Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-34544 EXPLOITDB MEDIUM text
Solar-Log 500 < 2.8.2 - Cleartext Storage of Sensitive Information in Export and Notification Pages
An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email.html, and sms.html, cleartext passwords are stored. This may allow sensitive information to be read by someone with access to the device. Fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base.
by Luca.Chiou
CVSS 6.5
CVE-2021-34543 EXPLOITDB HIGH text
Solar-Log 500 < 2.8.2 - Unauthenticated Administrative Access
The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status. Fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base.
by Luca.Chiou
CVSS 7.5
CVE-2021-27673 EXPLOITDB MEDIUM text
Tribal Systems Zenario CMS <8.8.52729 - XSS
Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component.
by Avinash R
CVSS 4.8
CVE-2019-25046 EXPLOITDB MEDIUM text
Cerberus FTP Server <10.0.19, <11.0.4 - XSS
The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document.
by Mohammad Hossein Kaviyany
CVSS 6.1
CVE-2021-33904 EXPLOITDB MEDIUM text
Accela Civic Platform < 21.1 - Cross-Site Scripting via servProvCode Parameter
In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states "there are configurable security flags and we are unable to reproduce them with the available information.
by Abdulazeez Alaseeri
CVSS 6.1
EIP-2026-112621 EXPLOITDB text
TextPattern CMS 4.8.7 - Stored Cross-Site Scripting (XSS)
by Mert Daş
EIP-2026-112457 EXPLOITDB text
Student Result Management System 1.0 - 'class' SQL Injection
by Riadh Benlamine
EIP-2026-114178 EXPLOITDB text
WordPress Plugin visitors-app 0.3 - 'user-agent' Stored Cross-Site Scripting (XSS)
by Mesut Cetin
EIP-2026-110270 EXPLOITDB text
OpenCart 3.0.3.6 - 'subject' Stored Cross-Site Scripting
by Mert Daş
EIP-2026-114069 EXPLOITDB text
WordPress Plugin Smart Slider-3 3.5.0.8 - 'name' Stored Cross-Site Scripting (XSS)
by Hardik Solanki
CVE-2021-28420 EXPLOITDB MEDIUM text
Seo Panel 4.8.0 - Cross-Site Scripting via alerts.php from_time Parameter
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter.
by Piyush Patil
CVSS 4.8
CVE-2021-27519 EXPLOITDB MEDIUM text
FUDForum 3.1.0 - Cross-Site Scripting via Index.php Srch Parameter
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter.
by Piyush Patil
CVSS 6.1
CVE-2021-27520 EXPLOITDB MEDIUM text
FUDForum 3.1.0 - Cross-Site Scripting via Author Parameter
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter.
by Piyush Patil
CVSS 6.1
CVE-2021-27308 EXPLOITDB MEDIUM text
4images 1.8 - Cross-Site Scripting via Redirect Parameter
A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the "redirect" parameter.
by Piyush Patil
CVSS 4.8
CVE-2021-31642 EXPLOITDB MEDIUM text
CHIYU Technology IoT Devices - Denial of Service via Integer Overflow in Page Parameter
A denial of service condition exists after an integer overflow in several IoT devices from CHIYU Technology, including BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC. The vulnerability can be explored by sending an unexpected integer (> 32 bits) on the page parameter that will crash the web portal and making it unavailable until a reboot of the device.
by sirpedrotavares
CVSS 6.5
EIP-2026-117324 EXPLOITDB text
Intel(R) Audio Service x64 01.00.1080.0 - 'IntelAudioService' Unquoted Service Path
by Geovanni Ruiz
CVE-2021-21337 EXPLOITDB MEDIUM text
Products.PluggableAuthService < 2.6.1 - Open Redirect via Login Form
Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an open redirect vulnerability. A maliciously crafted link to the login form and login functionality could redirect the browser to a different website. The problem has been fixed in version 2.6.1. Depending on how you have installed Products.PluggableAuthService, you should change the buildout version pin to `2.6.1` and re-run the buildout, or if you used `pip` simply do `pip install "Products.PluggableAuthService>=2.6.1".
by Piyush Patil
CVSS 5.7
CVE-2021-28417 EXPLOITDB MEDIUM text
Seo Panel 4.8.0 - Cross-Site Scripting via archive.php search_name Parameter
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "search_name" parameter.
by Piyush Patil
CVSS 4.8
CVE-2021-28418 EXPLOITDB MEDIUM text
Seo Panel 4.8.0 - Cross-Site Scripting via Category Parameter
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter.
by Piyush Patil
CVSS 4.8
CVE-2021-47819 EXPLOITDB CRITICAL text
ProjeQtOr Project Management 9.1.4 - RCE
ProjeQtOr Project Management 9.1.4 contains a file upload vulnerability that allows guest users to upload malicious PHP files with arbitrary code execution capabilities. Attackers can upload a PHP script through the profile attachment section and execute system commands by accessing the uploaded file with a specially crafted request parameter.
by Temel Demir
CVSS 9.8
CVE-2020-15261 EXPLOITDB HIGH text
Veyon Service <4.4.2 - Privilege Escalation
On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users.
by Víctor García
CVSS 8.0
EIP-2026-114226 EXPLOITDB text
WordPress Plugin WP Prayer version 1.6.1 - 'prayer_messages' Stored Cross-Site Scripting (XSS) (Authenticated)
by Bastijn Ouwendijk
EIP-2026-100775 EXPLOITDB text
CHIYU TCP/IP Converter devices - CRLF injection
by sirpedrotavares
EIP-2026-100774 EXPLOITDB text
CHIYU IoT devices - 'Multiple' Cross-Site Scripting (XSS)
by sirpedrotavares
CVE-2021-24308 EXPLOITDB MEDIUM text
LifterLMS < 4.21.1 - Stored Cross-Site Scripting via Profile State Field
The 'State' field of the Edit profile page of the LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.1 is not properly sanitised when output in the About section of the profile page, leading to a stored Cross-Site Scripting issue. This could allow low privilege users (such as students) to elevate their privilege via an XSS attack when an admin will view their profile.
by Captain_hook
CVSS 5.4
By Source
All 31,386 Writeup 62,282 Exploitdb 50,076 Nomisec 22,409 Github 3,626 Metasploit 3,312 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,570 ruby 6,003 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25