Lucene search
K
ViceWebopac

8 matches found

CVE
CVE
added 2024/11/11 7:6 a.m.60 views

CVE-2024-11019

CVE-2024-11019 affects Webopac from Grand Vice info. The connected documents describe a Reflected Cross-site Scripting vulnerability that allows unauthenticated remote attackers to execute arbitrary JavaScript in a user’s browser via phishing techniques. CVSSv3.1 base score 6.1 (Medium) with Netw...

6.1CVSS6.5AI score0.00324EPSS
CVE
CVE
added 2024/11/11 6:54 a.m.57 views

CVE-2024-11017

CVE-2024-11017 affects Grand Vice info Webopac. The issue is improper validation of uploaded file types in Webopac, enabling remote attackers with regular privileges to upload and execute webshells, risking arbitrary code execution on the server. Affected versions include Grand Vice Webopac 6.x b...

8.8CVSS9.1AI score0.0074EPSS
CVE
CVE
added 2024/11/11 6:51 a.m.55 views

CVE-2024-11016

CVE-2024-11016 affects Webopac from Grand Vice info. The vulnerability is a SQL Injection that allows unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. Reported CVSS 3.1 v3.1 base score is 9.8 (CRITICAL) with network attack Vector, no...

9.8CVSS10AI score0.00538EPSS
CVE
CVE
added 2024/11/11 7:16 a.m.52 views

CVE-2024-11020

CVE-2024-11020 affects Grand Vice info Webopac (Webopac from Grand Vice info). The vulnerability is a SQL Injection in the Webopac web interface that allows an unauthenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents. Several sources corrobora...

9.8CVSS10AI score0.00451EPSS
CVE
CVE
added 2024/11/11 7:24 a.m.51 views

CVE-2024-11021

CVE-2024-11021 relates to a Stored Cross-site Scripting vulnerability in Webopac from Grand Vice info. The issue allows remote attackers with regular privileges to inject arbitrary JavaScript into the server, which is executed in users’ browsers when visiting the affected page. Connected sources ...

5.4CVSS5.5AI score0.00279EPSS
CVE
CVE
added 2024/11/11 7:2 a.m.50 views

CVE-2024-11018

CVE-2024-11018 affects Grand Vice Info Webopac. Public records describe a lack of proper file-type validation that allows unauthenticated remote attackers to upload and execute webshells, potentially enabling arbitrary code execution on the server. Affected versions are stated as up to 6.5.0/7.2....

9.8CVSS10AI score0.00803EPSS
CVE
CVE
added 2021/11/15 9:30 a.m.42 views

CVE-2021-42838

Summary: CVE-2021-42838 affects Grand Vice info Co. webopac7, where the book search field does not properly restrict special characters. Vulnerability details: Unauthenticated remote attackers can inject JavaScript syntax via the search input, enabling reflected XSS attacks. The root cause is ina...

6.1CVSS6.2AI score0.0061EPSS
CVE
CVE
added 2021/11/15 9:30 a.m.38 views

CVE-2021-42839

CVE-2021-42839 : Concrete details across multiple sources show Grand Vice info Co. webopac7 contains an arbitrary file upload vulnerability where the upload function fails to filter special characters. A remote attacker authenticated as a general user could upload a malicious script and execute a...

9CVSS9.1AI score0.0235EPSS