A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /view/teacher_salary_history1.php. The manipulation of the argument index leads to sql injection. The attack may be...
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/timetable_insert_form.php. The manipulation of the argument grade leads to cross site scripting. It is possible to launch.....
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_salary_details.php. The manipulation of the argument index leads to cross site scripting. The...
3.5CVSS
4.2AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /view/exam_timetable_grade_wise.php. The manipulation of the argument exam leads to cross site scripting. It is possible to...
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /view/timetable_grade_wise.php. The manipulation of the argument grade leads to cross site scripting....
3.5CVSS
4.2AI Score
0.0004EPSS
A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/all_teacher.php. The manipulation of the argument page leads to cross site scripting. The attack can be...
3.5CVSS
6.2AI Score
0.0004EPSS
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /view/exam_timetable_update_form.php. The manipulation of the argument exam leads to cross site...
3.5CVSS
4.2AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /view/find_friends.php. The manipulation of the argument my_type leads to cross site scripting. The...
3.5CVSS
4.2AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /model/approve_petty_cash.php. The manipulation of the argument admin_index leads to cross site scripting. The.....
3.5CVSS
4.1AI Score
0.0004EPSS
Zendframework Local file disclosure via XXE injection in Zend_XmlRpc
Zend_XmlRpc is vulnerable to XML eXternal Entity (XXE) Injection attacks. The SimpleXMLElement class (SimpleXML PHP extension) is used in an insecure way to parse XML data. External entities can be specified by adding a specific DOCTYPE element to XML-RPC requests. By exploiting this vulnerability....
7.5AI Score
ZendFramework Potential Cross-site Scripting in Development Environment Error View Script
The default error handling view script generated using Zend_Tool failed to escape request parameters when run in the "development" configuration environment, providing a potential XSS attack vector. Zend_Tool_Project_Context_Zf_ViewScriptFile was patched such that the view script template now...
6.2AI Score
The module use the ZoomEye API to search ZoomEye. ZoomEye is a search engine for cyberspace that lets the user find specific network components(ip, services, etc.). Setting facets will output a simple report on the overall search. It's values are: Host search: app, device, service, os, port,...
7.3AI Score
Zendframework Potential XSS or HTML Injection vector in Zend_Json
Zend_Json_Encoder was not taking into account the solidus character (/) during encoding, leading to incompatibilities with the JSON specification, and opening the potential for XSS or HTML injection attacks when returning HTML within a JSON...
6.3AI Score
Riverbed SteelHead CX WAN Traffic Manager Web UI Detection
The remote host is a Riverbed SteelHead CX WAN Traffic Manager appliance running a web based user interface. It is not possible to read the web UI version from a standard...
2.8AI Score
GE Multilin UR / URPlus / B95Plus Relay Web Interface Detection
The remote device is a GE Multilin Universal Relay (UR or URPlus), a relay used for managing, protecting, and monitoring remote SCADA...
2.3AI Score
A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to....
0.0004EPSS
Zendframework URL Rewrite vulnerability
zend-diactoros (and, by extension, Expressive), zend-http (and, by extension, Zend Framework MVC projects), and zend-feed (specifically, its PubSubHubbub sub-component) each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request....
7.2AI Score
SummerNote Cross Site Scripting Vulnerability
SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View...
6.1AI Score
0.0004EPSS
Hackers Sell Fake Pegasus Spyware on Clearnet and Dark Web
By Waqas Be cautious! Hackers are selling fake Pegasus spyware source code, alerts CloudSEK. Learn how to protect yourself from… This is a post from HackRead.com Read the original post: Hackers Sell Fake Pegasus Spyware on Clearnet and Dark...
7.2AI Score
RHEL 7 / 8 : Red Hat JBoss Web Server 5.6.0 Security (Important) (RHSA-2021:4861)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4861 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...
7.5CVSS
8AI Score
0.123EPSS
Zend_Filter_StripTags vulnerable to Cross-site Scripting when comments allowed
Zend_Filter_StripTags contained an optional setting to allow whitelisting HTML comments in filtered text. Microsoft Internet Explorer and several other browsers allow developers to create conditional functionality via HTML comments, including execution of script events and rendering of additional.....
