Lucene search
+L

4 matches found

osv
osv
added 2026/01/13 10:52 p.m.6 views

CVE-2023-54341 Webgrind 1.1 - Reflected Cross-Site Scripting (XSS) via file Parameter

Webgrind 1.1 and before contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts via the file parameter in index.php. The application does not sufficiently encode user-controlled inputs, allowing attackers to execute arbitrary...

5.1CVSS6AI score0.003EPSS
Exploits1References5
redhatcve
redhatcve
added 2025/05/22 2:56 a.m.9 views

CVE-2018-12909

Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem that the webserver user has access to via an index.php?op=fileviewer= URI. NOTE: the vendor indicates that the product is not intended for a "publicly accessible environment...

7.8CVSS6.7AI score0.18568EPSS
Exploits0References1
cvelist
cvelist
added 2012/03/19 6:0 p.m.26 views

CVE-2012-1790

Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2 allows remote attackers to read arbitrary files via a full pathname in the file parameter to index.php...

6.7AI score0.05188EPSS
Exploits2References5
exploitdb
exploitdb
added 2012/02/25 12:0 a.m.30 views

webgrind 1.0 - 'file' Local File Inclusion

webgrind 1.0 file param Local File Inclusion Vulnerability Vendor: Joakim Nygard and Jacob Oettinger Product web page: http://code.google.com/p/webgrind Affected version: 1.0 v1.02 in trunk on github Summary: Webgrind is an Xdebug profiling web frontend in PHP5. Desc: webgrind suffers from a file...

7.4AI score
Exploits0
Rows per page
Query Builder