CAGE Web Design | Rolf Van Gelder Security Vulnerabilities
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a repository in raw mode, it can be made to render as...
4.4CVSS
0.0004EPSS
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a repository in raw mode, it can be made to render as...
4.4CVSS
5.7AI Score
0.0004EPSS
RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.8.0 (RHSA-2024:1913)
The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1913 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...
7.8AI Score
0.0004EPSS
RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.7 (RHSA-2023:7622)
The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7622 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised...
7.5CVSS
6.7AI Score
0.003EPSS
RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.5 (RHSA-2023:5783)
The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5783 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...
7.5CVSS
8.3AI Score
0.732EPSS
Rockwell Automation MicroLogix 1400 PLC Web Server Detection
The remote device is running an integrated web server that is part of the software platform for managing and monitoring the Rockwell Automation MicroLogix 1400 Programmable Logic Controller...
2.2AI Score
Rockwell Automation MicroLogix 1100 PLC Web Server Detection
The remote device is running an integrated web server that is part of the software platform for managing and monitoring the Rockwell Automation MicroLogix 1100 Programmable Logic Controller...
2.2AI Score
Moodle Privilege escalation in quiz web services
In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the...
4.3CVSS
7.1AI Score
0.001EPSS
Moodle Privilege escalation in quiz web services
In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the...
4.3CVSS
6.6AI Score
0.001EPSS
Zend_Filter_StripTags vulnerable to Cross-site Scripting when comments allowed
Zend_Filter_StripTags contained an optional setting to allow whitelisting HTML comments in filtered text. Microsoft Internet Explorer and several other browsers allow developers to create conditional functionality via HTML comments, including execution of script events and rendering of additional.....
6AI Score
Zendframework potential Cross-site Scripting vector in `Zend_Service_ReCaptcha_MailHide`
Zend_Service_ReCaptcha_MailHide had a potential XSS vulnerability. Due to the fact that the email address was never validated, and because its use of htmlentities() did not include the encoding argument, it was potentially possible for a malicious user aware of the issue to inject a specially...
6.2AI Score
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Ultimate Reviews allows Stored XSS.This issue affects Ultimate Reviews: from n/a through...
7.1CVSS
7AI Score
0.0004EPSS
RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.1 (RHSA-2022:8917)
The remote Redhat Enterprise Linux 7 / 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:8917 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised...
9.8CVSS
10AI Score
0.106EPSS
RHEL 6 / 7 / 8 : Red Hat JBoss Web Server 5.3.2 (RHSA-2020:3306)
The remote Redhat Enterprise Linux 6 / 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3306 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised...
7.5CVSS
8.3AI Score
0.912EPSS
magento/community-edition is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to improper sanitization of user input in the product and category management sections, allowing attackers to inject malicious scripts that can affect other admin users accessing those...
4.8CVSS
6.2AI Score
0.001EPSS
Zendframework URL Rewrite vulnerability
zend-diactoros (and, by extension, Expressive), zend-http (and, by extension, Zend Framework MVC projects), and zend-feed (specifically, its PubSubHubbub sub-component) each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request....
7.2AI Score
A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to....
0.0004EPSS
Zendframework Local file disclosure via XXE injection in Zend_XmlRpc
Zend_XmlRpc is vulnerable to XML eXternal Entity (XXE) Injection attacks. The SimpleXMLElement class (SimpleXML PHP extension) is used in an insecure way to parse XML data. External entities can be specified by adding a specific DOCTYPE element to XML-RPC requests. By exploiting this vulnerability....
7.5AI Score
Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: * list * show * rewrite * update An attacker can leak the session component using an...
5.7CVSS
5.4AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /view/student_profile1.php. The manipulation of the argument std_index leads to sql injection. The attack may be initiated...
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability classified as critical has been found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/teacher_attendance_history1.php. The manipulation of the argument index leads to sql injection. It is possible to launch the attack.....
6.3CVSS
6.9AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. This affects an unknown part of the file /view/teacher_salary_details2.php. The manipulation of the argument index leads to sql injection. It is possible to initiate the...
