Collabora Online is a collaborative online office suite based on LibreOffice technology. This vulnerability report describes a reflected XSS vulnerability with full CSP bypass in Nextcloud installations using the recommended bundle. The vulnerability can be exploited to perform a trivial account...
6.1CVSS
6AI Score
0.001EPSS
Collabora Online is a collaborative online office suite. A stored cross-site scripting (XSS) vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an administrator opened.....
8.7CVSS
5AI Score
0.0005EPSS
OpenAPI Generator Online - Arbitrary File Read/Delete
Impact Attackers can exploit the vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the outputFolder option. Patches The issue was fixed via...
8.3CVSS
6.3AI Score
0.0004EPSS
org.openapitools, openapi-generator-online is vulnerable to a Path Traversal. The vulnerability is due to unrestricted access to the outputFolder option, which allows attackers to manipulate file paths and potentially read or delete files and folders outside of the intended...
8.3CVSS
6.6AI Score
0.0004EPSS
Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu/Sl Firmware
CVE-2021-36260 CVE-2021-36260 POC command injection...
9.8CVSS
9.8AI Score
0.975EPSS
Malicious code in trip-component-platform-online-subscribe-checkbox (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (91926502e6913f304f4280d85719128ae9c6347ce58c5dfbd18da08cd2c91e26) The OpenSSF Package Analysis project identified 'trip-component-platform-online-subscribe-checkbox' @ 2.3.1 (npm) as malicious. It is considered...
7.4AI Score
Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu/Sl Firmware
海康威视 CVE-2021-36260 RCE 漏洞 漏洞描述 攻击者利用该漏洞可以用无限制的 root...
9.8CVSS
9.7AI Score
0.975EPSS
BigProf Online Invoicing System before 2.9 suffers from an unauthenticated SQL Injection found in /membership_passwordReset.php (the endpoint that is responsible for issuing self-service password resets). An unauthenticated attacker is able to send a request containing a crafted payload that can...
9.8CVSS
7.8AI Score
0.002EPSS
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/items_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to....
6.3CVSS
5.9AI Score
0.0004EPSS
OpenAPI Generator Online - Arbitrary File Read/Delete
Impact Attackers can exploit the vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the outputFolder option. Patches The issue was fixed via...
8.3CVSS
6.7AI Score
0.0004EPSS
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/sections_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to.....
6.3CVSS
5.9AI Score
0.0004EPSS
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/batches_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...
6.3CVSS
5.9AI Score
0.0004EPSS
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoices_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user....
6.3CVSS
5.9AI Score
0.0004EPSS
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/transactions_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user....
6.3CVSS
5.9AI Score
0.0004EPSS
BigProf Online Invoicing System before 3.0 offers a functionality that allows an administrator to move the records of members across groups. The applicable endpoint (admin/pageTransferOwnership.php) lacks CSRF protection, resulting in an attacker being able to escalate their privileges to...
8.8CVSS
7AI Score
0.001EPSS
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/suppliers_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to....
6.3CVSS
5.9AI Score
0.0004EPSS
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/items_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...
6.3CVSS
5.9AI Score
0.0004EPSS
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/categories_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user...
6.3CVSS
5.9AI Score
0.0004EPSS
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/clients_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user.....
6.3CVSS
5.9AI Score
0.0004EPSS
A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoices_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user....
6.3CVSS
5.9AI Score
0.0004EPSS
Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu/Sl Firmware
hikvision_brute Brute Hikvision CAMS with CVE-2021-36260...
9.8AI Score
7.4AI Score
7.4AI Score
Online Payment Hub System 1.0 SQL Injection Vulnerability
Online Payment Hub System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication...
8.7AI Score
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System 1.0 is vulnerable to SQL Injection via the date...
8.8CVSS
9.1AI Score
0.001EPSS
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.4AI Score
0.104EPSS
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via...
9.8CVSS
9.9AI Score
0.016EPSS
Jiangnan Online Judge 0.8.0 - Local File Inclusion
Jiangnan Online Judge (aka jnoj) 0.8.0 is susceptible to local file inclusion via...
7.5CVSS
7.5AI Score
0.007EPSS
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.4AI Score
0.011EPSS
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.4AI Score
0.011EPSS
Visitors Online by BestWebSoft < 1.0.0 - Cross-Site Scripting
The visitors-online plugin before 1.0.0 for WordPress has multiple XSS...
6.1CVSS
6.1AI Score
0.001EPSS
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via...
9.8CVSS
9.9AI Score
0.016EPSS
PuneethReddyHC Online Shopping System homeaction.php SQL Injection
An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping System through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user...
9.8CVSS
9.9AI Score
0.076EPSS
Exploit for Cross-site Scripting in Nia Rrj Nueva Ecija Engineer Online Portal
CVE-2024-0190 CVE-2024-0190 - RRJ...
5.4CVSS
5.5AI Score
0.001EPSS
WordPress defa-online-image-protector <=3.3 - Cross-Site Scripting
WordPress defa-online-image-protector 3.3 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...
6.1CVSS
6.2AI Score
0.001EPSS
TYPO3 Cross-Site Scripting in Online Media Asset Rendering
Failing to properly encode user input, online media asset rendering (*.youtube and *.vimeo files) is vulnerable to cross-site scripting. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this...
6.7AI Score
Joomla! Component Online Exam 1.5.0 - Local File Inclusion
A directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to...
6.6AI Score
0.012EPSS
Online Security Guards Hiring System - Cross-Site Scripting
A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file...
6.1CVSS
6.1AI Score
0.005EPSS
Complete Online Job Search System 1.0 - SQL Injection
Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/index.php?q=category&search=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected...
7.2CVSS
7.2AI Score
0.011EPSS
Online Piggery Management System v1.0 - Unauthenticated File Upload
Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to...
9.8CVSS
9.6AI Score
0.104EPSS
Simple Online Planning Tool <1.3.2 - Local File Inclusion
SOPlanning <1.32 contain a directory traversal in the file_get_contents function via a .. (dot dot) in the fichier...
5.3CVSS
5.2AI Score
0.002EPSS
Complete Online Job Search System 1.0 - SQL Injection
Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/index.php?q=hiring&search=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected...
7.2CVSS
7.2AI Score
0.011EPSS
TYPO3 Cross-Site Scripting in Online Media Asset Rendering
Failing to properly encode user input, online media asset rendering (*.youtube and *.vimeo files) is vulnerable to cross-site scripting. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this...
6.7AI Score
TYPO3 Denial of Service in Online Media Asset Handling
Online Media Asset Handling (.youtube and .vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...
7AI Score
TYPO3 Denial of Service in Online Media Asset Handling
Online Media Asset Handling (.youtube and .vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...
7AI Score
A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. Affected is an unknown function of the file /members/poster.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has...
8.8CVSS
6.5AI Score
0.002EPSS
A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument txtsearch leads to sql injection. The attack can be launched remotely....
9.8CVSS
7.7AI Score
0.001EPSS
TYPO3 Denial of Service in Online Media Asset Handling
Online Media Asset Handling (.youtube and .vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...
7AI Score
A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file report/index.php. The manipulation of the argument procduct leads to sql injection. The attack may be launched remotely. The.....
9.8CVSS
7.6AI Score
0.001EPSS
TYPO3 Cross-Site Scripting in Online Media Asset Rendering
Failing to properly encode user input, online media asset rendering (.youtube and .vimeo files) is vulnerable to cross-site scripting. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this...
6.7AI Score