Text Exploits

31,383 exploits tracked across all sources.

Sort: Activity Stars
CVE-2024-46226 EXPLOITDB MEDIUM text
HelpDeskZ < 2.0.2 - Stored Cross-Site Scripting via File Upload in New Ticket
A stored cross site scripting (XSS) vulnerability in HelpDeskZ < v2.0.2 allows remote attackers to execute arbitrary JavaScript in the administration panel by including a malicious payload into the file name and upload file function when creating a new ticket.
by Md. Sadikul Islam
CVSS 4.8
EIP-2026-104191 EXPLOITDB text
Calibre-web 0.6.21 - Stored XSS
by Catalin Iovita_ Alexandru Postolache
CVE-2024-58288 EXPLOITDB HIGH text
Genexus Protection Server 9.7.2.10 - Code Injection
Genexus Protection Server 9.7.2.10 contains an unquoted service path vulnerability in the protsrvservice Windows service configuration. Attackers can exploit the unquoted binary path to execute arbitrary code with elevated LocalSystem privileges by placing malicious executables in specific file system locations.
by SamAlucard
EIP-2026-117928 EXPLOITDB text
SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path
by Milad karimi
EIP-2026-117730 EXPLOITDB text
Oracle Database 12c Release 1 - Unquoted Service Path
by Milad karimi
EIP-2026-116915 EXPLOITDB text
Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation
by bios
CVE-2024-58290 EXPLOITDB CRITICAL text
Xhibiter NFT Marketplace 1.10.2 - SQL Injection
Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or manipulate database information by sending crafted payloads to the collections page.
by Sohel Yousef
CVE-2024-58289 EXPLOITDB MEDIUM text
Microweber 2.0.15 - Authenticated Stored Cross-Site Scripting via User Profile Fields
Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first name field that will execute when the profile is viewed by other users, potentially stealing session cookies and executing arbitrary JavaScript.
by tmrswrr
CVSS 5.4
EIP-2026-106295 EXPLOITDB text
Customer Support System 1.0 - Stored XSS
by Geraldo Alcantara
EIP-2026-105349 EXPLOITDB text
Azon Dominator Affiliate Marketing Script - SQL Injection
by Buğra Enis Dönmez
CVE-2024-58291 EXPLOITDB MEDIUM text
Flatboard 3.2 - Authenticated Stored Cross-Site Scripting via Forum Information Field
Flatboard 3.2 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts in forum information fields. Attackers can insert JavaScript payloads that execute when other users view the forum, potentially stealing session cookies and executing client-side scripts.
by tmrswrr
EIP-2026-105313 EXPLOITDB text
Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting (XSS)
by Jerry Thomas
CVE-2024-58344 EXPLOITDB MEDIUM text
Carbon Forum 5.9.0 Persistent XSS via Forum Name Field
Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript code through the Forum Name field in dashboard settings. Attackers with admin privileges can store JavaScript payloads in the Forum Name field that execute in the browsers of all users visiting the forum, enabling session hijacking and data theft.
by Chokri Hammedi
CVSS 6.4
CVE-2024-58292 EXPLOITDB MEDIUM text
XMB Forum 1.9.12.06 - Authenticated Stored Cross-Site Scripting via Admin Templates
XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads in footer templates and news ticker fields, enabling script execution for all forum users when pages are rendered.
by Chokri Hammedi
CVE-2024-36599 EXPLOITDB MEDIUM text
Aegon Life Insurance Management System 1.0 - Cross-Site Scripting via insertClient.php Name Parameter
A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at insertClient.php.
by Aslam Anwar Mahimkar
CVSS 6.1
CVE-2024-36597 EXPLOITDB HIGH text
Aegon Life v1.0 - SQL Injection via client_id Parameter
Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php.
by Aslam Anwar Mahimkar
CVSS 8.8
EIP-2026-114380 EXPLOITDB text
WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)
by Onur Göğebakan
EIP-2026-105576 EXPLOITDB text
Boelter Blue System Management 1.3 - SQL Injection
by CBKB
CVE-2024-58280 EXPLOITDB HIGH text
CMSimple 5.15 - Authenticated Remote Command Execution via Extensions Configuration
CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensions_userfiles and upload a shell script to the media directory to execute arbitrary code on the server.
by Ahmet Ümit BAYRAM
CVSS 8.8
CVE-2023-27636 EXPLOITDB MEDIUM text
Progress Sitefinity < 15.0.0 - Authenticated Cross-Site Scripting via Content Form
Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor.
by Aldi Saputra Wahyudi
CVSS 5.4
CVE-2024-58293 EXPLOITDB HIGH text
Akaunting 3.1.8 - Authenticated Server-Side Template Injection via Form Input Fields
Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input fields. Attackers can inject template payloads in items, taxes, transactions, and vendor name fields to perform arithmetic operations and string manipulations.
by tmrswrr
CVE-2024-58295 EXPLOITDB HIGH text
ElkArte Forum 1.1.9 - Authenticated Remote Code Execution via Theme Upload
ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be executed by accessing the uploaded file in the theme directory.
by tmrswrr
CVE-2024-22855 EXPLOITDB MEDIUM text
ITSS iMLog < 1.308 - Stored Cross-Site Scripting via User Maintenance Last Name Parameter
A cross-site scripting (XSS) vulnerability in the User Maintenance section of ITSS iMLog v1.307 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter.
by Gabriel Felipe
CVSS 5.4
EIP-2026-105666 EXPLOITDB text
BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection
by Ivan Spiridonov
CVE-2024-33559 EXPLOITDB CRITICAL text
8theme XStore <9.3.5 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5.
by Abdualhadi khalifa
CVSS 9.3
By Source
All 31,383 Writeup 61,943 Exploitdb 50,073 Nomisec 22,300 Github 3,477 Metasploit 3,294 Vulncheck_xdb 926 Inthewild 514 Gitlab 470 Gitee 415 Patchapalooza 312
By Language
text 31,383 python 6,492 ruby 5,984 c 3,619 perl 2,849 html 2,071 php 1,331 bash 462 java 370 c++ 255 javascript 228 shell 126 go 72 postscript 25 typescript 25