Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-707
Total 77 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-4353 1 Pb-cms Project 1 Pb-cms 2022-12-12 N/A 9.0 CRITICAL
A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this vulnerability is the function IpUtil.getIpAddr. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215113 was assigned to this vulnerability.
CVE-2022-4348 1 Ruoyi 1 Ruoyi-cloud 2022-12-09 N/A 6.1 MEDIUM
A vulnerability was found in y_project RuoYi-Cloud. It has been rated as problematic. Affected by this issue is some unknown functionality of the component JSON Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215108.
CVE-2022-4347 1 Beetl-bbs Project 1 Beetl-bbs 2022-12-09 N/A 5.4 MEDIUM
A vulnerability was found in xiandafu beetl-bbs. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file WebUtils.java. The manipulation of the argument user leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215107.
CVE-2022-4350 1 Mingsoft 1 Mcms 2022-12-09 N/A 6.1 MEDIUM
A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215112.
CVE-2020-36609 1 Duxcms Project 1 Duxcms 2022-12-09 N/A 5.4 MEDIUM
A vulnerability was found in annyshow DuxCMS 2.1. It has been classified as problematic. This affects an unknown part of the file admin.php&r=article/AdminContent/edit of the component Article Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215115.
CVE-2022-4282 1 Jrecms 1 Springbootcms 2022-12-06 N/A 7.2 HIGH
A vulnerability was found in SpringBootCMS and classified as critical. Affected by this issue is some unknown functionality of the component Template Management. The manipulation leads to injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214790 is the identifier assigned to this vulnerability.
CVE-2022-4257 1 Cdatatec 1 C-data Web Management System 2022-12-05 N/A 9.8 CRITICAL
A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214631.
CVE-2022-4251 1 Movie Ticket Booking System Project 1 Movie Ticket Booking System 2022-12-05 N/A 5.4 MEDIUM
A vulnerability was found in Movie Ticket Booking System and classified as problematic. Affected by this issue is some unknown functionality of the file editBooking.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214628.
CVE-2022-4250 1 Movie Ticket Booking System Project 1 Movie Ticket Booking System 2022-12-02 N/A 6.1 MEDIUM
A vulnerability has been found in Movie Ticket Booking System and classified as problematic. Affected by this vulnerability is an unknown functionality of the file booking.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214627.
CVE-2022-4253 1 Canteen Management System Project 1 Canteen Management System 2022-12-02 N/A 5.4 MEDIUM
A vulnerability was found in SourceCodester Canteen Management System. It has been declared as problematic. This vulnerability affects the function builtin_echo of the file customer.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-214630 is the identifier assigned to this vulnerability.
CVE-2022-4252 1 Canteen Management System Project 1 Canteen Management System 2022-12-02 N/A 6.1 MEDIUM
A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function builtin_echo of the file categories.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214629 was assigned to this vulnerability.
CVE-2022-4248 1 Movie Ticket Booking System Project 1 Movie Ticket Booking System 2022-12-02 N/A 9.8 CRITICAL
A vulnerability, which was classified as critical, has been found in Movie Ticket Booking System. This issue affects some unknown processing of the file editBooking.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214625 was assigned to this vulnerability.
CVE-2022-4247 1 Movie Ticket Booking System Project 1 Movie Ticket Booking System 2022-12-02 N/A 9.8 CRITICAL
A vulnerability classified as critical was found in Movie Ticket Booking System. This vulnerability affects unknown code of the file booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214624.
CVE-2022-4234 1 Canteen Management System Project 1 Canteen Management System 2022-12-02 N/A 6.1 MEDIUM
A vulnerability was found in SourceCodester Canteen Management System. It has been rated as problematic. This issue affects the function builtin_echo of the file youthappam/brand.php. The manipulation of the argument brand_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214595.
CVE-2022-4091 1 Canteen Management System Project 1 Canteen Management System 2022-11-30 N/A 6.1 MEDIUM
A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function query of the file food.php. The manipulation of the argument product_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214359.
CVE-2022-3998 1 Scm Project 1 Scm 2022-11-22 N/A 9.8 CRITICAL
A vulnerability, which was classified as critical, was found in MonikaBrzica scm. This affects an unknown part of the file uredi_korisnika.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213699.
CVE-2022-3997 1 Scm Project 1 Scm 2022-11-22 N/A 6.1 MEDIUM
A vulnerability, which was classified as critical, has been found in MonikaBrzica scm. Affected by this issue is some unknown functionality of the file upis_u_bazu.php. The manipulation of the argument email/lozinka/ime/id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-213698 is the identifier assigned to this vulnerability.
CVE-2022-4015 1 Sports Club Management System Project 1 Sports Club Management System 2022-11-18 N/A 9.8 CRITICAL
A vulnerability, which was classified as critical, was found in Sports Club Management System 119. This affects an unknown part of the file admin/make_payments.php. The manipulation of the argument m_id/plan leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213789 was assigned to this vulnerability.
CVE-2022-3975 1 Nukeviet 1 Nukeviet 2022-11-18 N/A 6.1 MEDIUM
A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting. The attack may be launched remotely. Upgrading to version 4.5 is able to address this issue. The name of the patch is 0b3197fad950bb3383e83039a8ee4c9509b3ce02. It is recommended to upgrade the affected component. VDB-213554 is the identifier assigned to this vulnerability.
CVE-2022-4011 1 Simple History Project 1 Simple History 2022-11-18 N/A 9.8 CRITICAL
A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213785 was assigned to this vulnerability.