#ExploitObserverAlert
CVE-2018-7274
DESCRIPTION: Exploit Observer has 12 entries in 4 file formats related to CVE-2018-7274. Yab Quarx through 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog (Title), FAQ (Question), Pages (Title), Widgets (Name), and Menus (Name).
FIRST-EPSS: 0.000590000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.8612864
CVE-2018-7274
DESCRIPTION: Exploit Observer has 12 entries in 4 file formats related to CVE-2018-7274. Yab Quarx through 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog (Title), FAQ (Question), Pages (Title), Widgets (Name), and Menus (Name).
FIRST-EPSS: 0.000590000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.8612864
#ExploitObserverAlert
CVE-2023-4973
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to CVE-2023-4973. A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument searched_word/searched_tution_class_type[]/searched_price_type[]/searched_duration[] leads to cross site scripting. The attack can be launched remotely. The identifier VDB-239749 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.002350000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.9609252
CVE-2023-4973
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to CVE-2023-4973. A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument searched_word/searched_tution_class_type[]/searched_price_type[]/searched_duration[] leads to cross site scripting. The attack can be launched remotely. The identifier VDB-239749 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
FIRST-EPSS: 0.002350000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.9609252
#ExploitObserverAlert
CVE-2023-50386
DESCRIPTION: Exploit Observer has 20 entries in 6 file formats related to CVE-2023-50386. Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API. When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups). If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted. When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. In these versions, the following protections have been added: * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader. * The Backup API restricts saving backups to directories that are used in the ClassLoader.
FIRST-EPSS: 0.872420000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.9796416
CVE-2023-50386
DESCRIPTION: Exploit Observer has 20 entries in 6 file formats related to CVE-2023-50386. Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API. When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups). If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted. When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. In these versions, the following protections have been added: * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader. * The Backup API restricts saving backups to directories that are used in the ClassLoader.
FIRST-EPSS: 0.872420000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.9796416
#ExploitObserverAlert
CVE-2024-24786
DESCRIPTION: Exploit Observer has 504 entries in 33 file formats related to CVE-2024-24786. The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.9738394
CVE-2024-24786
DESCRIPTION: Exploit Observer has 504 entries in 33 file formats related to CVE-2024-24786. The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.9738394
#ExploitObserverAlert
CVE-2016-9187
DESCRIPTION: Exploit Observer has 19 entries in 3 file formats related to CVE-2016-9187. Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.
FIRST-EPSS: 0.004130000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.8724231
CVE-2016-9187
DESCRIPTION: Exploit Observer has 19 entries in 3 file formats related to CVE-2016-9187. Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.
FIRST-EPSS: 0.004130000
NVD-IS: 5.9
NVD-ES: 2.8
ARPS-PRIORITY: 0.8724231
#ExploitObserverAlert
CVE-2019-10169
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2019-10169. A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running application.
FIRST-EPSS: 0.000880000
NVD-IS: 5.9
NVD-ES: 1.2
ARPS-PRIORITY: 0.7710746
CVE-2019-10169
DESCRIPTION: Exploit Observer has 8 entries in 3 file formats related to CVE-2019-10169. A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running application.
FIRST-EPSS: 0.000880000
NVD-IS: 5.9
NVD-ES: 1.2
ARPS-PRIORITY: 0.7710746
#ExploitObserverAlert
CVE-2024-21511
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to CVE-2024-21511. Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.757628
CVE-2024-21511
DESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to CVE-2024-21511. Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.757628
#ExploitObserverAlert
CVE-2020-29470
DESCRIPTION: Exploit Observer has 8 entries in 4 file formats related to CVE-2020-29470. OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. This vulnerability can allow an attacker to inject the XSS payload in the Subject field of the mail and each time any user will open that mail of the website, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.
FIRST-EPSS: 0.000910000
NVD-IS: 2.7
NVD-ES: 1.7
ARPS-PRIORITY: 0.8643997
CVE-2020-29470
DESCRIPTION: Exploit Observer has 8 entries in 4 file formats related to CVE-2020-29470. OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. This vulnerability can allow an attacker to inject the XSS payload in the Subject field of the mail and each time any user will open that mail of the website, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.