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. This affects an unknown part of the file /view/teacher_salary_details2.php. The manipulation of the argument index leads to sql injection. It is possible to initiate the...
6.3CVSS
7.3AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view/exam_timetable.php. The manipulation of the argument exam leads to cross site scripting. The attack can be...
3.5CVSS
4.2AI Score
0.0004EPSS
CVE-2024-4722 Campcodes Complete Web-Based School Management System index.php cross site scripting
A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument category leads to cross site scripting. The attack can be initiated remotely. The...
3.5CVSS
6.3AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /view/student_first_payment.php. The manipulation of the argument index leads to cross site scripting.....
3.5CVSS
4.2AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /view/exam_timetable_grade_wise.php. The manipulation of the argument exam leads to cross site scripting. It is possible to...
3.5CVSS
6.2AI Score
0.0004EPSS
A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/show_friend_request.php. The manipulation of the argument my_index leads to cross site scripting. It is possible to initiate.....
3.5CVSS
6.2AI Score
0.0004EPSS
CVE-2024-4906 Campcodes Complete Web-Based School Management System show_student1.php sql injection
A vulnerability, which was classified as critical, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/show_student1.php. The manipulation of the argument grade leads to sql injection. It is possible to initiate the attack...
6.3CVSS
7.3AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /view/find_friends.php. The manipulation of the argument my_type leads to cross site scripting. The...
3.5CVSS
6.2AI Score
0.0004EPSS
A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/show_student_subject.php. The manipulation of the argument id leads to cross site scripting. The attack can....
3.5CVSS
4.2AI Score
0.0004EPSS
A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /view/show_student_grade_subject.php. The manipulation of the argument id leads to cross site...
3.5CVSS
6.2AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pulsar Web Design Weekly Class Schedule allows Reflected XSS.This issue affects Weekly Class Schedule: from n/a through...
7.1CVSS
7.1AI Score
0.0004EPSS
Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling...
7.5CVSS
6.9AI Score
0.001EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view/teacher_salary_details3.php. The manipulation of the argument index leads to sql injection. The attack can be...
6.3CVSS
6.9AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. This affects an unknown part of the file /view/student_payment_invoice1.php. The manipulation of the argument date leads to sql injection. It is possible to initiate the...
6.3CVSS
6.8AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view/exam_timetable.php. The manipulation of the argument exam leads to cross site scripting. The attack can be...
3.5CVSS
6.3AI Score
0.0004EPSS
A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file /view/student_due_payment.php. The manipulation of the argument due_month leads to cross site scripting. The attack can be initiated....
3.5CVSS
4.2AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details.php. The manipulation of the argument index leads to cross site scripting. It is possible to...
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/teacher_salary_details.php. The manipulation of the argument index leads to cross site scripting. The...
3.5CVSS
6.2AI Score
0.0004EPSS
CVE-2024-4722 Campcodes Complete Web-Based School Management System index.php cross site scripting
A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument category leads to cross site scripting. The attack can be initiated remotely. The...
3.5CVSS
4.3AI Score
0.0004EPSS
A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/all_teacher.php. The manipulation of the argument page leads to cross site scripting. The attack can be...
3.5CVSS
4.2AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument grade leads to sql injection......
6.3CVSS
7.4AI Score
0.0004EPSS
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /view/timetable.php. The manipulation of the argument grade leads to cross site scripting. The attack may be...
3.5CVSS
4.1AI Score
0.0004EPSS
A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/show_student_subject.php. The manipulation of the argument id leads to cross site scripting. The attack can....
3.5CVSS
6.2AI Score
0.0004EPSS
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /model/update_exam.php. The manipulation of the argument name leads to cross site scripting. The attack can be initiated...
3.5CVSS
4.3AI Score
0.0004EPSS
A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to...
6.4AI Score
0.0004EPSS
The module use the ZoomEye API to search ZoomEye. ZoomEye is a search engine for cyberspace that lets the user find specific network components(ip, services, etc.). Setting facets will output a simple report on the overall search. It's values are: Host search: app, device, service, os, port,...
7.3AI Score
5.4CVSS
7.1AI Score
0.003EPSS
5.4CVSS
7.1AI Score
0.003EPSS