| CVE-2024-34061 |
changedetection.io Cross-site Scripting vulnerability version <=v0.45.21 |
4.3 |
https://github.com/advisories/GHSA-pwgc-w4x9-gw67 |
|
| CVE-2021-46253 |
XSS v.0.12.7 store in archor cms |
5.4 |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46253 |
https://nvd.nist.gov/vuln/detail/CVE-2021-46253 |
| CVE-2021-46458 |
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add_post. This vulnerability can be exploited through a crafted POST request via the post_title parameter. |
7.5 |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46458 |
https://nvd.nist.gov/vuln/detail/CVE-2021-46458 |
| CVE-2021-46459 |
Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. These vulnerabilities can be exploited through a crafted POST request via the user_name, user_firstname,user_lastname, or user_email parameters. |
7.5 |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46459 |
https://nvd.nist.gov/vuln/detail/CVE-2021-46459 |
| CVE-2021-46253 |
Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php. |
7.5 |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24226 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24226 |
| CVE-2022-24227 |
A cross-site scripting (XSS) vulnerability in BoltWire v7.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters. |
6.1 |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24227 |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24227 |
| CVE-2022-24585 |
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24585 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24585 |
| CVE-2022-24586 |
A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24586 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24586 |
| CVE-2022-24587 |
A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24587 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24587 |
| CVE-2022-24588 |
Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24588 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24588 |
| CVE-2022-24589 |
Burden v3.0 was discovered to contain a stored cross-site scripting (XSS) in the Add Category function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the task parameter. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24589 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24589 |
| CVE-2022-24590 |
A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24590 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24590 |