Text Exploits
31,341 exploits tracked across all sources.
Customer Support System 1.0 - _First Name_ & _Last Name_ Stored XSS
by Saeed Bala Ahmed
Nxlog < 3.0.2272 - Insecure Deserialization
The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service (daemon crash) via a crafted Syslog payload to the Syslog service. This attack requires a specific configuration. Also, the name of the directory created must use a Syslog field. (For example, on Linux it is not possible to create a .. directory. On Windows, it is not possible to create a CON directory.)
by Guillaume PETIT
CVSS 7.5
Grav CMS 1.6.30 - XSS
Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the title, which will be executed when the page is viewed in the admin panel or on the site.
by Sagar Banwa
CVSS 6.4
Raysync < 3.3.3.8 - Path Traversal
A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can login as "admin", then to modify specific shell file to achieve remote code execution(RCE) on the hosting server.
by james
CVSS 8.8
Seotoaster 3.2.0 - Stored XSS on Edit page properties
by Hardik Solanki
PrestaShop ProductComments 4.2.0 - 'id_products' Time Based Blind SQL Injection
by Frederic ADAM
Task Management System 1.0 - 'page' Local File Inclusion
by İsmail BOZKURT
Rumble Mail Server 0.51.3135 - XSS
A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the username parameter.
by Mohammed Alshehri
CVSS 5.4
Rumble Mail Server 0.51.3135 - XSS
Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the servername parameter.
by Mohammed Alshehri
CVSS 5.4
System Explorer 7.0.0 - Privilege Escalation
An Unquoted Service Path vulnerability exists in System Explorer 7.0.0 via via a specially crafted file in the SystemExplorerHelpService service executable path.
by Mohammed Alshehri
CVSS 7.8
Rumble Mail Server <0.51.3135 - XSS
A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the (1) domain and (2) path parameters.
by Mohammed Alshehri
CVSS 5.4
SeaCMS 11.1 - XSS
SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded.
by j5s
CVSS 6.1
Rukovoditel 2.6.1 - Cross-Site Request Forgery (Change password)
by KeopssGroup0day_Inc
WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download
by Wadeek
Jenkins <2.251-<2.235.3 - XSS
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token.
by gx1
CVSS 5.4
Igniterealtime Openfire - XSS
Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS.
by j5s
CVSS 5.4
Ignite Realtime Openfire 4.6.0 - XSS
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS.
by j5s
CVSS 5.4
Ignite Realtime Openfire 4.6.0 - XSS
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS.
by j5s
CVSS 5.4
Courier Management System - SQL Injection
Courier Management System 1.0 1.0 is affected by SQL Injection via 'MULTIPART street '.
by Zhaiyi
CVSS 6.5
By Source