Lucene search
K

229818 matches found

Nuclei
Nuclei
added 19 hours ago44 views

PrestaShop 'possearchproducts' <= 1.7 - SQL Injection

In the module “Search Products” possearchproducts from PosThemes for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2023-30192 info: name: PrestaShop 'possearchproducts' = 1.7 - SQL Injection author: mastercho severity: critical description: | In the module “Search...

9.8CVSS7AI score0.02678EPSS
Exploits1References2
Nuclei
Nuclei
added 19 hours ago43 views

microweber 1.2.18 - Cross-site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository microweber/microweber prior to 1.2.18. id: CVE-2022-2174 info: name: microweber 1.2.18 - Cross-site Scripting author: r3Y3r53 severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository microweber/microweber...

6.5CVSS6.6AI score0.02811EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago38 views

Microweber <1.2.11 - Information Disclosure

Microweber before 1.2.11 is susceptible to information disclosure. An error message is generated in microweber/microweber which contains sensitive information while viewing comments from loadmodule:commentssearch=. An attacker can possibly obtain sensitive information, modify data, and/or execute...

9.4CVSS7.1AI score0.06923EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago89 views

Microweber < 1.2.12 - Stored Cross-Site Scripting

Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability via the Type parameter in the body of POST request, which is triggered by Add/Edit Tax. id: CVE-2022-0928 info: name: Microweber 1.2.12 - Stored Cross-Site Scripting author: amit-jd severity: medium description: |...

6.8CVSS6.6AI score0.02389EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago143 views

PrestaShop tshirtecommerce - Directory Traversal

The Custom Product Designer tshirtecommerce module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files. id: CVE-2023-27640 info: name: PrestaShop tshirtecommerce...

7.5CVSS7AI score0.03573EPSS
Exploits1References3
Nuclei
Nuclei
added 19 hours ago122 views

WBCE 1.6.0 - SQL Injection

There is an sql injection vulnerability in "miniform module" which is a default module installed in the WBCE cms. It is an unauthenticated sqli so anyone could access it and takeover the whole database. In file "/modules/miniform/ajaxdeletemessage.php" there is no authentication check. On line 40...

9.8CVSS7AI score0.06096EPSS
Exploits3References3
Nuclei
Nuclei
added 19 hours ago129 views

PrestaShop TshirteCommerce - Directory Traversal

The Custom Product Designer tshirtecommerce module for PrestaShop allows HTTP requests to be forged using POST and GET parameters, enabling a remote attacker to perform directory traversal on the system and view the contents of code files. id: CVE-2023-27639 info: name: PrestaShop TshirteCommerce...

7.5CVSS7AI score0.03551EPSS
Exploits1References3
Nuclei
Nuclei
added 19 hours ago33 views

Rukovoditel <= 3.2.1 - Cross-Site Scripting

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add Page function at /index.php?module=helppages/pages&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title fiel...

5.4CVSS6.4AI score0.01046EPSS
Exploits1References4
Nuclei
Nuclei
added 19 hours ago53 views

Rukovoditel <= 3.2.1 - Cross Site Scripting

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add New Field function at /index.php?module=entities/fields&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name...

5.4CVSS6.3AI score0.00937EPSS
Exploits1References4
Nuclei
Nuclei
added 19 hours ago93 views

Rukovoditel <= 3.2.1 - Cross Site Scripting

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking...

5.4CVSS6.3AI score0.00903EPSS
Exploits1References4
Nuclei
Nuclei
added 19 hours ago80 views

Rukovoditel <= 3.2.1 - Cross Site Scripting

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Highlight Row feature at /index.php?module=entities/listingtypes&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the...

5.4CVSS6.4AI score0.00961EPSS
Exploits1References4
Nuclei
Nuclei
added 19 hours ago89 views

PrestaShop Responsive Mega Menu Module - Remote Code Execution

The 'Responsive Mega Menu' module for PrestaShop is prone to a remote code execution and SQL injection vulnerability. modules/bamegamenu/ajaxphpcode.php in the Responsive Mega Menu Horizontal+Vertical+Dropdown Pro module 1.0.32 for PrestaShop allows remote attackers to execute an SQL injection or...

9.8CVSS7.5AI score0.51572EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago47 views

PrestaShop fieldpopupnewsletter Module - Cross Site Scripting

Fieldpopupnewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the callback parameter at ajax.php. id: CVE-2023-39676 info: name: PrestaShop fieldpopupnewsletter Module - Cross Site Scripting author: meme-lord severity: medium...

6.1CVSS6.4AI score0.01343EPSS
Exploits1References3
Nuclei
Nuclei
added 19 hours ago35 views

SecurePoint UTM 12.x Session ID Leak

An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface. id:...

7.5CVSS7AI score0.03888EPSS
Exploits4References5
Nuclei
Nuclei
added 19 hours ago52 views

Rukovoditel <= 3.2.1 - Cross Site Scripting

A stored cross-site scripting XSS vulnerability in the Dashboard Configuration feature index.php?module=dashboardconfigure/index of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Ad...

5.4CVSS6.3AI score0.00874EPSS
Exploits1References3
Nuclei
Nuclei
added 19 hours ago53 views

Rukovoditel <= 3.2.1 - Cross-Site Scripting

A stored cross-site scripting XSS vulnerability in the Global Lists feature /index.php?module=globallists/lists of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add". id:...

5.4CVSS6.8AI score0.00961EPSS
Exploits1References3
Nuclei
Nuclei
added 19 hours ago35 views

Microweber <1.2.15 - Cross-Site Scripting

Microweber prior to 1.2.15 contains a reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch oth...

6.3CVSS6.8AI score0.0327EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago38 views

Clansphere CMS 2011.4 - Cross-Site Scripting

Clansphere CMS 2011.4 contains an unauthenticated reflected cross-site scripting vulnerability via the "language" parameter. id: CVE-2021-27310 info: name: Clansphere CMS 2011.4 - Cross-Site Scripting author: alph4byt3 severity: medium description: Clansphere CMS 2011.4 contains an unauthenticate...

6.1CVSS6.4AI score0.02816EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago60 views

PrestaShop 1.7.7.0 - SQL Injection

PrestaShop 1.7.7.0 contains a SQL injection vulnerability via the store system. It allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade idproducts parameter. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...

9.8CVSS7.1AI score0.20695EPSS
Exploits1References5
Nuclei
Nuclei
added 19 hours ago65 views

Microweber < 1.2.17 - Cross-Site Scripting

Cross-site Scripting XSS vulnerability in the /demo/editortools/module endpoint via the 'type' parameter. id: CVE-2022-2130 info: name: Microweber 1.2.17 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross-site Scripting XSS vulnerability in the...

6.5CVSS6.6AI score0.02907EPSS
Exploits1References2
Rows per page
Query Builder