Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2021-30149 EXPLOITDB CRITICAL text
Composr 10.0.36 - Unauthenticated Arbitrary File Upload
Composr 10.0.36 allows upload and execution of PHP files.
by Orion Hridoy
CVSS 9.8
CVE-2021-30150 EXPLOITDB MEDIUM text
Composr 10.0.36 - Cross-Site Scripting in XML Script
Composr 10.0.36 allows XSS in an XML script.
by Orion Hridoy
CVSS 6.1
CVE-2020-14166 EXPLOITDB MEDIUM text
Jira Service Desk < 4.10.0 - Authenticated Stored Cross-Site Scripting via HTML File Upload
The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before version 4.10.0 allows remote attackers with project administrator privileges to inject arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.
by Captain_hook
CVSS 4.8
CVE-2021-47849 EXPLOITDB MEDIUM text
Mini Mouse 9.3.0 - Path Traversal via Device Information Endpoint
Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive system directories through the device information endpoint. Attackers can retrieve file lists from system directories like /usr, /etc, and /var by manipulating file path parameters in API requests.
by gosh
CVSS 6.2
CVE-2021-34166 EXPLOITDB CRITICAL text
Simple Food Website 1.0 - SQL Injection
A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1.0 allows a remote attacker to Bypass Authentication and become Admin.
by Viren Saroha
CVSS 9.8
CVE-2021-34165 EXPLOITDB CRITICAL text
Basic Shopping Cart 1.0 - SQL Injection
A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1.0 allows a remote attacker to Bypass Authentication and become Admin.
by Viren Saroha
CVSS 9.8
CVE-2021-47852 EXPLOITDB HIGH text
Rockstar Games Launcher <1.0.37.349 - Privilege Escalation
Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the RockstarService.exe with a malicious binary to create a new administrator user and gain elevated system access.
by George Tsimpidas
CVSS 8.8
CVE-2021-47850 EXPLOITDB HIGH text
Mini Mouse 9.2.0 - Path Traversal via HTTP Request
Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. Attackers can retrieve sensitive files like win.ini and list contents of system directories such as C:\Users\Public by manipulating file and path parameters.
by gosh
CVSS 7.5
CVE-2021-47741 EXPLOITDB HIGH text
ZBL EPON ONU Broadband Router V100R001 - Privilege Escalation
ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows limited administrative users to elevate access by sending requests to configuration endpoints. Attackers can exploit the vulnerability by accessing the configuration backup or password page to disclose the super user password and gain additional privileged functionalities.
by LiquidWorm
CVSS 7.5
EIP-2026-104396 EXPLOITDB text
phpPgAdmin 7.13.0 - COPY FROM PROGRAM Command Execution (Authenticated)
by Valerio Severini
EIP-2026-104303 EXPLOITDB text
Latrix 0.6.0 - 'txtaccesscode' SQL Injection
by cptsticky
EIP-2026-114565 EXPLOITDB text
Zabbix 3.4.7 - Stored XSS
by Radmil Gazizov
EIP-2026-104209 EXPLOITDB text
CourseMS 2.1 - 'name' Stored XSS
by cptsticky
CVE-2021-47855 EXPLOITDB HIGH text
OpenLiteSpeed 1.7.9 - Stored Cross-Site Scripting in Dashboard Notes Parameter
Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the Default Icon.
by cmOs
CVSS 7.2
CVE-2021-30048 EXPLOITDB MEDIUM text
novel_boutique_house-plus 3.5.1 - Path Traversal via File Download filePath Parameter
Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (小说精品屋-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter.
by tuyiqiang
CVSS 5.3
CVE-2021-29388 EXPLOITDB MEDIUM text
SourceCodester Budget Management System 1.0 - Stored Cross-Site Scripting via Budget Title Field
A stored cross-site scripting (XSS) vulnerability in SourceCodester Budget Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php via vulnerable field 'Budget Title'.
by Jitendra Kumar Tripathi
CVSS 5.4
CVE-2021-29387 EXPLOITDB MEDIUM text
Equipment Inventory System 1.0 - Stored Cross-Site Scripting via Add Section Name Parameters
Multiple stored cross-site scripting (XSS) vulnerabilities in Sourcecodester Equipment Inventory System 1.0 allow remote attackers to inject arbitrary javascript via any "Add" sections, such as Add Item , Employee and Position or others in the Name Parameters.
by Jitendra Kumar Tripathi
CVSS 5.4
EIP-2026-114235 EXPLOITDB text
WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution (Authenticated)
by m0ze
CVE-2021-3111 EXPLOITDB MEDIUM text
Concrete CMS < 8.5.5 - Stored Cross-Site Scripting via Express Entries Dashboard Name Field
The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI.
by Quadron Research Lab
CVSS 4.8
EIP-2026-102058 EXPLOITDB text
TP-Link Devices - 'setDefaultHostname' Stored Cross-site Scripting (Unauthenticated)
by Smriti Gaba
CVE-2021-47857 EXPLOITDB HIGH text
Moodle 3.10.3 - Stored Cross-Site Scripting in Calendar Event Subtitle Field
Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows attackers to inject malicious scripts. Attackers can craft a calendar event with malicious JavaScript in the subtitle track label to execute arbitrary code when users view the event.
by Vincent666
CVSS 7.2
EIP-2026-111736 EXPLOITDB text
Regis Inventory And Monitoring System 1.0 - 'Item List' Persistent Cross-Site Scripting
by George Tsimpidas
CVE-2021-47858 EXPLOITDB HIGH text
Genexis Platinum-4410 P4410-V2-1.31A - XSS
Genexis Platinum-4410 P4410-V2-1.31A contains a stored cross-site scripting vulnerability in the 'start_addr' parameter of the Security Management interface. Attackers can inject malicious scripts through the start source address field that will persist and trigger for privileged users when they access the security management page.
by Jithin KS
CVSS 7.2
CVE-2021-29343 EXPLOITDB MEDIUM text
Ovidentia CMS 6.0.0-6.7.7 - SQL Injection via Index.php ID Parameter
Ovidentia CMS 6.x contains a SQL injection vulnerability in the "id" parameter of index.php. The "checkbox" property into "text" data can be extracted and displayed in the text region or in source code.
by Felipe Prates Donato
CVSS 5.4
CVE-2012-6708 EXPLOITDB MEDIUM text
jQuery < 1.9.0 - Cross-Site Scripting via jQuery(strInput) Function
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
by MiningOmerta
CVSS 6.1
By Source
All 31,386 Writeup 62,302 Exploitdb 50,076 Nomisec 22,417 Github 3,632 Metasploit 3,314 Vulncheck_xdb 929 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,573 ruby 6,005 c 3,628 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25