Scriptegrator Plugin for Joomla! 'files[]' Parameter Remote File Include
The version of the Core Design Scriptegrator plugin for Joomla! running on the remote host is affected by a remote file include vulnerability due to improper sanitization of user-supplied input to the 'files[]' parameter before using it in the cdscriptegrator/libraries/highslide/js/jsloader.php...
7.3AI Score
0.016EPSS
CVE-2024-4907 Campcodes Complete Web-Based School Management System show_student2.php sql injection
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/show_student2.php. The manipulation of the argument grade leads to sql injection. The attack can be initiated remotely......
6.3CVSS
7.1AI Score
0.0004EPSS
RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.3 (RHSA-2023:3420)
The remote Redhat Enterprise Linux 7 / 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3420 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised...
8.1AI Score
0.004EPSS
RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.0 (RHSA-2022:7272)
The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7272 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised...
7CVSS
7.2AI Score
0.002EPSS
7.4AI Score
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /model/delete_student_grade_subject.php. The manipulation of the argument index leads to cross site scripting. It is possible...
3.5CVSS
4.1AI Score
0.0004EPSS
CVE-2024-4907 Campcodes Complete Web-Based School Management System show_student2.php sql injection
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/show_student2.php. The manipulation of the argument grade leads to sql injection. The attack can be initiated remotely......
6.3CVSS
7.5AI Score
0.0004EPSS
Zend_Filter_StripTags vulnerable to Cross-site Scripting when comments allowed
Zend_Filter_StripTags contained an optional setting to allow whitelisting HTML comments in filtered text. Microsoft Internet Explorer and several other browsers allow developers to create conditional functionality via HTML comments, including execution of script events and rendering of additional.....
6AI Score
Zendframework potential Cross-site Scripting vector in `Zend_Service_ReCaptcha_MailHide`
Zend_Service_ReCaptcha_MailHide had a potential XSS vulnerability. Due to the fact that the email address was never validated, and because its use of htmlentities() did not include the encoding argument, it was potentially possible for a malicious user aware of the issue to inject a specially...
6.2AI Score
Zendframework Potential XSS or HTML Injection vector in Zend_Json
Zend_Json_Encoder was not taking into account the solidus character (/) during encoding, leading to incompatibilities with the JSON specification, and opening the potential for XSS or HTML injection attacks when returning HTML within a JSON...
6.3AI Score
Zendframework Local file disclosure via XXE injection in Zend_XmlRpc
Zend_XmlRpc is vulnerable to XML eXternal Entity (XXE) Injection attacks. The SimpleXMLElement class (SimpleXML PHP extension) is used in an insecure way to parse XML data. External entities can be specified by adding a specific DOCTYPE element to XML-RPC requests. By exploiting this vulnerability....
7.5AI Score
ZendFramework Potential Cross-site Scripting in Development Environment Error View Script
The default error handling view script generated using Zend_Tool failed to escape request parameters when run in the "development" configuration environment, providing a potential XSS attack vector. Zend_Tool_Project_Context_Zf_ViewScriptFile was patched such that the view script template now...
6.2AI Score
DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated...
5.4CVSS
5.6AI Score
0.0005EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pulsar Web Design Weekly Class Schedule allows Reflected XSS.This issue affects Weekly Class Schedule: from n/a through...
7.1CVSS
7.1AI Score
0.0004EPSS
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of...
8.7CVSS
5.8AI Score
0.0004EPSS
libyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issue is the function yaml_emitter_emit of the file /src/libyaml/src/emitter.c. The manipulation leads to a double-free. Notes Author| Note ---|--- jdstrand | golang-goyaml is a go translation of libyaml and shouldn't share...
6.6AI Score
0.0004EPSS
BIBLIOsoft BIBLIOpac 2008 - Cross-Site Scripting
BIBLIOsoft BIBLIOpac 2008 contains a cross-site scripting vulnerability via the db or action parameter to bin/wxis.exe/bibliopac/, which allows a remote attacker to inject arbitrary web script or...
6.1CVSS
6AI Score
0.001EPSS
The YouTube Video Gallery by YouTube Showcase – Video Gallery Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the emd_form_builder_lite_submit_form function in all versions up to, and including, 3.3.6. This makes it.....
5.3CVSS
6.6AI Score
0.0005EPSS
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of...
8.7CVSS
8.2AI Score
0.0004EPSS
design-atelier.co.in Cross Site Scripting vulnerability OBB-3864663
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data,...
