CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch.
The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not validate some of its shortcode attributes before using them to generate an HTML tag, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
2023-01-24
N/A
9.8 CRITICAL
A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file admin/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218472.
A vulnerability was found in saemorris TheRadSystem. It has been classified as problematic. Affected is an unknown function of the file users.php. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. VDB-218454 is the identifier assigned to this vulnerability.
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/page-login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-218426 is the identifier assigned to this vulnerability.
Adminbundle, Customer_management_framework, Data-hub, Perspective_editor, Admin_classic_bundle, Core, Customer-data-framework, Customer_data_framework
2023-01-24
N/A
5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.14.
Cr1000, Cr1000_firmware, Cr300, Cr3000, Cr3000_firmware, Cr300_firmware, Cr6, Cr6_firmware, Cr800, Cr800_firmware
2023-02-06
N/A
9.1 CRITICAL
Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the default configuration, allow this situation via the PakBus port. The exploitation of this vulnerability may allow an attacker to download, modify, and upload new configuration files.
Path Traversal: '..filename' in GitHub repository froxlor/froxlor prior to 2.0.0.
Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10.