Lucene search
K

13 matches found

Prion
Prion
added 2024/02/12 4:15 p.m.10 views

Cross site request forgery (csrf)

The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6AI score0.00199EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/01/13 12:0 a.m.31 views

CVE-2023-50072

A Stored Cross-Site Scripting XSS vulnerability exists in OpenKM version 7.1.40 dbb6e88 With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload. Any user who opens the note of a document file will trigger the XSS...

5.2AI score0.00618EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/06/01 4:34 p.m.46 views

CVE-2023-32711 Persistent Cross-Site Scripting (XSS) through a URL Validation Bypass within a Dashboard View

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework CVE-2019-8331 and build a stored cross-site scripting XSS payload...

5.4CVSS6AI score0.0035EPSS
Exploits0References2
wpexploit
wpexploit
added 2023/04/18 12:0 a.m.140 views

Pretty Url <= 1.5.4 - Admin+ Stored XSS in plugin settings

Plugin does not sanitize and escape the URL field in the plugin settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. In the "Enter the URL: field, add the XSS payloa...

4.8CVSS7.8AI score0.00824EPSS
Exploits2
CVE
CVE
added 2020/09/17 7:49 p.m.81 views

CVE-2020-13260

The CVE-2020-13260 entry concerns RAD SecFlow-1v web-based management interface (SF_0290_2.3.01.26). A vulnerability allows an authenticated attacker to upload a JavaScript file as a stored XSS payload, which is saved in the system as an OVPN config or a static key file. The payload executes when...

6.1CVSS6.8AI score0.01982EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2020/09/17 7:49 p.m.76 views

CVE-2020-13260

A vulnerability in the web-based management interface of RAD SecFlow-1v through 2020-05-21 could allow an authenticated attacker to upload a JavaScript file, with a stored XSS payload, that will remain stored in the system as an OVPN file in Configuration-Services-Security-OpenVPN-Config or as th...

7AI score0.01982EPSS
Exploits5References3
OSV
OSV
added 2019/10/24 6:15 p.m.18 views

CVE-2019-12095

Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload...

8.8CVSS6AI score
Exploits0References8
UbuntuCve
UbuntuCve
added 2019/10/24 6:15 p.m.17 views

CVE-2019-12095

Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload...

8.8CVSS7.2AI score0.01115EPSS
Exploits6References8
Debian CVE
Debian CVE
added 2019/10/24 5:9 p.m.26 views

CVE-2019-12095

Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload...

8.8CVSS8.5AI score0.01115EPSS
Exploits6
Veracode
Veracode
added 2019/09/30 3:22 a.m.27 views

Session Token In URL

PhpBB sends the session token via a GET parameter in the URL. Due to the way phpbb works, having the session ID is not enough for a remote attacker to gain access to the application since the session tokens are tied to an IP address. However, with knowledge of the administrator's session ID, the...

6.5CVSS1.8AI score0.00678EPSS
Exploits1References4Affected Software2
Cvelist
Cvelist
added 2019/09/03 6:14 a.m.31 views

CVE-2019-15858

admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution...

8.9AI score0.20813EPSS
Exploits2References2
exploitpack
exploitpack
added 2016/10/13 12:0 a.m.17 views

Colorful Blog - Persistent Cross-Site Scripting

Colorful Blog - Persistent Cross-Site Scripting Exploit Title : ----------- : Colorful Blog - Stored Cross Site Scripting Author : ----------------- : Besim Google Dork : --------- : - Date : -------------------- : 13/10/2016 Type : -------------------- : webapps Platform : --------------- : PHP...

6.8AI score
Exploits0
exploitpack
exploitpack
added 2016/10/12 12:0 a.m.16 views

ApPHP MicroCMS 3.9.5 - Persistent Cross-Site Scripting

ApPHP MicroCMS 3.9.5 - Persistent Cross-Site Scripting Exploit Title :----------------- : ApPHP MicroCMS 3.9.5 - Stored Cross Site Scripting Author :------------------------ : Besim Google Dork :---------------- : - Date :-------------------------- : 12/10/2016 Type :-------------------------- :...

6.8AI score
Exploits0
Rows per page
Query Builder