Lucene search
K

85 matches found

OSV
OSV
added 2024/08/20 12:15 a.m.13 views

CVE-2024-7936

A vulnerability classified as critical has been found in itsourcecode Project Expense Monitoring System 1.0. This affects an unknown part of the file transferredreport.php. The manipulation of the argument start/end/employee leads to sql injection. It is possible to initiate the attack remotely...

9.8CVSS6.5AI score0.00612EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/08/19 12:0 a.m.5 views

itsourcecode Project Expense Monitoring System SQL注入漏洞

itsourcecode Project Expense Monitoring System is a project expense monitoring system from itsourcecode, Inc. A SQL injection vulnerability exists in itsourcecode Project Expense Monitoring System version 1.0, which stems from operations on the parameters start/end/employee that result in SQL...

9.8CVSS7.1AI score0.00612EPSS
Exploits1References2
NVD
NVD
added 2024/08/06 11:16 a.m.28 views

CVE-2024-33980

Cross-Site Scripting XSS vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '/admin/modreports/printreport.php'...

7.1CVSS0.00267EPSS
Exploits0References1
OSV
OSV
added 2024/08/06 11:16 a.m.5 views

CVE-2024-33981

Cross-Site Scripting XSS vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '/admin/modreports/index.php'...

6.1CVSS5.8AI score0.00267EPSS
Exploits0References1
NVD
NVD
added 2024/08/06 11:16 a.m.25 views

CVE-2024-33981

Cross-Site Scripting XSS vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '/admin/modreports/index.php'...

7.1CVSS0.00267EPSS
Exploits0References1
OSV
OSV
added 2024/08/06 11:16 a.m.6 views

CVE-2024-33980

Cross-Site Scripting XSS vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '/admin/modreports/printreport.php'...

6.1CVSS5.8AI score0.00267EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/06 11:6 a.m.17 views

CVE-2024-33981 Cross-site Scripting in Janobe products

Cross-Site Scripting XSS vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '/admin/modreports/index.php'...

7.1CVSS5.8AI score0.00267EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/06 11:5 a.m.16 views

CVE-2024-33980 Cross-site Scripting in Janobe products

Cross-Site Scripting XSS vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '/admin/modreports/printreport.php'...

7.1CVSS5.7AI score0.00267EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/06 11:5 a.m.30 views

CVE-2024-33980 Cross-site Scripting in Janobe products

Cross-Site Scripting XSS vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '/admin/modreports/printreport.php'...

7.1CVSS0.00267EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/06 12:0 a.m.5 views

PT-2024-25613 · Paypal · Paypal

Name of the Vulnerable Software and Affected Versions: PayPal, Credit Card and Debit Card Payment version 1.0 Description: A Cross-Site Scripting XSS issue allows an attacker to create a specially crafted URL and send it to a victim to obtain details of their session cookie via the start paramete...

7.1CVSS5.9AI score0.00267EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/08/06 12:0 a.m.5 views

PayPal,Credit Card and Debit Card Payment 跨站脚本漏洞

PayPal,Credit Card and Debit Card Payment is a PayPal, Credit Card and Debit Card Payment software by janobe Personal Developer. A cross-site scripting vulnerability exists in PayPal,Credit Card and Debit Card Payment version 1.0. An attacker can create a specially crafted URL and send it to the...

7.1CVSS6.1AI score0.00267EPSS
Exploits0References2
Veracode
Veracode
added 2024/06/21 7:15 a.m.16 views

SQL Injection

silverstripe/framework is vulnerable to SQL injection. The vulnerability is due to the 'start' querystring parameter not being safely escaped, which exposes a possible SQL injection risk...

8.4AI score
Exploits0
CNNVD
CNNVD
added 2024/05/07 12:0 a.m.7 views

HSC Cybersecurity HC Mailinspector 安全漏洞

HSC Cybersecurity HC Mailinspector is a cloud email security solution from HSC Cybersecurity. A security vulnerability exists in HSC Cybersecurity HC Mailinspector versions 5.2.17-3 through 5.2.18. A remote attacker can exploit this vulnerability to obtain sensitive information about the start an...

4.3CVSS6.4AI score0.00927EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2024/05/06 12:0 a.m.6 views

PT-2024-24537 · Hsc Cybersecurity · Hc Mailinspector

Name of the Vulnerable Software and Affected Versions: HSC Cybersecurity HC Mailinspector versions 5.2.17-3 through 5.2.18 Description: The issue allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit parameters in the "mliWhiteList.php" component...

4.3CVSS6.8AI score0.00927EPSS
Exploits2References7
CNNVD
CNNVD
added 2024/04/25 12:0 a.m.4 views

Vyper 安全漏洞

Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper 0.3.10 and earlier versions, which stems from when the buffer parameters are msg.data, self.code, .code, start, length...

5.3CVSS7AI score0.00451EPSS
Exploits0References2
OSV
OSV
added 2023/11/07 3:15 p.m.8 views

CVE-2023-33481

RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php...

9.8CVSS5.8AI score0.00738EPSS
Exploits1References1
Prion
Prion
added 2023/11/07 3:15 p.m.13 views

Sql injection

RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php...

7.5CVSS8.2AI score0.00738EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/11/07 12:0 a.m.35 views

CVE-2023-33481

RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection in the 'start' parameter of patients/index.php. The issue stems from improper handling of user input in that endpoint, enabling an attacker to infer data via time-based responses. Impact is described as high/confidentiality, integ...

9.8CVSS9.7AI score0.00738EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/11/07 12:0 a.m.5 views

Saad Irfan RemoteClinic Security Vulnerability

Saad Irfan RemoteClinic is a Saad Irfan open source application. Provides the ability to remotely manage your clinic via the Web. A security vulnerability exists in Saad Irfan RemoteClinic version 2.0, which stems from a SQL injection vulnerability in the parameter start of the file...

9.8CVSS7.9AI score0.00738EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2023/07/11 12:0 a.m.10 views

The vulnerability of the WanDynamicIpV6CfgRpm component (/userRpm/WanDynamicIpV6CfgRpm.htm) in the TP-Link TL-WR940N router software allows a attacker to cause a service failure.

The vulnerability of the WanDynamicIpV6CfgRpm component /userRpm/WanDynamicIpV6CfgRpm.htm of the TP-Link TL-WR940N router software is related to the issue where an operation outside the buffer is performed when processing the ipStart parameter. Exploiting this vulnerability allows a remote attack...

9.9CVSS8AI score0.31733EPSS
Exploits4References5
Rows per page
Query Builder