename parameter to the admin/settings/update URI...

4.9AI score0.00222EPSS

Exploits6References2

Prion•added 2018/04/26 2:29 p.m.•7 views

Design/Logic Flaw

Composr CMS 10.0.13 has XSS via the sitename parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php...

3.5CVSS4.8AI score0.00287EPSS

Exploits1References1Affected Software1

OSV•added 2018/04/26 2:29 p.m.•15 views

CVE-2018-6518

Composr CMS 10.0.13 has XSS via the sitename parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php...

4.8CVSS5.8AI score

Exploits0References1

CNVD•added 2017/10/17 12:0 a.m.•2 views

WordPress Profile Builder Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . Profile Builder is one of the profile release plugin . A cross-site scripting vulnerability exists in the...

6.1CVSS5.9AI score0.00152EPSS

Exploits1References1

CNVD•added 2017/08/31 12:0 a.m.•1 views

Fiyo CMS Cross-Site Scripting Vulnerability (CNVD-2017-24320)

Fiyo CMS is a content management system CMS for creating CMS templates. A cross-site scripting vulnerability exists in the dapur\apps\appconfig\sysconfig.php file in Fiyo CMS version 2.0.7. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of th...

6.1CVSS5.9AI score0.00223EPSS

Exploits0References1

NVD•added 2017/08/30 9:29 a.m.•10 views

CVE-2017-13778

Fiyo CMS 2.0.7 has XSS in dapur\apps\appconfig\sysconfig.php via the sitename parameter...

6.1CVSS6AI score0.00223EPSS

Exploits0References1

Cvelist•added 2017/08/30 9:0 a.m.•10 views

CVE-2017-13778

Fiyo CMS 2.0.7 has XSS in dapur\apps\appconfig\sysconfig.php via the sitename parameter...

6.1AI score0.00223EPSS

Exploits0References1

CNVD•added 2015/01/08 12:0 a.m.•1 views

Multiple Cross-Site Scripting Vulnerabilities in poMMo Aardvark

poMMo Aardvark is a PHP-based mass mailing software. poMMo Aardvark PR16.1 suffers from multiple cross-site scripting vulnerabilities that allow remote attackers to send mass emails via 1 the referer parameter to index.php, 2 the sitename parameter to admin/setup/config/general.php, 3 the groupna...

4.3CVSS6.4AI score0.00225EPSS

Exploits1References1

NVD•added 2014/03/14 3:55 p.m.•12 views

CVE-2013-0297

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the 1 sitename or 2 siteurl parameter to apps/external/ajax/setsites.php...

3.5CVSS5.4AI score0.00224EPSS

Exploits0References1

UbuntuCve•added 2014/03/14 3:55 p.m.•18 views

CVE-2013-0297

3.5CVSS5.9AI score0.00224EPSS

Exploits0References2

Prion•added 2011/12/08 7:55 p.m.•10 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Hotaru.php in the Search plugin 1.3 for Hotaru CMS allow remote attackers to inject arbitrary web script or HTML via the 1 SITENAME parameter to adminindex.php, or the 2 return and 3 search parameters to index.php. NOTE: some of these details a...

4.3CVSS6.2AI score0.07844EPSS

Exploits2References7Affected Software2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by