Page 28 of 35136 results (0.052 seconds)

CVSS: 4.8EPSS: 0%CPEs: -EXPL: 0

A Cross Site Scriptng (XSS) vulnerability was found in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata" POST request parameter. • https://github.com/vkcyberexpert/CVE-Writeup/blob/main/PHPGurukul/Marriage%20Registration/Reflected%20Cross%20Site%20Scriptng%20o.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

An XML External Entity (XXE) vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities. • http://www.powertac.org https://github.com/powertac/powertac-server https://github.com/powertac/powertac-server/issues/1166 https://mvnrepository.com/artifact/org.powertac/server-interface • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0

D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions. • https://github.com/4hsien/CVE-vulns/blob/main/D-Link/DIR-820L/CI_ping_addr/README.md https://legacy.us.dlink.com/pages/product.aspx?id=00c2150966b046b58ba95d8ae3a8f73d https://www.dlink.com/en https://www.dlink.com/en/security-bulletin • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0

Cross Site Scripting vulnerability in Online Shop Store v.1.0 allows a remote attacker to execute arbitrary code via the login.php component. • https://github.com/Prabhatsk7/CVE/blob/main/CVE-2024-51213 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0

MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. • https://github.com/mediacms-io/mediacms/blob/main/docs/admins_docs.md https://github.com/mediacms-io/mediacms/security/advisories/GHSA-x3p4-4442-q2c3 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •