Exploitdb Exploits
50,076 exploits tracked across all sources.
Queue Management System 4.0.0 Stored XSS via Add User
Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert JavaScript payloads in the First Name, Last Name, and Email fields during user creation, which execute when viewing the User List page.
by Kislay Kumar
CVSS 6.4
Academy-LMS 4.3 - Stored Cross-Site Scripting in SEO Panel
Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel.
by Vinicius Alves
CVSS 4.8
Spiceworks 7.5.7.0 - Open Redirect via Host Header Injection
Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
by Ramikan
CVSS 6.1
Xinuos OpenServer 5 and 6 - Reflected Cross-Site Scripting via Section Parameter
A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'.
by Ramikan
CVSS 6.1
Xinuos OpenServer 5-6 - OS Command Injection via printbook cgi-bin Parameters
Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook.
by Ramikan
CVSS 9.8
Online Marriage Registration System 1.0 - SQL Injection
The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection.
by Raffaele Sabato
CVSS 8.8
Flexmonster Pivot Table & Charts 2.7.17 - Cross-Site Scripting in To Remote CSV Component
Cross Site Scripting (XSS) vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table & Charts 2.7.17.
by Marco Nappi
CVSS 6.1
Flexmonster Pivot Table & Charts 2.7.17 - Cross-Site Scripting in To OLAP (XMLA) Component
Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17.
by Marco Nappi
CVSS 6.1
Flexmonster Pivot Table & Charts 2.7.17 - Stored Cross-Site Scripting in Remote Report Open Menu
Cross Site Scripting (XSS) vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17.
by Marco Nappi
CVSS 6.1
Flexmonster Pivot Table & Charts 2.7.17 - Cross-Site Scripting in Remote JSON Component
Cross Site Scripting (XSS) vulnerability in the Remote JSON component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17.
by Marco Nappi
CVSS 6.1
Xeroneit Library Management System 3.1 - XSS
Xeroneit Library Management System 3.1 contains a stored cross-site scripting vulnerability in the Book Category feature that allows administrators to inject malicious scripts. Attackers can insert a payload in the Category Name field to execute arbitrary JavaScript code when the page is loaded.
by Kislay Kumar
CVSS 6.4
SyncBreeze 10.0.28 - Denial of Service via Oversized Login Payload
SyncBreeze 10.0.28 contains a denial of service vulnerability in the login endpoint that allows remote attackers to crash the service. Attackers can send an oversized payload in the login request to overwhelm the application and potentially disrupt service availability.
by Ahmed Elkhressy
CVSS 7.5
QDOCS Smart Hospital Management System 3.1 - Stored Cross-Site Scripting via Add Patient Form
A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart Hospital Management System 3.1 allows a remote attacker to inject arbitrary code via the Name, Guardian Name, Email, Address, Remarks, or Any Known Allergies field.
by Kislay Kumar
CVSS 4.8
Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read (Metasploit)
by SunCSR Team
Alumni Management System 1.0 - Unrestricted File Upload To RCE
by Aakash Madaan
Alumni Management System 1.0 - _Course Form_ Stored XSS
by Aakash Madaan
FRITZ!Box 7490 Firmware < 7.21 - DNS Rebinding Protection Mechanism Bypass
FRITZ!OS before 7.21 on FRITZ!Box devices allows a bypass of a DNS Rebinding protection mechanism.
by RedTeam Pentesting GmbH
CVSS 7.8
Victor CMS 1.0 - SQL Injection via c_id, p_id, u_id, and edit Parameters
Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php.
by Furkan Göksel
CVSS 8.8
PHPJabbers Appointment Scheduler 2.3 - Cross-Site Scripting in Admin Login Page
Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML.
by Andrea Intilangelo
CVSS 6.1
Online Tours & Travels Management System 1.0 - _id_ SQL Injection
by Saeed Bala Ahmed
By Source