CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

OSV•added 2024/03/06 11:9 a.m.•10 views

BIT-SUITECRM-2021-45041

SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL injection via the Tooltips action in the Project module, involving resourceid and startdate...

8.8CVSS9AI score0.13282EPSS

Exploits2References4

Github Security Blog•added 2022/08/13 12:0 a.m.•16 views

ForkCMS stored XSS via `start_date` parameter

A stored cross-site scripting XSS issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the startdate Parameter. This issue was patched in version 5.11.0...

4.8CVSS4.9AI score0.0023EPSS

Exploits1References4Affected Software1

OSV•added 2022/08/13 12:0 a.m.•10 views

GHSA-9HMC-87H4-W869 ForkCMS stored XSS via `start_date` parameter

A stored cross-site scripting XSS issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the startdate Parameter. This issue was patched in version 5.11.0...

4.8CVSS4.8AI score0.0023EPSS

Exploits1References4

OSV•added 2022/08/12 4:15 p.m.•14 views

CVE-2022-35585

A stored cross-site scripting XSS issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "startdate" Parameter...

4.8CVSS4.9AI score

Exploits0References1

NVD•added 2022/08/12 4:15 p.m.•9 views

CVE-2022-35585

A stored cross-site scripting XSS issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "startdate" Parameter...

4.8CVSS0.0023EPSS

Exploits1References1

NVD•added 2021/12/19 9:15 a.m.•11 views

CVE-2021-45041

SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL injection via the Tooltips action in the Project module, involving resourceid and startdate...

8.8CVSS0.13282EPSS

Exploits2References3

OSV•added 2021/12/19 9:15 a.m.•13 views

CVE-2021-45041

SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL injection via the Tooltips action in the Project module, involving resourceid and startdate...

8.8CVSS7.8AI score0.13282EPSS

Exploits2References3

Cvelist•added 2021/12/19 8:34 a.m.•12 views

CVE-2021-45041

SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL injection via the Tooltips action in the Project module, involving resourceid and startdate...

9.3AI score0.13282EPSS

Exploits2References3

NVD•added 2018/09/28 12:29 a.m.•12 views

CVE-2018-17380

SQL Injection exists in the Article Factory Manager 4.3.9 component for Joomla! via the startdate, mstartdate, or menddate parameter...

9.8CVSS9.9AI score0.02512EPSS

Exploits5References2

Metasploit•added 2011/10/26 6:6 p.m.•15 views

phpScheduleIt PHP reserve.php start_date Parameter Arbitrary Code Injection

This module exploits an arbitrary PHP code execution flaw in the phpScheduleIt software. This vulnerability is only exploitable when the magicquotesgpc PHP option is 'off'. Authentication is not required to exploit the bug. Version 1.2.10 and earlier of phpScheduleIt are affected. This module...

6.8CVSS7.7AI score0.77215EPSS

Exploits5

Cvelist•added 2009/02/13 6:0 p.m.•11 views

CVE-2008-6132

Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via the startdate parameter...

7.6AI score0.77215EPSS

Exploits5References8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by