Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-103304 EXPLOITDB text
NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection
by AkkuS
EIP-2026-102816 EXPLOITDB text
Dell EMC RecoverPoint boxmgmt CLI < 5.1.2 - Arbitrary File Read
by Paul Taylor
CVE-2018-11339 EXPLOITDB MEDIUM text
Frappe ERPNext v11.x.x-develop - Stored Cross-Site Scripting via Comment
An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment.
by Veerababu Penugonda
CVSS 6.1
CVE-2018-11242 EXPLOITDB MEDIUM text
MakeMyTrip 7.2.4 - Cleartext Storage of Sensitive Information in Local Databases
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.
by Divya Jain
CVSS 6.5
CVE-2018-25331 EXPLOITDB MEDIUM text
Zenar Content Management System Cross-Site Scripting via ajax.php
Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attackers can inject script tags through the current_page parameter sent to the ajax.php endpoint, which reflects unsanitized user input in the response HTML to execute arbitrary JavaScript in victim browsers.
by Berk Dusunur
CVSS 6.1
CVE-2018-25298 EXPLOITDB MEDIUM text
Merge PACS 7.0 Cross-Site Request Forgery via merge-viewer
Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. Attackers can submit POST requests to /servlet/actions/merge-viewer/summary with login credentials to hijack user sessions and gain unauthorized access to the PACS system.
by Safak Aslan
CVSS 5.3
CVE-2019-25251 EXPLOITDB MEDIUM text
Teradek VidiU Pro 3.0.3 - Server-Side Request Forgery via URL Parameter
Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management interface that allows attackers to manipulate GET parameters 'url' and 'xml_url'. Attackers can exploit this flaw to bypass firewalls, initiate network enumeration, and potentially trigger external HTTP requests to arbitrary destinations.
by LiquidWorm
CVSS 6.5
CVE-2013-0663 EXPLOITDB text
Schneider Electric Modicon Quantum, M340, and Premium PLC - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.
by t4rkd3vilz
EIP-2026-113195 EXPLOITDB text
Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting
by L0RD
EIP-2026-112486 EXPLOITDB text
Superfood 1.0 - Multiple Vulnerabilities
by L0RD
EIP-2026-111508 EXPLOITDB text
Private Message PHP Script 2.0 - Cross-Site Scripting
by L0RD
EIP-2026-109537 EXPLOITDB text
Model Agency Media House & Model Gallery 1.0 - Multiple Vulnerabilities
by L0RD
EIP-2026-107154 EXPLOITDB text
Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Cross-Site Scripting / Cross-Site Request Forgery
by L0RD
EIP-2026-107153 EXPLOITDB text
Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Cross-Site Scripting / Cross-Site Request Forgery
by L0RD
EIP-2026-105308 EXPLOITDB text
Auto Dealership & Vehicle Showroom WebSys 1.0 - Multiple Vulnerabilities
by L0RD
CVE-2015-5698 EXPLOITDB text
Siemens SIMATIC S7-1200 <4.1.3 - CSRF
Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
by t4rkd3vilz
CVE-2018-9163 EXPLOITDB MEDIUM text
ManageEngine Recovery Manager Plus < 5.3 - Stored XSS via technicianAction.do loginName
A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.
by Ahmet Gurel
CVSS 5.4
CVE-2018-25330 EXPLOITDB HIGH text
Joomla! EkRishta 2.10 Persistent XSS and SQL Injection
Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when users visit the profile, or submit SQL injection payloads via the phone_no parameter to the user_setting endpoint to manipulate database queries.
by Sina Kheirkhah
CVSS 8.2
CVE-2018-8898 EXPLOITDB CRITICAL text
D-Link DSL-3782 Firmware - Unauthenticated Authentication Bypass in Login Panel
A flaw in the authentication mechanism in the Login Panel of router D-Link DSL-3782 (A1_WI_20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT_77616E6771696F6E67") allows unauthenticated attackers to perform arbitrary modification (read, write) to passwords and configurations meanwhile an administrator is logged into the web panel.
by Giulio Comi
CVSS 9.8
CVE-2018-11227 EXPLOITDB MEDIUM text
Monstra CMS < 3.0.4 - Cross-Site Scripting via index.php
Monstra CMS 3.0.4 and earlier has XSS via index.php.
by Berk Dusunur
CVSS 6.1
EIP-2026-107831 EXPLOITDB text
Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery
by L0RD
EIP-2026-107567 EXPLOITDB text
Healwire Online Pharmacy 3.0 - Cross-Site Scripting / Cross-Site Request Forgery
by L0RD
EIP-2026-103320 EXPLOITDB text
SAP NetWeaver Web Dynpro 6.4 < 7.5 - Information Disclosure
by Richard Alviarez
EIP-2026-103319 EXPLOITDB text
SAP B2B / B2C CRM 2.x < 4.x - Local File Inclusion
by Richard Alviarez
EIP-2026-101591 EXPLOITDB text
Cisco SA520W Security Appliance - Path Traversal
by Nassim Asrir