6.9AI Score
RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.8.0 (RHSA-2024:1913)
The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1913 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...
7.8AI Score
0.0004EPSS
RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.7 (RHSA-2023:7622)
The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7622 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised...
7.5CVSS
6.7AI Score
0.003EPSS
RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.5 (RHSA-2023:5783)
The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5783 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...
7.5CVSS
8.3AI Score
0.732EPSS
ACME mini_httpd <1.30 - Local File Inclusion
ACME mini_httpd before 1.30 is vulnerable to local file...
6.5CVSS
6.4AI Score
0.393EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /model/delete_student_grade_subject.php. The manipulation of the argument index leads to cross site scripting. It is possible...
3.5CVSS
6.2AI Score
0.0004EPSS
RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.1 (RHSA-2022:8917)
The remote Redhat Enterprise Linux 7 / 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:8917 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised...
9.8CVSS
10AI Score
0.106EPSS
RHEL 6 / 7 / 8 : Red Hat JBoss Web Server 5.3.2 (RHSA-2020:3306)
The remote Redhat Enterprise Linux 6 / 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3306 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised...
7.5CVSS
8.3AI Score
0.912EPSS
ThinkPHP 5.0.24 - Information Disclosure
ThinkPHP 5.0.24 is susceptible to information disclosure. This version was configured without the PATHINFO parameter. This can allow an attacker to access all system environment parameters from index.php, thereby possibly obtaining sensitive information, modifying data, and/or executing...
7.5CVSS
7.2AI Score
0.013EPSS
Splunk <=7.0.1 - Information Disclosure
Splunk through 7.0.1 is susceptible to information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license...
5.3CVSS
4.9AI Score
0.839EPSS
RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.8 (RHSA-2024:1318)
The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1318 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised...
7.5CVSS
7.6AI Score
0.005EPSS
RHEL 6 / 7 / 8 : Red Hat JBoss Web Server 5.3.1 (RHSA-2020:2506)
The remote Redhat Enterprise Linux 6 / 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2506 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...
7CVSS
7.9AI Score
0.922EPSS
A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user...
8CVSS
7.3AI Score
0.0004EPSS
Server-side Template Injection (SSTI)
document_merge_service is vulnerable to Server-side Template Injection (SSTI). The vulnerability is due to insufficient input sanitization and validation in the handling of templates within the Document Merge Service, which allows attackers to inject malicious code into templates, which is then...
9.9CVSS
7.1AI Score
0.0004EPSS
Veeam ONE Web Client Page Fails to Load After Updating .NET Runtime Components
Make sure all .NET runtime versions match, then restart the Veeam ONE Reporting...
7.1AI Score
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Ultimate Reviews allows Stored XSS.This issue affects Ultimate Reviews: from n/a through...
7.1CVSS
7AI Score
0.0004EPSS
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of Virtual Metrics. The issue results from the lack of proper validation of a....
6.5CVSS
6.4AI Score
0.002EPSS
libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application, which was making use of the libyaml library, omitted the required calls to the...
7.2AI Score
0.0004EPSS
5.4CVSS
7.5AI Score
0.001EPSS
A vulnerability, which was classified as critical, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/student_payment_details4.php. The manipulation of the argument index leads to sql injection. It is possible to launch the...
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability, which was classified as critical, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/student_payment_details2.php. The manipulation of the argument index leads to sql injection. The attack may...
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /view/range_grade_text.php. The manipulation of the argument count leads to cross site scripting. The attack may be initiated....
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /view/range_grade_text.php. The manipulation of the argument count leads to cross site scripting. The attack may be initiated....
3.5CVSS
6.2AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument index leads to sql injection. The attack may be...
6.3CVSS
7.1AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument index leads to sql injection. The attack may be...
6.3CVSS
7.4AI Score
0.0004EPSS
A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_payment_invoice.php. The manipulation of the argument desc leads to cross site scripting. It is possible to initiate.....
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /view/exam_timetable_insert_form.php. The manipulation of the argument exam leads to cross site scripting. The...
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /view/exam_timetable_insert_form.php. The manipulation of the argument exam leads to cross site scripting. The...
3.5CVSS
6.2AI Score
0.0004EPSS
A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/show_friend_request.php. The manipulation of the argument my_index leads to cross site scripting. It is possible to initiate.....
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument grade leads to sql injection......
6.3CVSS
7AI Score
0.0004EPSS