Text Exploits
31,386 exploits tracked across all sources.
MyBB Trending Widget Plugin 1.2 - XSS
MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget.
by 0xB9
CVSS 6.1
MyBB Thread Redirect Plugin 0.2.1 - XSS
MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability in the custom text input field for thread redirects. Attackers can inject malicious SVG scripts that will execute when other users view the thread, allowing arbitrary script execution.
by 0xB9
CVSS 6.1
Vehicle Parking Tracker System 1.0 - 'Owner Name' Stored Cross-Site Scripting
by Anmol K Sachan
Park Ticketing Management System 1.0 - 'viewid' SQL Injection
by Zeyad Azima
BloofoxCMS 0.5.2.1 - Authenticated Stored Cross-Site Scripting in Articles Text Parameter
BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text parameter that allows authenticated attackers to inject malicious scripts. Attackers can insert malicious javascript payloads in the text field to execute scripts and potentially steal authenticated users' cookies.
by LiPeiYi
CVSS 6.4
Sourcecodester Online Grading System 1.0 - SQL Injection via uname Parameter
A SQL injection vulnerability in Sourcecodester Online Grading System 1.0 allows remote attackers to execute arbitrary SQL commands via the uname parameter.
by Ruchi Tiwari
CVSS 9.8
Simple Public Chat Room 1.0 - Authentication Bypass SQLi
by Richard Jones
Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting
by Richard Jones
Hide-Thread-Content Plugin through 2021-01-27 for MyBB - Unauthenticated Information Disclosure via Reply or Quote
The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit.
by 0xB9
CVSS 7.5
phpcrud - Stored Cross-Site Scripting via First Name or Last Name Parameter
Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'.
by Mahendra Purbia
CVSS 5.4
STVS ProVision 5.9.10 - Authenticated Path Traversal via Archive Download Files Parameter
STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read sensitive system files like /etc/passwd.
by LiquidWorm
CVSS 6.5
Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated) (1)
by SunCSR
Simple College Website 1.0 - 'name' Sql Injection (Authentication Bypass)
by Marco Catalano
Simple College Website 1.0 - 'full' Stored Cross Site Scripting
by Marco Catalano
Cemetry Mapping and Information System 1.0 - 'user_email' Sql Injection (Authentication Bypass)
by Marco Catalano
Tenda AC5 AC1200 V15.03.06.47_multi - Stored Cross-Site Scripting via Wifi Name Parameter
A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the Wifi Name parameter.
by Chiragh Arora
CVSS 5.4
MyBB Timeline Plugin 1.0 Cross-Site Scripting and CSRF
MyBB Timeline Plugin 1.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through thread titles, post content, and user profile fields like Location and Bio. Attackers can also exploit a cross-site request forgery vulnerability in the timeline.php profile action to change a user's cover picture by crafting malicious forms that execute when victims visit affected profiles.
by 0xB9
CVSS 5.3
CASAP Automated Enrollment System 1.0 - Cross-Site Scripting via ROUTE Parameter
CASAP Automated Enrollment System version 1.0 contains a cross-site scripting (XSS) vulnerability through the Students > Edit > ROUTE parameter.
by Richard Jones
CVSS 5.4
Collabtive 3.1 - Authenticated Stored Cross-Site Scripting via Profile Address Field
Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter.
by Deha Berkin Bir
CVSS 5.4
CASAP Automated Enrollment System 1.0 - XSS
CASAP Automated Enrollment System 1.0 is affected by cross-site scripting (XSS) in users.php. An attacker can steal a cookie to perform user redirection to a malicious website.
by Anita Gaud
CVSS 5.4
Selea Targa IP OCR-ANPR - Path Traversal
A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The /common/get_file.php script in the “Download Archive in Storage” page fails to properly validate user-supplied input to the file parameter. Unauthenticated remote attackers can exploit this vulnerability to read arbitrary files on the device, including sensitive system files containing cleartext credentials, potentially leading to authentication bypass and exposure of system information. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.
by LiquidWorm
By Source