Lucene search
+L

47473 matches found

OSV
OSV
added 2024/02/01 12:16 a.m.35 views

GHSA-8PJX-JJ86-J47P Grafana path traversal

Today we are releasing Grafana 8.3.1, 8.2.7, 8.1.8, 8.0.7. This patch release includes a high severity security fix that affects Grafana versions from v8.0.0-beta1 through v8.3.0. Release v8.3.1, only containing a security fix: - Download Grafana 8.3.1 - Release notes Release v8.2.7, only...

7.5CVSS8.2AI score0.88849EPSS
Exploits44References11
OSV
OSV
added 2023/12/15 11:15 a.m.4 views

CVE-2023-48484

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

5.4CVSS5.7AI score0.00562EPSS
Exploits0References1
OSV
OSV
added 2023/12/15 11:15 a.m.7 views

CVE-2023-48486

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

5.4CVSS5.7AI score0.00562EPSS
Exploits0References1
OSV
OSV
added 2023/12/15 11:15 a.m.4 views

CVE-2023-48482

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

5.4CVSS5.7AI score0.00562EPSS
Exploits0References1
OSV
OSV
added 2023/12/07 5:15 a.m.5 views

CVE-2023-28017

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal...

5.4CVSS5.9AI score0.00414EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2023/08/08 12:0 a.m.315 views

mooSocial 3.1.8 - Reflected XSS

Exploit Title: mooSocial 3.1.8 - Reflected XSS Exploit Author: CraCkEr Date: 28/07/2023 Vendor: mooSocial Vendor Homepage: https://moosocial.com/ Software Link: https://travel.moosocial.com/ Version: 3.1.8 Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4173...

6.1CVSS6.3AI score0.03336EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/08/07 12:0 a.m.312 views

mooSocial 3.1.8 Cross Site Scripting

Exploit Title: mooSocial 3.1.8 - Reflected XSS Exploit Author: CraCkEr Date: 28/07/2023 Vendor: mooSocial Vendor Homepage: https://moosocial.com/ Software Link: https://travel.moosocial.com/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4173 Greetings...

7.1AI score0.03336EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/08/04 12:0 a.m.468 views

PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS

Exploit Title: PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS Exploit Author: CraCkEr Date: 20/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/shuttle-booking-software/ Version: 1.0 Tested on: Windows 10 Pro Impact:...

6.1CVSS7AI score0.05177EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/08/03 12:0 a.m.281 views

PHPJabbers Shuttle Booking Software 1.0 Cross Site Scripting

Exploit Title: PHPJabbers Shuttle Booking Software 1.0 - Reflected XSS Exploit Author: CraCkEr Date: 20/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/shuttle-booking-software/ Tested on: Windows 10 Pro Impact: Manipulate the...

7.1AI score0.05177EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/07/17 12:0 a.m.238 views

Insurance 1.2 Cross Site Scripting

Exploit Title: Insurance 1.2 - Reflected XSS Exploit Author: CraCkEr Date: 16/07/2023 Vendor: phpscriptpoint Vendor Homepage: https://phpscriptpoint.com/ Software Link: https://demo.phpscriptpoint.com/insurance/ Tested on: Windows 10 Pro Impact: Manipulate the content of the site Description The...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/06/20 12:0 a.m.280 views

Groomify 1.0 SQL Injection

Exploit Title: Groomify v1.0 - SQL Injection Date: 2023-06-17 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/groomify-barbershop-salon-spa-booking-and-ecommerce-platform/45808114 Demo Site: https://script.bugfinder.net/groomify Tested on: Kali Linux CVE: N/A Vulnerable URL...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2023/06/19 12:0 a.m.329 views

Groomify v1.0 - SQL Injection

Exploit Title: Groomify v1.0 - SQL Injection Date: 2023-06-17 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/groomify-barbershop-salon-spa-booking-and-ecommerce-platform/45808114 Demo Site: https://script.bugfinder.net/groomify Tested on: Kali Linux CVE: N/A Vulnerable URL...

7.4AI score
Exploits0
OSV
OSV
added 2023/06/15 7:15 p.m.5 views

CVE-2023-29322

Adobe Experience Manager versions 6.5.16.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

5.4CVSS5.7AI score0.00489EPSS
Exploits0References1
0day.today
0day.today
added 2023/04/06 12:0 a.m.269 views

Music Gallery Site v1.0 - SQL Injection Vulnerability (3)

Exploit Title: Music Gallery Site v1.0 - SQL Injection on page Master.php Exploit Author: Muhammad Navaid Zafar Ansari CVE Assigned: CVE-2023-0962 mitre.org nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Music Gallery Site Version: v 1.0 Tested on: Windows 11 SQL...

8.8CVSS8.8AI score0.01741EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/04/06 12:0 a.m.280 views

Music Gallery Site v1.0 - SQL Injection on page Master.php

Exploit Title: Music Gallery Site v1.0 - SQL Injection on page Master.php Exploit Author: Muhammad Navaid Zafar Ansari Date: 21 February 2023 CVE Assigned: CVE-2023-0962 mitre.org nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Music Gallery Site Version: v 1.0 Tested...

8.8CVSS8.8AI score0.01741EPSS
Exploits5
Prion
Prion
added 2023/03/15 11:15 p.m.21 views

Remote code execution

Array Networks Array AG Series and vxAG 9.4.0.481 and earlier allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09...

7.5CVSS9.5AI score0.67645EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2023/02/27 6:52 a.m.99 views

U.S. Dept Of Defense: DoS at █████(CVE-2018-6389)

A vulnerability in WordPress allowed unauthenticated attackers to launch a denial of service attack by listing a large number of registered .js files from wp-includes/script-loader.php. The vulnerability was assigned CVE-2018-6389. Attackers could use this function to deplete server resources and...

7.5CVSS7.3AI score0.73098EPSS
Exploits11
Hacker One
Hacker One
added 2023/01/14 6:46 a.m.41 views

Brave Software: S3 Bucket Takeover "brave-browser-rpm-staging-release-test"

An unclaimed S3 bucket was found on the domain hosting services of brave.com, which could have been taken over by an attacker to spread malware using the keyrings of the brave browser. The bucket was used to get keyrings of the browser in Linux distros, and it was pointing towards an unclaimed S3...

7.1AI score
Exploits0
OSV
OSV
added 2022/12/19 8:15 p.m.6 views

CVE-2022-42345

Adobe Experience Manager version 6.5.14 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

5.4CVSS5.7AI score0.0048EPSS
Exploits0References1
Hacker One
Hacker One
added 2022/11/03 6:18 p.m.207 views

XVIDEOS: Self-XSS on Suggest Tag dialog box

Summary: Stored cross-site scripting arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. vulnerable URL : https://www.xvideos.com/video57921571/friendb.ifd. Vulnerability Description : Application have a add ta...

5.3AI score
Exploits0
Rows per page
Query Builder