| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| WikiDocs version 0.1.18 has multiple reflected XSS vulnerabilities on different pages. |
| WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can upload a malicious file using the image upload form through index.php. |
| Fulusso v1.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability in /BindAccount/SuccessTips.js. This vulnerability allows attackers to inject malicious code into a victim user's device via open redirection. |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php. |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via doctorlogin.php. |
| HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php. |
| Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via index.php. |
| EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In the background, search terms provided by the user were not sanitized and were used directly to construct a SQL statement. |
| mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter curent_dir. |
| An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS). |
| BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability. |
| BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF). |
| BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes. |
| BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks. |
| BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. |
| BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control. |
| The Hyland Onbase Application Server releases prior to 20.3.58.1000 and OnBase releases 21.1.1.1000 through 21.1.15.1000 are vulnerable to a username enumeration vulnerability. An attacker can obtain valid users based on the response returned for invalid and valid users by sending a POST login request to the /mobilebroker/ServiceToBroker.svc/Json/Connect endpoint. This can lead to user enumeration against the underlying Active Directory integrated systems. |
| Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results. |
| DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter. |
| S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter. |
