Text Exploits
31,386 exploits tracked across all sources.
Xeroneit Library Management System 3.1 - XSS
Xeroneit Library Management System 3.1 contains a stored cross-site scripting vulnerability in the Book Category feature that allows administrators to inject malicious scripts. Attackers can insert a payload in the Category Name field to execute arbitrary JavaScript code when the page is loaded.
by Kislay Kumar
CVSS 6.4
QDOCS Smart Hospital Management System 3.1 - Stored Cross-Site Scripting via Add Patient Form
A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart Hospital Management System 3.1 allows a remote attacker to inject arbitrary code via the Name, Guardian Name, Email, Address, Remarks, or Any Known Allergies field.
by Kislay Kumar
CVSS 4.8
Alumni Management System 1.0 - Unrestricted File Upload To RCE
by Aakash Madaan
Alumni Management System 1.0 - _Course Form_ Stored XSS
by Aakash Madaan
FRITZ!Box 7490 Firmware < 7.21 - DNS Rebinding Protection Mechanism Bypass
FRITZ!OS before 7.21 on FRITZ!Box devices allows a bypass of a DNS Rebinding protection mechanism.
by RedTeam Pentesting GmbH
CVSS 7.8
Victor CMS 1.0 - SQL Injection via c_id, p_id, u_id, and edit Parameters
Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php.
by Furkan Göksel
CVSS 8.8
PHPJabbers Appointment Scheduler 2.3 - Cross-Site Scripting in Admin Login Page
Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML.
by Andrea Intilangelo
CVSS 6.1
Online Tours & Travels Management System 1.0 - _id_ SQL Injection
by Saeed Bala Ahmed
Medical Center Portal Management System 1.0 - 'id' SQL Injection
by Saeed Bala Ahmed
Interview Management System 1.0 - Stored XSS in Add New Question
by Saeed Bala Ahmed
Interview Management System 1.0 - 'id' SQL Injection
by Saeed Bala Ahmed
Customer Support System 1.0 - _First Name_ & _Last Name_ Stored XSS
by Saeed Bala Ahmed
nxlog < 3.0.2272 - Denial of Service via Crafted Syslog Payload
The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service (daemon crash) via a crafted Syslog payload to the Syslog service. This attack requires a specific configuration. Also, the name of the directory created must use a Syslog field. (For example, on Linux it is not possible to create a .. directory. On Windows, it is not possible to create a CON directory.)
by Guillaume PETIT
CVSS 7.5
Grav CMS 1.6.30 with Admin Plugin 1.9.18 - Authenticated Stored Cross-Site Scripting via Page Title Field
Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the title, which will be executed when the page is viewed in the admin panel or on the site.
by Sagar Banwa
CVSS 6.4
raysync < 3.3.3.8 - Unauthenticated Remote Code Execution via Path Traversal
A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can login as "admin", then to modify specific shell file to achieve remote code execution(RCE) on the hosting server.
by james
CVSS 8.8
Seotoaster 3.2.0 - Stored XSS on Edit page properties
by Hardik Solanki
PrestaShop ProductComments 4.2.0 - 'id_products' Time Based Blind SQL Injection
by Frederic ADAM
Task Management System 1.0 - 'page' Local File Inclusion
by İsmail BOZKURT
By Source