6AI Score
Zendframework potential Cross-site Scripting vector in `Zend_Service_ReCaptcha_MailHide`
Zend_Service_ReCaptcha_MailHide had a potential XSS vulnerability. Due to the fact that the email address was never validated, and because its use of htmlentities() did not include the encoding argument, it was potentially possible for a malicious user aware of the issue to inject a specially...
6.2AI Score
A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive...
7.5CVSS
6.3AI Score
0.001EPSS
Magento is vulnerable to SQL injection. The vulnerability is due to a user with store manipulation privileges being able to execute arbitrary SQL queries by accessing the database connection through a group instance in email...
8.8CVSS
8.1AI Score
0.001EPSS
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a...
7.2CVSS
7.3AI Score
0.005EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt van Andel Adventure Journal allows Stored XSS.This issue affects Adventure Journal: from n/a through...
6.5CVSS
6.7AI Score
0.0004EPSS
RHEL 7 / 8 : Red Hat JBoss Web Server 5.5.0 Security (Moderate) (RHSA-2021:2561)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2561 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...
7.5CVSS
8.5AI Score
0.922EPSS
Vantiva - MediaAccess DGA2232 v19.4 - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site...
6.1CVSS
0.0004EPSS
Apache ActiveMQ 5.11.x < 5.11.4 / 5.12.x < 5.12.3 / 5.13.x < 5.13.1 Web Console Multiple XSS
The version of Apache ActiveMQ running on the remote host is 5.11.x prior to 5.11.4, 5.12.x prior to 5.12.3, or 5.x prior to 5.13.1. It is, therefore, affected by multiple cross-site scripting vulnerabilities in the web-based administration console due to improper validation of user-supplied...
5.4CVSS
6.1AI Score
0.001EPSS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through...
8CVSS
6.8AI Score
0.0004EPSS
Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling...
7.5CVSS
6.9AI Score
0.001EPSS
Vantiva - MediaAccess DGA2232 v19.4 - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site...
6.1CVSS
7AI Score
0.0004EPSS
DrayTek - Remote Code Execution
DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi...
9.8CVSS
9.8AI Score
0.971EPSS
Cisco Secure Web Appliance XSS (cisco-sa-esa-sma-wsa-xss-bgG5WHOD)
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker...
4.8CVSS
5.5AI Score
0.0004EPSS
A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to...
6.4AI Score
0.0004EPSS
7.4AI Score
EPSS
Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to...
0.0004EPSS
MinIO information disclosure vulnerability
Impact If-Modified-Since If-Unmodified-Since Headers when used with anonymous requests by sending a random object name requests you can figure out if the object exists or not on the server on a specific bucket and also gain access to some amount of information such as Last-Modified (of the...
5.3CVSS
6.2AI Score
0.0004EPSS
Exploit for Unprotected Alternate Channel in Cisco Ios Xe
CVE-2023-20198 - PoC SCRIPT /!\ Disclaimer: This...
10CVSS
8.6AI Score
0.848EPSS
A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to...
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to...
3.5CVSS
4.1AI Score
0.0004EPSS
magento/community-edition is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to improper sanitization of user input in the product and category management sections, allowing attackers to inject malicious scripts that can affect other admin users accessing those...
4.8CVSS
6.2AI Score
0.001EPSS
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /view/student_payment_details4.php. The manipulation of the argument index leads to cross site scripting. The attack can be....
3.5CVSS
4.3AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/my_student_exam_marks1.php. The manipulation of the argument year leads to cross site scripting. It is possible to launch....
3.5CVSS
6.2AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details2.php. The manipulation of the argument index leads to cross site scripting. It is possible to...
3.5CVSS
6.2AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /view/teacher_salary_invoice1.php. The manipulation of the argument date leads to cross site scripting. It is possible to initiate....
3.5CVSS
4.1AI Score
0.0004EPSS
SummerNote Cross Site Scripting Vulnerability
SummerNote 0.8.18 is vulnerable to Cross Site Scripting (XSS) via the Code View...
6.1AI Score
0.0004EPSS
A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /view/teacher_attendance_history1.php. The manipulation of the argument year leads to cross site...
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /view/student_payment_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be...
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/show_teacher2.php. The manipulation of the argument month leads to cross site scripting. It is possible to launch the...
3.5CVSS
4.1AI Score
0.0004EPSS