Lucene search
+L

61 matches found

CNVD
CNVD
added 2025/07/14 12:0 a.m.7 views

WordPress Events Manager Plugin SQL Injection Vulnerability

WordPress Events Manager plugin is a full-featured event management tool that supports event registration, ticket sales, booking management and recurring event settings. The WordPress Events Manager plugin suffers from a SQL injection vulnerability that stems from the plugin's failure to adequate...

7.5CVSS7.6AI score0.55683EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2025/06/09 12:0 a.m.8 views

PT-2025-24524 · Unknown · Wc Myparcel Belgium

Name of the Vulnerable Software and Affected Versions: WC MyParcel Belgium versions 4.5.5 through beta Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to...

7.1CVSS6.7AI score0.0018EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 1:58 a.m.11 views

CVE-2023-47130

Yii is an open source PHP web framework. yiisoft/yii before version 1.1.29 are vulnerable to Remote Code Execution RCE if the application calls unserialize on arbitrary user input. An attacker may leverage this vulnerability to compromise the host system. A fix has been developed for the 1.1.29...

9.8CVSS7.5AI score0.03147EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:55 p.m.7 views

CVE-2020-25750

An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input $POST'xml' is used for simplexmlloadstring without sanitization. NOTE: This vulnerability only affects products...

7.5CVSS6.9AI score0.01145EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 10:22 a.m.10 views

CVE-2019-9094

A Reflected Cross Site Scripting XSS Vulnerability was discovered in /s/adada/cfiles/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing JavaScript in the filename is echoed back in JavaScript code, which resulted in XSS...

6.1CVSS6AI score0.00822EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:18 a.m.5 views

CVE-2017-1002201

In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code...

6.1CVSS6.5AI score0.01452EPSS
Exploits1References1
CNVD
CNVD
added 2025/05/19 12:0 a.m.13 views

SAP Data Services Management Console Cross-Site Scripting Vulnerability

SAP Data Services Management Console is a console for managing and monitoring data services. A cross-site scripting vulnerability exists in SAP Data Services Management Console that stems from the system failing to adequately encode user-controlled input. An attacker could exploit the vulnerabili...

4.4CVSS6.2AI score0.0017EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/05 12:0 a.m.5 views

PT-2025-19739 · Unknown · Retrieval-Based-Voice-Conversion-Webui

Name of the Vulnerable Software and Affected Versions: Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior Description: Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. The variables exp dir1, np7, and f0method8 take user input and pass it into...

9.8CVSS6.8AI score0.02259EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.5 views

PT-2025-17170 · Unknown · Rtpharry Bulk Page Stub Creator

Name of the Vulnerable Software and Affected Versions: rtpHarry Bulk Page Stub Creator versions n/a through 1.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This means an attacke...

7.1CVSS7.4AI score0.00257EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/04/10 12:0 a.m.14 views

Moodle < 3.9.20 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.20, 3.11.x prior to 3.11.13, 4.0.x prior to 4.0.7 or 4.1.x prior to 4.1.2. It is, therefore, affected by multiple vulnerabilities. - The course participation report required additional checks to...

9.8CVSS7.5AI score0.01195EPSS
Exploits0References21
Vulnrichment
Vulnrichment
added 2025/04/08 7:10 a.m.7 views

CVE-2025-26653 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)

SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting XSS vulnerability. This enables an attacker, without requiring any privileges, to inject malicious JavaScript into a website. When a user visits the compromised page,...

4.7CVSS5.9AI score0.00225EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.7 views

PT-2025-14431 · Unknown · The Logo Slider

Name of the Vulnerable Software and Affected Versions: The Logo Slider versions n/a through 1.0.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS in The Logo Slider. Recommendations...

7.1CVSS7.1AI score0.00294EPSS
Exploits0References5
OSV
OSV
added 2025/03/20 10:9 a.m.4 views

CVE-2024-9900 Cross-Site Scripting (XSS) in mudler/localai

mudler/localai version v2.21.1 contains a Cross-Site Scripting XSS vulnerability in its search functionality. The vulnerability arises due to improper sanitization of user input, allowing the injection and execution of arbitrary JavaScript code. This can lead to the execution of malicious scripts...

5.4CVSS6.4AI score0.00491EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-31108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. A...

6.1CVSS6.2AI score0.00869EPSS
Exploits1References3
NVD
NVD
added 2025/02/24 6:15 p.m.24 views

CVE-2024-57026

TawkTo Widget Version = 1.3.7 is vulnerable to Cross Site Scripting XSS due to processing user input in a way that allows JavaScript execution...

6.1CVSS0.00398EPSS
Exploits1References1
Veracode
Veracode
added 2025/02/12 6:57 a.m.9 views

Cross-Site Scripting (XSS)

org.apache.felix, org.apache.felix.webconsole is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper neutralization of user-supplied input during web page generation, which allows an attacker to inject and execute malicious scripts in a user's browser...

6.1CVSS6.4AI score0.00669EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/02/06 12:0 a.m.6 views

PT-2025-5831 · Phpjabbers · Phpjabbers Cinema Booking System

Name of the Vulnerable Software and Affected Versions: PHPJabbers Cinema Booking System version 2.0 Description: The issue concerns reflected cross-site scripting XSS, where multiple endpoints improperly handle user input. This allows malicious scripts to execute in a victim's browser. Attackers...

6.1CVSS8.7AI score0.00429EPSS
Exploits4References6
OSV
OSV
added 2025/02/05 7:29 a.m.9 views

BIT-SUPERSET-2021-28125 Apache Superset Open Redirect

Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click...

6.1CVSS6.1AI score0.63768EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2025/02/05 12:0 a.m.376 views

PHPJabbers Cinema Booking System 2.0 Cross Site Scripting

PHPJabbers Cinema Booking System version 2.0 suffers from both reflective and persistent cross site scripting vulnerabilities. CVE-2024-57428 A stored cross-site scripting XSS vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields eventimg,...

6.8AI score0.0073EPSS
Exploits6
OpenVAS
OpenVAS
added 2024/12/12 12:0 a.m.12 views

Huawei EulerOS: Security Advisory for cups (EulerOS-SA-2024-2963)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8AI score0.62474EPSS
Exploits6References2
Rows per page
Query Builder