Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-3209

Malware in sbrugna...

6.8CVSS6.2AI score0.01531EPSS
Exploits3References4
RedhatCVE
RedhatCVE
added 2025/05/22 6:3 a.m.7 views

CVE-2012-3232

Cross-site scripting XSS vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the texttitle parameter...

4.3CVSS5.8AI score0.01298EPSS
Exploits3References1
Prion
Prion
added 2012/06/29 5:55 p.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the texttitle parameter...

4.3CVSS6.1AI score0.01298EPSS
Exploits3References2Affected Software1
CVE
CVE
added 2012/06/29 5:0 p.m.37 views

CVE-2012-3232

The CVE-2012-3232 entry relates to web@all 2.0. Affected component: search.php; vulnerability types: CSRF (CVE-2012-3231) and XSS (CVE-2012-3232). Root cause: input passed via the GET parameter _text[title] is not properly sanitized, allowing an attacker to inject arbitrary HTML/script in the use...

4.3CVSS5.8AI score0.01298EPSS
Exploits3References2Affected Software1
Prion
Prion
added 2012/06/27 10:55 p.m.16 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding a file to execute arbitrary...

6.8CVSS8.5AI score0.01531EPSS
Exploits3References2Affected Software1
CVE
CVE
added 2012/06/27 10:0 p.m.38 views

CVE-2012-3231

CVE-2012-3231 affects web@all 2.0. The CSRF vulnerability resides in actions performed via HTTP requests to inc/browser/action.php (do_addfile), allowing an authenticated administrator to add, delete, or modify sensitive data. A PoC demonstrates how an attacker could forge a request to create an ...

6.8CVSS8.1AI score0.01531EPSS
Exploits3References2Affected Software1
Packet Storm
Packet Storm
added 2012/06/21 12:0 a.m.52 views

Web@All 2.0 Cross Site Request Forgery / Cross Site Scripting

Advisory ID: HTB23094 Product: web@all Vendor: webatall.org Vulnerable Versions: 2.0 downloaded before 30th of May 2012; prior versions may also be vulnerable Tested Version: 2.0 downloaded on 25th of May 2012 Vendor Notification: 30 May 2012 Vendor Patch: 30 May 2012 Public Disclosure: 20 June...

6.8CVSS0.1AI score0.01531EPSS
Exploits4
Rows per page
Query Builder