FIRST-EPSS: 0.000910000
NVD-IS: 2.7
NVD-ES: 1.7
ARPS-PRIORITY: 0.8643997
#ExploitObserverAlert
CVE-2017-2641
DESCRIPTION: Exploit Observer has 13 entries in 4 file formats related to CVE-2017-2641. In Moodle 2.x and 3.x, SQL injection can occur via user preferences.
FIRST-EPSS: 0.004730000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.861688
CVE-2017-2641
DESCRIPTION: Exploit Observer has 13 entries in 4 file formats related to CVE-2017-2641. In Moodle 2.x and 3.x, SQL injection can occur via user preferences.
FIRST-EPSS: 0.004730000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.861688
#ExploitObserverAlert
CVE-2023-2948
DESCRIPTION: Exploit Observer has 11 entries in 5 file formats related to CVE-2023-2948. Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.
FIRST-EPSS: 0.002630000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.9778651
CVE-2023-2948
DESCRIPTION: Exploit Observer has 11 entries in 5 file formats related to CVE-2023-2948. Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.
FIRST-EPSS: 0.002630000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.9778651
#ExploitObserverAlert
CVE-2023-2949
DESCRIPTION: Exploit Observer has 10 entries in 5 file formats related to CVE-2023-2949. Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.
FIRST-EPSS: 0.002630000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.9530915
CVE-2023-2949
DESCRIPTION: Exploit Observer has 10 entries in 5 file formats related to CVE-2023-2949. Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.
FIRST-EPSS: 0.002630000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.9530915
#ExploitObserverAlert
CVE-2019-6340
DESCRIPTION: Exploit Observer has 160 entries in 16 file formats related to CVE-2019-6340. Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)
FIRST-EPSS: 0.974820000
NVD-IS: 5.9
NVD-ES: 2.2
ARPS-PRIORITY: 0.9540601
CVE-2019-6340
DESCRIPTION: Exploit Observer has 160 entries in 16 file formats related to CVE-2019-6340. Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)
FIRST-EPSS: 0.974820000
NVD-IS: 5.9
NVD-ES: 2.2
ARPS-PRIORITY: 0.9540601
#ExploitObserverAlert
CVE-2019-9553
DESCRIPTION: Exploit Observer has 28 entries in 5 file formats related to CVE-2019-9553. Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933.
FIRST-EPSS: 0.002070000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.8516465
CVE-2019-9553
DESCRIPTION: Exploit Observer has 28 entries in 5 file formats related to CVE-2019-9553. Bolt 3.6.4 has XSS via the slug, teaser, or title parameter to editcontent/pages, a related issue to CVE-2017-11128 and CVE-2018-19933.
FIRST-EPSS: 0.002070000
NVD-IS: 2.7
NVD-ES: 2.8
ARPS-PRIORITY: 0.8516465
#ExploitObserverAlert
CVE-2024-28253
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2024-28253. OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. `CompiledRule::validateExpression` is also called from `PolicyRepository.prepare`. `prepare()` is called from `EntityRepository.prepareInternal()` which, in turn, gets called from `EntityResource.createOrUpdate()`. Note that even though there is an authorization check (`authorizer.authorize()`), it gets called after `prepareInternal()` gets called and therefore after the SpEL expression has been evaluated. In order to reach this method, an attacker can send a PUT request to `/api/v1/policies` which gets handled by `PolicyResource.createOrUpdate()`. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as `GHSL-2023-252`. This issue may lead to Remote Code Execution and has been addressed in version 1.3.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000440000
ARPS-PRIORITY: 0.7718071
CVE-2024-28253
DESCRIPTION: Exploit Observer has 7 entries in 3 file formats related to CVE-2024-28253. OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. `CompiledRule::validateExpression` is also called from `PolicyRepository.prepare`. `prepare()` is called from `EntityRepository.prepareInternal()` which, in turn, gets called from `EntityResource.createOrUpdate()`. Note that even though there is an authorization check (`authorizer.authorize()`), it gets called after `prepareInternal()` gets called and therefore after the SpEL expression has been evaluated. In order to reach this method, an attacker can send a PUT request to `/api/v1/policies` which gets handled by `PolicyResource.createOrUpdate()`. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as `GHSL-2023-252`. This issue may lead to Remote Code Execution and has been addressed in version 1.3.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FIRST-EPSS: 0.000440000
ARPS-PRIORITY: 0.7718071
#ExploitObserverAlert
CVE-2020-29471
DESCRIPTION: Exploit Observer has 8 entries in 4 file formats related to CVE-2020-29471. OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger.
