Page 12 of 8781 results (0.017 seconds)

CVSS: 5.5EPSS: 0%CPEs: -EXPL: 0

This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks. • https://access.redhat.com/security/cve/CVE-2024-11079 https://bugzilla.redhat.com/show_bug.cgi?id=2325171 • CWE-20: Improper Input Validation •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument e leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org https://github.com/UnrealdDei/cve/blob/main/xss.md https://vuldb.com/?ctiid.283873 https://vuldb.com/?id.283873 https://vuldb.com/?submit.441187 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1

A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag Type Handler. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/sanluan/PublicCMS/issues/IB1Q5J https://vuldb.com/?ctiid.283853 https://vuldb.com/?id.283853 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server. • https://www.twcert.org.tw/en/cp-139-8214-64fa2-2.html https://www.twcert.org.tw/tw/cp-132-8213-3413b-1.html • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server. • https://www.twcert.org.tw/en/cp-139-8212-a7d3a-2.html https://www.twcert.org.tw/tw/cp-132-8211-a2da2-1.html • CWE-434: Unrestricted Upload of File with Dangerous Type •