Lucene search
+L

38 matches found

CVE
CVE
added 2026/02/18 1:12 p.m.16 views

CVE-2026-1437

Graylog Web Interface console 2.2.3 contains a reflected XSS flaw due to insufficient sanitization/escaping of HTML output. Several endpoints may echo parts of the URL in responses, enabling arbitrary JavaScript execution when a user visits a crafted URL. The vulnerability could allow script exec...

6.1CVSS6.1AI score0.00204EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/18 1:12 p.m.4 views

CVE-2026-1437 Reflected Cross-Site Scripting (XSS) vulnerability in Graylog Web Interface

Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...

5.3CVSS6.3AI score0.00204EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.9 views

Graylog Web Interface 跨站脚本漏洞

The Graylog Web Interface is a web interface provided by the American company Graylog. Version 2.2.3 of the Graylog Web Interface contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient cleaning and escaping of HTML output, which could allow arbitrary JavaScri...

6.1CVSS5.8AI score0.00204EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.7 views

PT-2026-20393

Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...

5.3CVSS6.1AI score0.00204EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/14 12:0 a.m.5 views

Webkul Krayin CRM 安全漏洞

Webkul Krayin CRM is a free and open source CRM solution for small and medium-sized businesses from Webkul India. A security vulnerability exists in Webkul Krayin CRM version 2.1.0 and prior versions, which originates in the file /admin/settings/users/edit that is vulnerable to cross-site scripti...

5.4CVSS4.3AI score0.00383EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/06/02 2:15 p.m.3 views

CVE-2022-30820

In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "usersedit.php" file...

8.8CVSS5.9AI score0.01099EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/06/02 2:15 p.m.10 views

CVE-2022-30829

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\usersedit.php...

7.2CVSS5.9AI score0.00945EPSS
Exploits1References2
OSV
OSV
added 2022/06/02 2:15 p.m.6 views

CVE-2022-30829

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\usersedit.php...

7.2CVSS7.1AI score0.00945EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.6 views

Wedding Management System SQL注入漏洞

Wedding Management System is a wedding planning management system by John Paul Lim Gabule, a personal developer. version 1.0 of Wedding Management System is vulnerable to SQL injection, which stems from a lack of validation of external input on the admin/usersedit.php page. SQL statement...

7.2CVSS6.1AI score0.00945EPSS
Exploits1References2
NVD
NVD
added 2020/06/04 7:15 p.m.18 views

CVE-2020-11679

Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to escalate their privileges by adding additional...

8.8CVSS9AI score0.02018EPSS
Exploits3References3
OSV
OSV
added 2020/06/04 7:15 p.m.10 views

CVE-2020-11679

Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to escalate their privileges by adding additional...

8.8CVSS7.3AI score0.02018EPSS
Exploits3References3
CVE
CVE
added 2020/06/04 6:31 p.m.63 views

CVE-2020-11679

Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation via Adminstrator/Users/Edit/:UserId, where requests aren’t checked for admin authority, enabling a normal user to add roles and gain administrator privileges. The issue is fixed in v1.0.1 per linked disclosures; CVSS data in sources ...

8.8CVSS8.9AI score0.02018EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2020/06/04 6:31 p.m.20 views

CVE-2020-11679

Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to escalate their privileges by adding additional...

9AI score0.02018EPSS
Exploits3References3
CNVD
CNVD
added 2018/07/02 12:0 a.m.6 views

WSTMall Cross-Site Request Forgery Vulnerability

WSTMall is an open source O2O e-commerce system developed using ThinkPHP framework and supporting multiple users. A cross-site request forgery vulnerability exists in WSTMall version 1.9.1170316. A remote attacker can add user accounts with the help of index.php?m=Admin&c=Users&a=edit URI to...

8.8CVSS8.9AI score0.00517EPSS
Exploits1References1
OSV
OSV
added 2018/06/29 2:29 p.m.3 views

CVE-2018-13010

WSTMall v1.9.1170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account...

8.8CVSS5.8AI score0.00517EPSS
Exploits1References1
CNVD
CNVD
added 2015/06/10 12:0 a.m.69 views

ISPConfig '/admin/users_edit.php' cross-site request forgery vulnerability

ISPConfig is a set of Linux-based open source hosting control panel, it can be used through the Web control panel to manage multiple servers, open a Web site, monitor server operating conditions and so on. ISPConfig suffers from a cross-site request forgery vulnerability that allows remote...

6.8CVSS7AI score0.0126EPSS
Exploits6References1
exploitpack
exploitpack
added 2008/11/26 12:0 a.m.43 views

CMS Ortus 1.13 - SQL Injection

CMS Ortus 1.13 - SQL Injection Author: otmorozok428, http://forum.antichat.ru Products: CMS Ortus 1.12, CMS Ortus 1.13 Vendor: http://ortus.nirn.ru Download: http://ortus.nirn.ru/files/ortus1-12.zip, http://ortus.nirn.ru/files/ortus1-13.zip Dork for ALL Versions of CMS Ortus:...

0.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2004/08/30 12:0 a.m.7 views

PT-2004-2553 · Unknown · Password Protect

Name of the Vulnerable Software and Affected Versions: Password Protect affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL statements and bypass authentication. This can be achieved through various parameters and files, including 1 admin or Pas...

7.5CVSS7.6AI score0.0124EPSS
Exploits1References7
Rows per page
Query Builder