Text Exploits
31,386 exploits tracked across all sources.
Kirby < 3.5.4 - Stored Cross-Site Scripting via SVG File Upload
Kirby is an open source CMS. An editor with write access to the Kirby Panel can upload an SVG file that contains harmful content like `<script>` tags. The direct link to that file can be sent to other users or visitors of the site. If the victim opens that link in a browser where they are logged in to Kirby, the script will run and can for example trigger requests to Kirby's API with the permissions of the victim. This vulnerability is critical if you might have potential attackers in your group of authenticated Panel users, as they can escalate their privileges if they get access to the Panel session of an admin user. Depending on your site, other JavaScript-powered attacks are possible. Visitors without Panel access can only use this attack vector if your site allows SVG file uploads in frontend forms and you don't already sanitize uploaded SVG files. The problem has been patched in Kirby 3.5.4. Please update to this or a later version to fix the vulnerability. Frontend upload forms need to be patched separately depending on how they store the uploaded file(s). If you use `File::create()`, you are protected by updating to 3.5.4+. As a work around you can disable the upload of SVG files in your file blueprints.
by Sreenath Raghunathan
CVSS 7.6
Remote Clinic 2.0 - Stored Cross-Site Scripting via Medicine Name Field
Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field.
by Saud Ahmad
CVSS 5.4
CMS Made Simple 2.2.15 - Authenticated Cross-Site Scripting via Title Field
CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin > My Preferences > Title field.
by bt0
CVSS 5.4
WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting (XSS)
by Himamshu Dilip Kulkarni
BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting (XSS)
by Ömer Hasan Durmuş
AdTran Personal Phone Mgr <10.8.1 - Info Disclosure
AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 are considered End of Life and as such this issue will not be patched
by 3ndG4me
CVSS 7.5
Adtran Personal Phone Manager < 10.8.1 - Reflected Cross-Site Scripting
The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only version 10.8.1 was able to be confirmed during primary research. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 are considered End of Life and as such this issue will not be patched
by 3ndG4me
CVSS 6.1
AdTran Personal Phone Manager <= 10.8.1 - Authenticated Stored Cross-Site Scripting
The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only version 10.8.1 was able to be confirmed during primary research. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 are considered End of Life and as such this issue will not be patched
by 3ndG4me
CVSS 5.4
TileServer GL < 3.0.0 - Reflected Cross-Site Scripting via Key GET Parameter
An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page, causing reflected XSS.
by Akash Chathoth
CVSS 6.1
Digital Crime Report Management System 1.0 - SQL Injection
Digital Crime Report Management System 1.0 contains a critical SQL injection vulnerability affecting multiple login pages that allows unauthenticated attackers to bypass authentication. Attackers can exploit the vulnerability by sending crafted SQL injection payloads in email and password parameters across police, incharge, user, and HQ login endpoints.
by GaluhID
CVSS 8.2
jQuery 1.12.0-3.4.1 - Cross-Site Scripting via DOM Manipulation Methods
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
by Central InfoSec
CVSS 6.9
jQuery <3.5.0 - XSS
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
by Central InfoSec
CVSS 6.9
MariaDB <10.2.37, 10.3.28, 10.4.18, 10.5.9 - RCE
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.
by Central InfoSec
CVSS 7.2
CITSmart <9.1.2.28 - Info Disclosure
CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete."
by skysbsb
CVSS 8.8
CITSmart < 9.1.2.23 - LDAP Injection
CITSmart before 9.1.2.23 allows LDAP Injection.
by skysbsb
CVSS 9.8
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 - Remote Code Execution via sys_config_valid.xgi
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sys_config_valid.xgi, as demonstrated by the sys_config_valid.xgi?exeshell=%60telnetd%20%26%60 URI.
by Jay Sharma
CVSS 9.8
Blitar Tourism 1.0 - Auth Bypass
Blitar Tourism 1.0 contains an authentication bypass vulnerability that allows attackers to bypass login by injecting SQL code through the username parameter. Attackers can manipulate the login request by sending a crafted username with SQL injection techniques to gain unauthorized administrative access.
by sigeri94
CVSS 8.2
Simple Student Information System 1.0 - SQL Injection (Authentication Bypass)
by GaluhID
ExpressVPN Router < - Info Disclosure
An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensitive information when the server running as reverse proxy via specially crafted request.
by Jai Kumar Sharma
CVSS 7.5
CMSimple 5.2 - Stored Cross-Site Scripting in Filebrowser External Input
CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection.
by Quadron Research Lab
CVSS 6.1
By Source