Text Exploits
31,386 exploits tracked across all sources.
Rumble Mail Server 0.51.3135 - Cross-Site Scripting via Username Parameter
A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the username parameter.
by Mohammed Alshehri
CVSS 5.4
Rumble Mail Server 0.51.3135 - Cross-Site Scripting via Servername Parameter
Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the servername parameter.
by Mohammed Alshehri
CVSS 5.4
System Explorer 7.0.0 - Privilege Escalation
An Unquoted Service Path vulnerability exists in System Explorer 7.0.0 via via a specially crafted file in the SystemExplorerHelpService service executable path.
by Mohammed Alshehri
CVSS 7.8
Rumble Mail Server <0.51.3135 - XSS
A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the (1) domain and (2) path parameters.
by Mohammed Alshehri
CVSS 5.4
SeaCMS 11.1 - Stored Cross-Site Scripting via Checkuser Parameter
SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded.
by j5s
CVSS 6.1
Rukovoditel 2.6.1 - Cross-Site Request Forgery (Change password)
by KeopssGroup0day_Inc
WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download
by Wadeek
Jenkins < 2.251 and LTS < 2.235.3 - Stored Cross-Site Scripting via Remote Build Trigger
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission or knowledge of the Authentication Token.
by gx1
CVSS 5.4
Ignite Realtime Openfire 4.6.0 - Stored Cross-Site Scripting in DB Access Plugin
Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql Stored XSS.
by j5s
CVSS 5.4
Ignite Realtime Openfire 4.6.0 - XSS
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XSS.
by j5s
CVSS 5.4
Ignite Realtime Openfire 4.6.0 - XSS
Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID Stored XSS.
by j5s
CVSS 5.4
Courier Management System 1.0 - SQL Injection via MULTIPART street Parameter
Courier Management System 1.0 1.0 is affected by SQL Injection via 'MULTIPART street '.
by Zhaiyi
CVSS 6.5
Courier Management System 1.0 - Stored Cross-Site Scripting via First Name Field
Courier Management System 1.0 - 'First Name' Stored XSS
by Zhaiyi
CVSS 5.4
Courier Management System 1.0 - SQL Injection via ref_no Parameter
SQL injection vulnerability was discovered in Courier Management System 1.0, which can be exploited via the ref_no (POST) parameter to admin_class.php
by Zhaiyi
CVSS 6.5
Supply Chain Management System - Auth Bypass SQL Injection
by Piyush Malviya
Medical Center Portal Management System 1.0 - Multiple Stored XSS
by Saeed Bala Ahmed
Jenkins < 2.235.3 and < 2.251 - Stored Cross-Site Scripting via Help Icon Tooltip
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability.
by gx1
CVSS 5.4
Jenkins < 2.235.3 and < 2.251 - Stored Cross-Site Scripting in Project Naming Strategy Description
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Overall/Manage permission.
by gx1
CVSS 5.4
PDF Complete <3.5.310.2002 - Code Injection
PDF Complete 3.5.310.2002 contains an unquoted service path vulnerability in its pdfsvc.exe service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges.
by Zaira Alquicira
CVSS 7.8
Openfire < 4.6.0 - Stored Cross-Site Scripting via NodeJS Plugin Path Parameter
Openfire 4.6.0 contains a stored cross-site scripting vulnerability in the nodejs plugin that allows attackers to inject malicious scripts through the 'path' parameter. Attackers can craft a payload with script tags to execute arbitrary JavaScript in the context of administrative users viewing the nodejs configuration page.
by j5s
CVSS 6.4
EGavilan Barcodes generator 1.0 - Stored Cross-Site Scripting via index.php
EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting (XSS) via the index.php. An Attacker is able to inject the XSS payload in the web application each time a user visits the website.
by Nikhil Kumar
CVSS 6.1
OpenCart 3.0.3.6 - Cross-Site Request Forgery in Cart Option
Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart.
by Mahendra Purbia
CVSS 3.5
WordPress Plugin Popup Builder 3.69.6 - Multiple Stored Cross Site Scripting
by Ilca Lucian Florin
By Source