Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-111876 EXPLOITDB text
Sales and Inventory System for Grocery Store 1.0 - Multiple Stored XSS
by Vijay Sachdeva
EIP-2026-110133 EXPLOITDB text
Online Learning Management System 1.0 - Multiple Stored XSS
by Aakash Madaan
EIP-2026-110132 EXPLOITDB text
Online Learning Management System 1.0 - Authentication Bypass
by Aakash Madaan
EIP-2026-110131 EXPLOITDB text
Online Learning Management System 1.0 - 'id' SQL Injection
by Aakash Madaan
EIP-2026-105886 EXPLOITDB text
Class Scheduling System 1.0 - Multiple Stored XSS
by Aakash Madaan
EIP-2026-105368 EXPLOITDB text
Baby Care System 1.0 - 'roleid' SQL Injection
by Vijay Sachdeva
CVE-2020-36942 EXPLOITDB HIGH text
Victor CMS 1.0 - Authenticated Arbitrary File Upload via Profile Image Feature
Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the profile image upload feature. Attackers can upload a PHP shell to the /img directory and execute system commands by accessing the uploaded file via web browser.
by Mosaaed
CVSS 8.8
CVE-2020-36112 EXPLOITDB CRITICAL text
CSE Bookstore 1.0 - SQL Injection via pubid Parameter
CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application is running.
by Musyoka Ian
CVSS 9.8
EIP-2026-110462 EXPLOITDB text
Pandora FMS 7.0 NG 750 - 'Network Scan' SQL Injection (Authenticated)
by Matthew Aberegg
EIP-2026-109623 EXPLOITDB text
Multi Branch School Management System 3.5 - _Create Branch_ Stored XSS
by Kislay Kumar
EIP-2026-109111 EXPLOITDB text
Library Management System 3.0 - _Add Category_ Stored XSS
by Kislay Kumar
EIP-2026-107033 EXPLOITDB text
Faculty Evaluation System 1.0 - Stored XSS
by Vijay Sachdeva
EIP-2026-105256 EXPLOITDB text
Artworks Gallery Management System 1.0 - 'id' SQL Injection
by Vijay Sachdeva
CVE-2020-37240 EXPLOITDB MEDIUM text
Queue Management System 4.0.0 Stored XSS via Add User
Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert JavaScript payloads in the First Name, Last Name, and Email fields during user creation, which execute when viewing the User List page.
by Kislay Kumar
CVSS 6.4
CVE-2022-29380 EXPLOITDB MEDIUM text
Academy-LMS 4.3 - Stored Cross-Site Scripting in SEO Panel
Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel.
by Vinicius Alves
CVSS 4.8
CVE-2020-25901 EXPLOITDB MEDIUM text
Spiceworks 7.5.7.0 - Open Redirect via Host Header Injection
Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
by Ramikan
CVSS 6.1
CVE-2020-25495 EXPLOITDB MEDIUM text
Xinuos OpenServer 5 and 6 - Reflected Cross-Site Scripting via Section Parameter
A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'.
by Ramikan
CVSS 6.1
CVE-2020-25494 EXPLOITDB CRITICAL text
Xinuos OpenServer 5-6 - OS Command Injection via printbook cgi-bin Parameters
Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook.
by Ramikan
CVSS 9.8
EIP-2026-111389 EXPLOITDB text
Point of Sale System 1.0 - Multiple Stored XSS
by Saeed Bala Ahmed
CVE-2020-35151 EXPLOITDB HIGH text
Online Marriage Registration System 1.0 - SQL Injection
The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection.
by Raffaele Sabato
CVSS 8.8
EIP-2026-104451 EXPLOITDB text
Spotweb 1.4.9 - 'search' SQL Injection
by BouSalman
CVE-2020-20142 EXPLOITDB MEDIUM text
Flexmonster Pivot Table & Charts 2.7.17 - Cross-Site Scripting in To Remote CSV Component
Cross Site Scripting (XSS) vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table & Charts 2.7.17.
by Marco Nappi
CVSS 6.1
CVE-2020-20141 EXPLOITDB MEDIUM text
Flexmonster Pivot Table & Charts 2.7.17 - Cross-Site Scripting in To OLAP (XMLA) Component
Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17.
by Marco Nappi
CVSS 6.1
CVE-2020-20140 EXPLOITDB MEDIUM text
Flexmonster Pivot Table & Charts 2.7.17 - Stored Cross-Site Scripting in Remote Report Open Menu
Cross Site Scripting (XSS) vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17.
by Marco Nappi
CVSS 6.1
CVE-2020-20139 EXPLOITDB MEDIUM text
Flexmonster Pivot Table & Charts 2.7.17 - Cross-Site Scripting in Remote JSON Component
Cross Site Scripting (XSS) vulnerability in the Remote JSON component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17.
by Marco Nappi
CVSS 6.1
By Source
All 31,386 Writeup 62,320 Exploitdb 50,076 Nomisec 22,421 Github 3,644 Metasploit 3,314 Vulncheck_xdb 929 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,581 ruby 6,005 c 3,628 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 132 go 73 postscript 25 typescript 25