Exploitdb Exploits
31,342 exploits tracked across all sources.
Unijimpe Captcha - XSS
Cross-site scripting (XSS) vulnerability in captchademo.php in Unijimpe Captcha allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by Daniel Godoy
SiliSoftware phpThumb() <1.7.11 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware phpThumb() 1.7.11 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter to demo/phpThumb.demo.random.php or (2) title parameter to demo/phpThumb.demo.showpic.php.
by Gjoko Krstic
SiliSoftware phpThumb() <1.7.11 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware phpThumb() 1.7.11 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter to demo/phpThumb.demo.random.php or (2) title parameter to demo/phpThumb.demo.showpic.php.
by Gjoko Krstic
LongTail JW Player 5.9 - XSS
player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting (XSS) attacks to inject arbitrary web script or HTML via multiple "javascript:" sequences in the debug parameter.
by gainover
SiliSoftware backupDB <1.2.7a - XSS
Cross-site scripting (XSS) vulnerability in backupDB.php in SiliSoftware backupDB() 1.2.7a allows remote attackers to inject arbitrary web script or HTML via the onlyDB parameter.
by LiquidWorm
Axous 1.1.1 - XSS/CSRF
Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in Axous 1.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator account via an addnew action to admin/administrators_add.php; or (2) conduct cross-site scripting (XSS) attacks via the page_title parameter to admin/content_pages_edit.php; the (3) category_name[] parameter to admin/products_category.php; the (4) site_name, (5) seo_title, or (6) meta_keywords parameter to admin/settings_siteinfo.php; the (7) company_name, (8) address1, (9) address2, (10) city, (11) state, (12) country, (13) author_first_name, (14) author_last_name, (15) author_email, (16) contact_first_name, (17) contact_last_name, (18) contact_email, (19) general_email, (20) general_phone, (21) general_fax, (22) sales_email, (23) sales_phone, (24) support_email, or (25) support_phone parameter to admin/settings_company.php; or the (26) system_email, (27) sender_name, (28) smtp_server, (29) smtp_username, (30) smtp_password, or (31) order_notice_email parameter to admin/settings_email.php.
by Ivano Binetti
CVSS 8.8
Artiphp CMS 5.5.0 Neo - Info Disclosure
Artiphp CMS 5.5.0 Neo (r422) stores database backups with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.
by LiquidWorm
Vasthtml Forumpress < 1.7.4 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) usergroup_id parameter in an edit_usergroup action.
by Heine Pedersen
WordPress Plugin Track That Stat 1.0.8 - Cross-Site Scripting
by Heine Pedersen
Mightymess Soundcloud IS Gold - XSS
Cross-site scripting (XSS) vulnerability in the SoundCloud Is Gold plugin 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter in a soundcloud_is_gold_player_preview action to wp-admin/admin-ajax.php.
by Heine Pedersen
WordPress Plugin Sharebar 1.2.1 - SQL Injection / Cross-Site Scripting
by Heine Pedersen
WordPress Share and Follow <1.80.3 - XSS
Cross-site scripting (XSS) vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key (cnd-key) in a share-and-follow-menu page to wp-admin/admin.php.
by Heine Pedersen
WordPress Plugin Pretty Link Lite 1.5.2 - SQL Injection / Cross-Site Scripting
by Heine Pedersen
WordPress Plugin PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities
by Heine Pedersen
WordPress Plugin NewsLetter Manager 1.0 - Multiple Cross-Site Scripting Vulnerabilities
by Heine Pedersen
WordPress Plugin Network Publisher 5.0.1 - 'networkpub_key' Cross-Site Scripting
by Heine Pedersen
WordPress Plugin Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities
by Heine Pedersen
WordPress Plugin Media Library Categories - Multiple Cross-Site Scripting Vulnerabilities
by Heine Pedersen
WordPress Plugin LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities
by Heine Pedersen
Leaflet plugin <0.0.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.php or (2) leaflet_marker.php, as reachable through wp-admin/admin.php.
by Heine Pedersen
Leaflet plugin <0.0.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.php or (2) leaflet_marker.php, as reachable through wp-admin/admin.php.
by Heine Pedersen
WordPress Plugin iFrame Admin Pages 0.1 - 'main_page.php' Cross-Site Scripting
by Heine Pedersen
WordPress Plugin GRAND Flash Album Gallery 1.71 - 'admin.php' Cross-Site Scripting
by Heine Pedersen
WordPress Plugin GD Star Rating 1.9.16 - 'tpl_section' Cross-Site Scripting
by Heine Pedersen
By Source