Text Exploits
31,386 exploits tracked across all sources.
Cisco Catalyst Center < 1.3.0.6 - Authenticated Stored Cross-Site Scripting
A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker needs administrator credentials. This vulnerability affects Cisco DNA Center Software releases earlier than 1.3.0.6 and 1.3.1.4.
by Dylan Garnaud
CVSS 4.8
Victor CMS 1.0 - SQL Injection via Post Parameter
Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based, error-based, and time-based injection techniques.
by BKpatron
CVSS 8.2
OpenZ ERP 3.6.60 - Stored Cross-Site Scripting in Employee Module Parameters
OpenZ ERP 3.6.60 contains a persistent cross-site scripting vulnerability in the Employee module's name and description parameters. Attackers can inject malicious scripts through POST requests to , enabling session hijacking and manipulation of application modules.
by Vulnerability-Lab
CVSS 6.4
SolarWinds MSP PME <1.1.15 - Code Execution
An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config\. This can lead to code execution by changing the CacheService.xml SISServerURL parameter.
by Jens Regel
CVSS 7.8
Sentrifugo CMS 3.2 - Persistent Cross-Site Scripting
by Vulnerability-Lab
Online AgroCulture Farm Management System 1.0 - 'uname' SQL Injection
by Tarun Sehgal
SourceCodester Online Clothing Store 1.0 - Arbitrary File Upload via Products.php Image Upload
SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php.
by Sushant Kamble
CVSS 9.8
Sourcecodester Pisay Online E-Learning System 1.0 - SQL Injection
Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user_email, user_pass, and id parameters on the admin login-portal and the edit-lessons webpages.
by boku
CVSS 9.8
School File Management System 1.0 - 'username' SQL Injection
by Tarun Sehgal
Online AgroCulture Farm Management System 1.0 - 'pid' SQL Injection
by BKpatron
Car Park Management System 1.0 - Authentication Bypass
by Tarun Sehgal
Draytek VigorAP 1000C - Persistent Cross-Site Scripting
by Vulnerability-Lab
webTareas 2.0.p8 - Privilege Escalation
webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration component that allows authenticated attackers to delete arbitrary files. Attackers can exploit the vulnerability by manipulating the 'atttmp1' parameter to specify and delete files on the server through an unauthenticated file deletion mechanism.
by Besim
CVSS 9.8
i-doit Open Source CMDB 1.14.1 - File Deletion
i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the delete_import parameter. Attackers can send a POST request to the import module with a crafted filename to remove files from the server's filesystem.
by Besim
CVSS 8.8
Booked Scheduler 2.7.7 - Path Traversal
Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manage_email_templates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to read files outside the intended directory by manipulating directory path traversal techniques.
by Besim
CVSS 6.5
SourceCodester Online Clothing Store 1.0 - Cross-Site Scripting via Offer Detail Field
SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php.
by Sushant Kamble
CVSS 6.1
SourceCodester Online Clothing Store 1.0 - SQL Injection via txtUserName Parameter
SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php.
by Sushant Kamble
CVSS 9.8
By Source