Lucene search
K

11 matches found

Nuclei
Nuclei
added 11 hours ago102 views

Wing FTP 6.4.4 - Cross-Site Scripting

Wing FTP 6.4.4 is vulnerable to cross-site scripting via its web interface because an arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of sandboxed arbitrary HTML and JavaScript in the user's browser. id: CVE-2020-27735 info: name: Wing FTP...

6.1CVSS6.5AI score0.05626EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago99 views

WordPress All-in-One WP Migration <=7.62 - Cross-Site Scripting

WordPress All-in-One WP Migration plugin 7.62 and prior contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials a...

4.7CVSS6.1AI score0.01204EPSS
Exploits3References5
Nuclei
Nuclei
added 11 hours ago68 views

Reprise License Manager 14.2 - Cross-Site Scripting

Reprise License Manager 14.2 contains a cross-site scripting vulnerability in the /goform/activateprocess "count" parameter via GET. id: CVE-2021-45422 info: name: Reprise License Manager 14.2 - Cross-Site Scripting author: edoardottt severity: medium description: | Reprise License Manager 14.2...

6.1CVSS6.4AI score0.03241EPSS
Exploits3References5
RedhatCVE
RedhatCVE
added 2025/05/22 5:3 p.m.10 views

CVE-2020-5270

In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in some cases even cau...

6.1CVSS5.8AI score0.00812EPSS
Exploits0
Hacker One
Hacker One
added 2022/09/21 4:13 p.m.26 views

Yelp: CORS Misconfiguration on Yelp

Entry An cross-origin resource sharing CORS policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy is fine-grained and can apply access controls per-request based on the URL and other features of the...

0.5AI score
Exploits0
Hacker One
Hacker One
added 2021/02/14 2:53 a.m.42 views

U.S. Dept Of Defense: Reflected XSS on https://█████

Summary: Reflected xss can use to steal user information because it is coming from trusted website. an user can easily trust it and attacker can easily steal user information Steps To Reproduce: 1. go to https://████?profileid=%22%3E%3C/script%3E%3Cscript%3Ealert%27xss%27%3C/script%3E 2. you will...

0.6AI score
Exploits0
NVD
NVD
added 2020/11/11 10:15 p.m.14 views

CVE-2020-26219

touchbase.ai before version 2.0 is vulnerable to Open Redirect. Impacts can be many, and vary from theft of information and credentials, to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection...

6.1CVSS4.8AI score0.00608EPSS
Exploits0References1
Prion
Prion
added 2020/11/11 10:15 p.m.19 views

Open redirect

touchbase.ai before version 2.0 is vulnerable to Open Redirect. Impacts can be many, and vary from theft of information and credentials, to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection...

5.8CVSS5.8AI score0.00608EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/04/20 5:15 p.m.19 views

Open redirect

In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in some cases even cau...

5.8CVSS5.8AI score0.00812EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2018/05/03 12:0 a.m.45 views

Flexense Disksavvy 10.7 Cross Site Scripting

Description: URL: localhost/ Affected Component: /?n0ipr0csalert'XSS'n0ipr0cs=1 Vulnerability Type: Cross Site Scripting https://cwe.mitre.org/data/definitions/79.html Vendor of Product: Flexense Disksavvy Version: from v10.4 to v10.7. Attack Type: Remote Impact: This attack allows an attacker co...

0.2AI score0.00705EPSS
Exploits1
Exploit DB
Exploit DB
added 2005/04/08 12:0 a.m.35 views

PostNuke Phoenix 0.760 RC3 - &#039;SID&#039; SQL Injection

source: https://www.securityfocus.com/bid/13077/info A remote SQL Injection vulnerability affects PostNuke Phoenix. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. An attacker may exploit this issue to manipulate SQL...

7.4AI score
Exploits0
Rows per page
Query Builder