Lucene search
K

6 matches found

Cvelist
Cvelist
added 2022/10/31 7:59 p.m.16 views

CVE-2022-41679 Cross-site scripting in Forma LMS version

Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the “backurl” parameter in appLms/index.php?modname=faq&op=play function. The exploitation of this vulnerability could allow an attacker to...

4.7CVSS7AI score0.00454EPSS
Exploits0References1
Veracode
Veracode
added 2022/09/02 11:36 a.m.20 views

Cross-site Scripting (XSS)

francoisjacquet/rosariosis is vulnerable to cross-site scriptingXSS attacks. The vulnerability exists because the FileExtensionWhiteList function in FileUpload.fnc.php does not restrict unsanitized SVG files from being injected, which allows an attacker to execute malicious javascript and steal...

5.4CVSS5.6AI score0.00767EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 12:1 a.m.22 views

Cross-site Scripting in facturascripts

Reflected cross-site scripting using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.08. This can lead to theft of a user's cookies, which in turn could lead to account takeover or do other malicious activities in a victim's browser...

9.4CVSS2.4AI score0.00709EPSS
Exploits1References4Affected Software1
Huntr
Huntr
added 2022/02/20 5:21 a.m.48 views

Insertion of Sensitive Information Into Debugging Code

Description Laravel debug mode exposes sensitive data, eg: internal source codes, stack traces, sql queries, databases names, tables names, user's cookies, email, phone number, username, laravel version, php version, etc Proof of Concept 1. Login into http://demo.microweber.org 2. Navigate to thi...

4CVSS0.6AI score0.01376EPSS
Exploits1
CNVD
CNVD
added 2021/06/12 12:0 a.m.10 views

Stored XSS Vulnerability in the Open Source Version of Mad God's Little Community

Mad God's small community open source version is a Springboot-based open source community management system . Mad God's small community open source version of the existence of stored XSS vulnerability , an attacker can use the vulnerability to obtain the user's cookie information...

5.6AI score
Exploits0
NVD
NVD
added 2020/11/27 6:15 p.m.16 views

CVE-2017-15686

Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting XSS, which allows remote attackers to steal users’ cookies...

6.1CVSS6.2AI score0.01038EPSS
Exploits0References1
Rows per page
Query Builder