8.5
CVE-2020-37037 - AVAST SecureLine 5.5.522.0 - 'SecureLine' Unquoted Service Path
Avast SecureLine 5.5.522.0 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem account pโฆ
5.1
CVE-2023-54343 - QWE DL 2.0.1 Persistent XSS Vulnerability via Path Parameter
QWE DL 2.0.1 mobile web application contains a persistent input validation vulnerability allowing remote attackers to inject malicious script code through path parameter manipulation. Attackers can exploit the vulnerability to execute persistent cross-site scripting attacks, potentially leading to โฆ
5.1
CVE-2022-50952 - Banco Guayaquil 8.0.0 Mobile iOS Cross-Site Scripting via Profile Name Input
Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the TextBox Name Profile input. Attackers can inject malicious script code through a POST request that executes on application review without user interaction.
5.1
CVE-2022-50951 - WiFi File Transfer 1.0.8 Persistent XSS via Web Server Input Validation
WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbitrary JavaScript when users preview infectedโฆ
7.1
CVE-2022-50950 - Webile 1.0.1 Directory Traversal Vulnerability via Web Application
Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensitive system directories and potentially compromise the mobile device's local file system.
7.1
CVE-2021-47921 - Free Photo & Video Vault 0.0.2 Directory Traversal Vulnerability via Web Request
Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can exploit the vulnerability without privileges to retrieve environment variables and access unauthorizeโฆ
4.8
CVE-2022-50942 - Incinga Web 2.8.2 Client-Side Cross-Site Scripting via EventListener
Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to execute arbitrary scripts, potentially leading to session hijackingโฆ
5.1
CVE-2022-50941 - BootCommerce 3.2.1 Persistent Cross-Site Scripting via Order Checkout
BootCommerce 3.2.1 contains persistent input validation vulnerabilities that allow remote attackers to inject malicious script code through guest order checkout input fields. Attackers can exploit unvalidated input parameters to execute arbitrary scripts, potentially leading to session hijacking, pโฆ
5.1
CVE-2022-50940 - Knap Advanced PHP Login 3.1.3 Persistent Cross-Site Scripting via Name Parameter
Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially leadโฆ
5.1
CVE-2022-50797 - Stripe Green Downloads Wordpress Plugin 2.03 Persistent XSS via Settings
Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and appliโฆ