FIRST-EPSS: 0.000910000
NVD-IS: 2.7
NVD-ES: 1.7
ARPS-PRIORITY: 0.8643997
CVE-2020-29471
DESCRIPTION: Exploit Observer has 8 entries in 4 file formats related to CVE-2020-29471. OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload a profile image as a malicious code using JavaScript. Whenever anyone will see the profile picture, the code will execute and XSS will trigger.
FIRST-EPSS: 0.000910000
NVD-IS: 2.7
NVD-ES: 1.7
ARPS-PRIORITY: 0.8643997
#ExploitObserverAlert
CVE-2016-10034
DESCRIPTION: Exploit Observer has 294 entries in 19 file formats related to CVE-2016-10034. The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.
FIRST-EPSS: 0.964080000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.9680715
CVE-2016-10034
DESCRIPTION: Exploit Observer has 294 entries in 19 file formats related to CVE-2016-10034. The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.
FIRST-EPSS: 0.964080000
NVD-IS: 5.9
NVD-ES: 3.9
ARPS-PRIORITY: 0.9680715
#ExploitObserverAlert
CVE-2017-11128
DESCRIPTION: Exploit Observer has 28 entries in 5 file formats related to CVE-2017-11128. Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry.
FIRST-EPSS: 0.000570000
NVD-IS: 2.7
NVD-ES: 2.3
ARPS-PRIORITY: 0.8516465
CVE-2017-11128
DESCRIPTION: Exploit Observer has 28 entries in 5 file formats related to CVE-2017-11128. Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry.
FIRST-EPSS: 0.000570000
NVD-IS: 2.7
NVD-ES: 2.3
ARPS-PRIORITY: 0.8516465
#ExploitObserverAlert
CVE-2017-15806
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to CVE-2017-15806. The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php."
FIRST-EPSS: 0.145860000
NVD-IS: 5.9
NVD-ES: 2.2
ARPS-PRIORITY: 0.8695922
CVE-2017-15806
DESCRIPTION: Exploit Observer has 11 entries in 4 file formats related to CVE-2017-15806. The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php."
FIRST-EPSS: 0.145860000
NVD-IS: 5.9
NVD-ES: 2.2
ARPS-PRIORITY: 0.8695922
#ExploitObserverAlert
CVE-2023-5824
DESCRIPTION: Exploit Observer has 92 entries in 5 file formats related to CVE-2023-5824. Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.
FIRST-EPSS: 0.009670000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.7689626
CVE-2023-5824
DESCRIPTION: Exploit Observer has 92 entries in 5 file formats related to CVE-2023-5824. Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.
FIRST-EPSS: 0.009670000
NVD-IS: 3.6
NVD-ES: 3.9
ARPS-PRIORITY: 0.7689626
#ExploitObserverAlert
CVE-2023-4622
DESCRIPTION: Exploit Observer has 186 entries in 6 file formats related to CVE-2023-4622. A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.0
ARPS-PRIORITY: 0.9517538
CVE-2023-4622
DESCRIPTION: Exploit Observer has 186 entries in 6 file formats related to CVE-2023-4622. A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.
FIRST-EPSS: 0.000420000
NVD-IS: 5.9
NVD-ES: 1.0
ARPS-PRIORITY: 0.9517538
#ExploitObserverAlert
CVE-2024-3515
DESCRIPTION: Exploit Observer has 18 entries in 5 file formats related to CVE-2024-3515. Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7748272
CVE-2024-3515
DESCRIPTION: Exploit Observer has 18 entries in 5 file formats related to CVE-2024-3515. Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
FIRST-EPSS: 0.000450000
ARPS-PRIORITY: 0.7748272