Text Exploits
31,386 exploits tracked across all sources.
WordPress Canto Plugin 1.3.0 - Blind Server-Side Request Forgery via detail.php
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.
by Pankaj Verma
CVSS 5.3
Sony BRAVIA Digital Signage 1.7.8 - RCE
Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify display content by manipulating the input material type.
by LiquidWorm
CVSS 6.1
Sony BRAVIA Digital Signage <1.7.8 - Info Disclosure
Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API.
by LiquidWorm
CVSS 7.5
Coastercms v5.8.18 - Cross-Site Scripting
Coastercms v5.8.18 is affected by cross-site Scripting (XSS). A user can steal a cookie and make the user redirect to any malicious website because it is trigged on the main home page of the product/application.
by Hardik Solanki
CVSS 5.4
PHPGurukul User Registration & Login and User Management System Wit...
A Cross Site Request Forgery (CSRF) vulnerability exists in the loginsystem page in PHPGurukul User Registration & Login and User Management System With Admin Panel 2.1.
by Dipak Panchal
CVSS 8.8
EGavilan Media EGM Address Book 1.0 - SQL Injection
EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution.
by Mayur Parmar
CVSS 9.8
mojoPortal forums 2.7.0.0 - 'Title' Persistent Cross-Site Scripting
by Sagar Banwa
Invision Community 4.5.4 - Stored Cross-Site Scripting in Field Name
Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. This vulnerability can allow an attacker to inject the XSS payload in Field Name and each time any user will open that, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.
by Hemant Patidar
CVSS 4.8
NewsLister Authenticated Persistent Cross-Site Scripting via Admin Panel
NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the title parameter in the news addition interface. Attackers can inject JavaScript payloads via the title field in the admin panel that execute when news items are viewed by other users.
by Emre Aslan
CVSS 6.4
Realtek Andrea RT Filters 1.0.64.7 - Code Injection
Realtek Andrea RT Filters 1.0.64.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files\IDT\WDM\AESTSr64.exe' to inject malicious code that would execute during service startup or system reboot.
by Manuel Alvarez
CVSS 7.8
WebDamn User Registration Login System - SQL Injection
WebDamn User Registration Login System contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating email credentials. Attackers can inject the payload '<email>' OR '1'='1' in both username and password fields to gain unauthorized access to the user panel.
by Aakash Madaan
CVSS 8.2
ILIAS Learning Management System <4.3 - SSRF
ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file contents when the portfolio is exported to PDF.
by Dot
CVSS 4.0
asc Timetables 2021.6.2 - Denial of Service via Subject Title Field Overflow
aSc TimeTables 2021.6.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting subject title fields with excessive data. Attackers can generate a 10,000-character buffer and paste it into the subject title to trigger application instability and potential crash.
by Ismael Nava
CVSS 7.5
PHPGurukul Employee Record Management System 1.1 - SQL Injection
SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.
by Anurag Kumar
CVSS 9.8
EGavilan Media Expense Management System 1.0 - Stored Cross-Site Scripting via Description Field
XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the 'description' field
by Nikhil Kumar
CVSS 6.1
Bakeshop Online Ordering System 1.0 - Stored Cross-Site Scripting in Admin Dashboard Categories
Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remote attackers to inject an arbitrary web script or HTML in admin dashboard - "Categories".
by Parshwa Bhavsar
CVSS 4.8
dotcms 20.11 - Stored Cross-Site Scripting in Admin Panel Template Addition
DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS.
by Hardik Solanki
CVSS 4.8
EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Cross-Site Request Forgery in User Profile Panel
EgavilanMedia User Registration & Login System with Admin Panel 1.0 is affected by Cross Site Request Forgery (CSRF) to remotely gain privileges in the User Profile panel. An attacker can update any user's account.
by Hardik Solanki
CVSS 8.0
Student Result Management System - SQL Injection
Student Result Management System In PHP With Source Code is affected by SQL injection. An attacker can able to access of Admin Panel and manage every account of Result.
by Ritesh Gohil
CVSS 9.1
User Registration & Login System with Admin Panel 1.0 - Cross-Site Scripting via Full Name Parameter
Cross Site Scripting (XSS) vulnerability via the 'Full Name' parameter in the User Registration section of User Registration & Login System with Admin Panel 1.0.
by Soushikta Chowdhury
CVSS 6.1
EGavilan Media Under Construction page with cPanel 1.0 - SQL Injection
EGavilan Media Under Construction page with cPanel 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution.
by Mayur Parmar
CVSS 9.8
Online Birth Certificate System Project V 1.0 - XSS
Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel, the attacker can able to steal the cookie according to the crafted payload.
by Sagar Banwa
CVSS 6.1
PRTG Network Monitor 20.1.56.1574 - Authenticated Stored Cross-Site Scripting via Map Designer Properties
XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. This can be exploited against any user with View Maps or Edit Maps access.
by Amin Rawah
CVSS 5.4
By Source