CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

RedhatCVE•added 2025/05/22 4:9 p.m.•8 views

CVE-2020-11457

pfSense before 2.4.5 has stored XSS in systemusermanageraddprivs.php in the WebGUI via the descr parameter aka full name of a user...

5.4CVSS5.8AI score0.09282EPSS

Exploits3References1

OSV•added 2023/11/10 2:43 p.m.•20 views

CVE-2023-45806 Discourse vulnerable to DoS via Regexp Injection in Full Name

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, if a user has been quoted and uses a | in their full name, they might be able to trigger a bug that generates a lot of duplicat...

4.3CVSS5.4AI score0.00999EPSS

Exploits0References5

Prion•added 2023/04/16 3:15 a.m.•13 views

Design/Logic Flaw

ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting...

5CVSS5.1AI score0.03543EPSS

Exploits4References1Affected Software1

NVD•added 2023/03/17 5:15 p.m.•13 views

CVE-2023-25172

Discourse is an open-source discussion platform. Prior to version 3.0.1 of the stable branch and version 3.1.0.beta2 of the beta and tests-passed branches, a maliciously crafted URL can be included in a user's full name field to to carry out cross-site scripting attacks on sites with a disabled o...

5.4CVSS4.7AI score0.00451EPSS

Exploits0References5

CNVD•added 2017/07/18 12:0 a.m.•3 views

Moodle Information Disclosure Vulnerability (CNVD-2017-24411)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. A security vulnerability exists in version 3.x of Moodle. The vulnerability can be...

6.5CVSS6.3AI score0.01101EPSS

Exploits0References1

OSV•added 2017/07/17 5:29 p.m.•3 views

UBUNTU-CVE-2017-2642

Moodle 3.x has user fullname disclosure on the user preferences page...

6.5CVSS6.6AI score0.01101EPSS

Exploits0References3

Tenable Nessus•added 2017/05/09 12:0 a.m.•10 views

User Full Name Detection via SMTP

Binary data 7273.pasl...

7.3AI score

Exploits0

NVD•added 2014/04/11 2:55 p.m.•14 views

CVE-2013-4795

Cross-site scripting XSS vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user full name...

4.3CVSS5.7AI score0.01379EPSS

Exploits0References8

Prion•added 2014/04/11 2:55 p.m.•16 views

Cross site scripting

4.3CVSS6.1AI score0.01379EPSS

Exploits0References8Affected Software1

Cvelist•added 2014/04/11 2:0 p.m.•19 views

CVE-2013-4795

5.7AI score0.01379EPSS

Exploits0References8

Cvelist•added 2009/02/17 5:0 p.m.•18 views

CVE-2009-0359

Multiple cross-site scripting XSS vulnerabilities in Samizdat before 0.6.2 allow remote authenticated users to inject arbitrary web script or HTML via the 1 message title or 2 user full name...

5.4AI score0.01019EPSS

Exploits1References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by