Text Exploits
31,386 exploits tracked across all sources.
Pandora FMS 7.0 NG 749 - Multiple Persistent Cross-Site Scripting Vulnerabilities
by Matthew Aberegg
Online Shopping Alphaware 1.0 - Error Based SQL injection
by Moaaz Taha
Medical Center Portal Management System 1.0 - 'login' SQL Injection
by Aydın Baran Ertemir
Lepton-CMS 4.7.0 - Stored Cross-Site Scripting via Admin URL Field
Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered.
by Sagar Banwa
CVSS 4.8
Joomla Component GMapFP <J3.5/J3.5free - Info Disclosure
In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions.
by ThelastVvV
CVSS 7.5
WordPress Theme Wibar 1.1.8 Stored Cross-Site Scripting via Brand Component
WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject base64-encoded script payloads through the ftc_brand_url input field to execute arbitrary JavaScript when users visit the brand page.
by Ilca Lucian Florin
CVSS 6.4
Wordpress Theme Accesspress Social Icons 1.7.9 - SQL injection (Authenticated)
by SunCSR
WonderCMS 3.1.3 - 'uploadFile' Stored Cross-Site Scripting
by Sun* Cyber Security Research Team
ElkarBackup 1.3.3 - 'Policy[name]' and 'Policy[Description]' Stored Cross-site Scripting
by Vyshnav nk
Best Support System v3.0.4 - Authenticated Stored Cross-Site Scripting
An Authenticated Persistent XSS vulnerability was discovered in the Best Support System, tested version v3.0.4.
by Ex.Mi
CVSS 5.4
Wondershare Driver Install Service - Privilege Escalation
Wondershare Driver Install Service contains an unquoted service path vulnerability in the ElevationService executable that allows local attackers to potentially inject malicious code. Attackers can exploit the unquoted path to replace the service binary with a malicious executable, enabling privilege escalation to LocalSystem account.
by Luis Sandoval
CVSS 7.8
WonderCMS 3.1.3 - Stored Cross-Site Scripting in Admin Panel Page Keywords
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. An attacker can inject the XSS payload in Page keywords and each time any user will visit the website, the XSS triggers, and the attacker can able to steal the cookie according to the crafted payload.
by Mayur Parmar
CVSS 4.8
osCommerce 2.3.4.1 - 'title' Persistent Cross-Site Scripting
by Emre Aslan
OpenCart 3.0.3.6 - Stored Cross-Site Scripting in Mail Subject Field
OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. This vulnerability can allow an attacker to inject the XSS payload in the Subject field of the mail and each time any user will open that mail of the website, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.
by Hemant Patidar
CVSS 4.8
OpenCart 3.0.3.6 - Stored Cross-Site Scripting via Profile Image Upload
OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger.
by Hemant Patidar
CVSS 4.8
nopCommerce Store 4.30 - Stored Cross-Site Scripting in Schedule Tasks Name Field
nopCommerce Store 4.30 is affected by cross-site scripting (XSS) in the Schedule tasks name field. This vulnerability can allow an attacker to inject the XSS payload in Schedule tasks and each time any user will go to that page of the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload.
by Hemant Patidar
CVSS 4.8
Apache OpenMeetings 4.0.0-5.0.0 - Denial of Service via NetTest Web Service
Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.
by SunCSR
CVSS 7.5
Seowon 130-SLC router 1.0.11 - 'ipAddr' RCE (Authenticated)
by maj0rmil4d
Liferay Portal 7.1.0-7.2.1 GA2 - Stored Cross-Site Scripting in User Account Name Fields
In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will then be rendered when a user utilizes the search feature to search for other users (i.e., if a user with modified fields occurs in the search results). This issue was fixed in Liferay Portal CE version 7.3.0 GA1.
by 3ndG4me
CVSS 5.4
TP-Link TL-WA855RE V5 - Privilege Escalation
TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password.
by malwrforensics
CVSS 8.8
By Source