Skip to content

Nguyen-Trung-Kien/CVE

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

CVE

CVE Update

CVE ID Description CVSS 3.0 CVE MITRE NVD
CVE-2021-46253 XSS v.0.12.7 store in archor cms 5.4 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46253 https://nvd.nist.gov/vuln/detail/CVE-2021-46253
CVE-2021-46458 Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add_post. This vulnerability can be exploited through a crafted POST request via the post_title parameter. 7.5 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46458 https://nvd.nist.gov/vuln/detail/CVE-2021-46458
CVE-2021-46459 Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. These vulnerabilities can be exploited through a crafted POST request via the user_name, user_firstname,user_lastname, or user_email parameters. 7.5 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46459 https://nvd.nist.gov/vuln/detail/CVE-2021-46459
CVE-2021-46253 Hospital Management System v4.0 was discovered to contain a blind SQL injection vulnerability via the register function in func2.php. 7.5 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24226 https://nvd.nist.gov/vuln/detail/CVE-2022-24226
CVE-2022-24227 A cross-site scripting (XSS) vulnerability in BoltWire v7.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters. 6.1 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24227 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24227
CVE-2022-24585 A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24585 https://nvd.nist.gov/vuln/detail/CVE-2022-24585
CVE-2022-24586 A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24586 https://nvd.nist.gov/vuln/detail/CVE-2022-24586
CVE-2022-24587 A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24587 https://nvd.nist.gov/vuln/detail/CVE-2022-24587
CVE-2022-24588 Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability in the Upload SVG File function. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24588 https://nvd.nist.gov/vuln/detail/CVE-2022-24588
CVE-2022-24589 Burden v3.0 was discovered to contain a stored cross-site scripting (XSS) in the Add Category function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the task parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24589 https://nvd.nist.gov/vuln/detail/CVE-2022-24589
CVE-2022-24590 A stored cross-site scripting (XSS) vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24590 https://nvd.nist.gov/vuln/detail/CVE-2022-24590

About

CVE Update

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published