Exploitdb Exploits
50,121 exploits tracked across all sources.
Rocketsoft Rocket LMS 1.9 - XSS
A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications.
by Sergio Medeiros
CVSS 4.8
GLPI htmLawed php command injection
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
by Miguel Redondo
CVSS 9.8
Backdrop CMS 1.27.1 - Authenticated Remote Command Execution (RCE)
by Ahmet Ümit BAYRAM
Apache OFBiz <18.12.13 - Path Traversal
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.
Users are recommended to upgrade to version 18.12.13, which fixes the issue.
by Abdualhadi khalifa
CVSS 9.8
Chyrp - XSS
Chyrp 2.5.2 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into post titles. Attackers can craft payloads in the title field that will execute when the post is viewed by other users, potentially stealing session cookies or performing client-side attacks.
by Ahmet Ümit BAYRAM
CVSS 5.4
Pyrocms - XSS
PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect From' field to execute arbitrary JavaScript when administrators view the redirects page.
by tmrswrr
CVSS 5.4
CE Phoenix v3.0.1 - XSS
CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability in the currencies administration panel that allows attackers to inject malicious scripts. Attackers can insert XSS payloads in the title field to execute arbitrary JavaScript when administrators view the currencies page.
by tmrswrr
Prison Management System - SQL Injection Authentication Bypass
by Sanjay Singh
Leafpub 1.1.9 - Stored Cross-Site Scripting (XSS)
by Ahmet Ümit BAYRAM
Modcluster Mod Proxy Cluster - XSS
A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.
by Mohamed Mounir Boudjema
CVSS 5.4
iboss Secure Web Gateway - Stored Cross-Site Scripting (XSS)
by modrnProph3t
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Device Config Disclosure
by LiquidWorm
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Device Config Disclosure
by LiquidWorm
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Authentication Bypass
by LiquidWorm
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Device Config Disclosure
by LiquidWorm
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Authentication Bypass
by LiquidWorm
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Authentication Bypass
by LiquidWorm
Flowise <1.6.2 - RCE
An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component.
by Maerifat Majeed
CVSS 7.6
Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution
by Milad karimi
SofaWiki 3.9.2 - Remote Command Execution (RCE) (Authenticated)
by Ahmet Ümit BAYRAM
Laravel Framework <11 - Info Disclosure
An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, but needs to set the access control appropriately for the type of data that may be logged.
by Huseein Amer
By Source