Advanced Vulnerability Search
An issue in PublicCMS v.4.0.202302.e allows a remote attacker to obtain sensitive information via the appToken and Parameters parameter of the api/method/getHtml component.
Max Base Score
6.5
Published
2023-11-16
Updated
2023-11-21
EPSS
0.08%
Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/ component.
Max Base Score
5.4
Published
2023-11-15
Updated
2023-11-21
EPSS
0.04%
Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the QR code function in the manageapikeys component.
Max Base Score
5.4
Published
2023-11-15
Updated
2023-11-21
EPSS
0.05%
A cross-site scripting (XSS) vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim's browser via sending a crafted payload to /container_files/public_html/doc/index.html.
Max Base Score
6.1
Published
2023-11-14
Updated
2023-11-20
EPSS
0.05%
xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save.
Max Base Score
8.8
Published
2023-11-15
Updated
2023-11-21
EPSS
0.11%
xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage.
Max Base Score
5.4
Published
2023-11-15
Updated
2023-11-21
EPSS
0.05%
xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat.
Max Base Score
5.4
Published
2023-11-15
Updated
2023-11-21
EPSS
0.05%
DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php.
Max Base Score
5.4
Published
2023-11-13
Updated
2023-11-16
EPSS
0.05%
An issue was discovered in dreamer_cms 4.1.3. There is a CSRF vulnerability that can delete a theme project via /admin/category/delete.
Max Base Score
4.3
Published
2023-11-13
Updated
2023-11-16
EPSS
0.05%
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add
Max Base Score
8.8
Published
2023-11-13
Updated
2023-11-16
EPSS
0.06%
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run
Max Base Score
8.8
Published
2023-11-13
Updated
2023-11-16
EPSS
0.06%
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/update.
Max Base Score
8.8
Published
2023-11-14
Updated
2023-11-18
EPSS
0.06%
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus.
Max Base Score
8.8
Published
2023-11-14
Updated
2023-11-17
EPSS
0.06%
An issue was discovered in Click Studios Passwordstate before 9811. Existing users (Security Administrators) could use the System Wide API Key to read or delete private password records when specifically used with the PasswordHistory API endpoint. It is also possible to use the Copy/Move Password Record API Key to Copy/Move private password records.
Max Base Score
4.7
Published
2023-11-13
Updated
2023-11-20
EPSS
0.04%
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Event Manager WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin <= 3.1.39 versions.
Max Base Score
7.1
Published
2023-11-13
Updated
2023-11-16
EPSS
0.05%
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Gravity Master Product Enquiry for WooCommerce plugin <= 3.0 versions.
Max Base Score
7.1
Published
2023-11-13
Updated
2023-11-16
EPSS
0.05%
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit Shortcodes Finder plugin <= 1.5.3 versions.
Max Base Score
7.1
Published
2023-11-13
Updated
2023-11-16
EPSS
0.05%
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Anton Bond Additional Order Filters for WooCommerce plugin <= 1.10 versions.
Max Base Score
7.1
Published
2023-11-13
Updated
2023-11-16
EPSS
0.05%
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThemePunch OHG Essential Grid plugin <= 3.1.0 versions.
Max Base Score
7.1
Published
2023-11-14
Updated
2023-11-17
EPSS
0.05%
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Qode Interactive Qi Addons For Elementor plugin <= 1.6.3 versions.
Max Base Score
6.5
Published
2023-11-14
Updated
2023-11-17
EPSS
0.05%