Lucene search
+L

7 matches found

NVD
NVD
added 2026/05/21 6:16 p.m.18 views

CVE-2026-48230

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdbimport.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters mdbhost, mdbdb, mdbuser, mdbpassword, mdbprefix,...

5.4CVSS0.00212EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/21 5:10 p.m.44 views

CVE-2026-48230 Open ISES Tickets < 3.44.2 Reflected XSS via ticketsmdb_import.php Multiple POST Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdbimport.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters mdbhost, mdbdb, mdbuser, mdbpassword, mdbprefix,...

5.4CVSS0.00212EPSS
Exploits0References3
CVE
CVE
added 2026/05/13 8:58 p.m.20 views

CVE-2026-44418

EcclesiaCRM (8.0.0 and earlier) is affected. The ValidateInput() function’s default case in the query view passes user-supplied POST parameters directly into SQL queries via str_replace without sanitization, enabling SQL injection through query parameters that use non-standard validation types. T...

8.7CVSS5.9AI score0.00285EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/07 11:9 p.m.167 views

CVE-2017-20216 FLIR Thermal Camera PT-Series firmware version 8.0.0.64 Unauthenticated Remote Command Injection

FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem functi...

9.8CVSS0.1064EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/22 7:24 p.m.6 views

CVE-2021-24983

The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not sanitise and escape POSted parameters sent to the wpassetcleanupfetchactivepluginsicons AJAX action available to admin users, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.1AI score0.00956EPSS
Exploits2References1
NVD
NVD
added 2021/08/23 12:15 p.m.23 views

CVE-2021-24556

The kentoemailsubscriberajax AJAX action of the Email Subscriber WordPress plugin through 1.1, does not properly sanitise, validate and escape the submitted subscribeemail and subscribename POST parameters, inserting them in the DB and then outputting them back in the Subscriber list...

6.1CVSS0.01344EPSS
Exploits2References2
0day.today
0day.today
added 2015/08/07 12:0 a.m.17 views

WordPress Copy Or Move Comments 1.0.0 Cross Site Scripting Vulnerability

WordPress Copy or Move Comments plugin version 1.0.0 suffers from a cross site scripting vulnerability. Title: WordPress 'Copy or Move Comments' Plugin Version: 1.0.0 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-16 Download: -...

6.7AI score
Exploits0
Rows per page
Query Builder