Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web panel vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-4592
Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the p parameter.
Sportspanel Sports Clubs Web Portal 0.0.1
2 EDB exploits
9.8
CVSSv3
CVE-2021-43693
vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php.
Vestacp Vesta Control Panel 0.9.8-24
6.1
CVSSv3
CVE-2022-36303
Vesta v1.0.0-5 exists to contain a cross-site scripting (XSS) vulnerability via the handle_file_upload function at /web/api/v1/upload/UploadHandler.php.
Vestacp Vesta Control Panel 1.0.0-5
6.1
CVSSv3
CVE-2022-36305
Vesta v1.0.0-5 exists to contain a cross-site scripting (XSS) vulnerability via the body function at /web/api/v1/upload/UploadHandler.php.
Vestacp Vesta Control Panel 1.0.0-5
6.1
CVSSv3
CVE-2022-34025
Vesta v1.0.0-5 exists to contain a cross-site scripting (XSS) vulnerability via the post function at /web/api/v1/upload/UploadHandler.php.
Vestacp Vesta Control Panel 1.0.0-5
6.1
CVSSv3
CVE-2022-36304
Vesta v1.0.0-5 exists to contain a cross-site scripting (XSS) vulnerability via the generate_response function at /web/api/v1/upload/UploadHandler.php.
Vestacp Vesta Control Panel 1.0.0-5
NA
CVE-2009-2569
Multiple cross-site scripting (XSS) vulnerabilities in Verlihub Control Panel (VHCP) 1.7e allow remote malicious users to inject arbitrary web script or HTML via (1) the nick parameter in a login action to index.php or (2) the URI in a news request to index.html.
Verlihub-project Verlihub Control Panel 1.7e
1 EDB exploit
8.8
CVSSv3
CVE-2021-28379
web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) up to and including 0.9.8-27 and myVesta up to and including 0.9.8-26-39 allows uploads from a different origin.
Myvestacp Myvesta
Vestacp Vesta Control Panel
NA
CVE-2008-2756
Cross-site scripting (XSS) vulnerability in admin/users.asp in Xigla Absolute Control Panel XE 1.0 allows remote malicious users to inject arbitrary web script or HTML via the name parameter and other unspecified parameters. NOTE: some of these details are obtained from third par...
Xigla Absolute Control Panel Xe 1.0
5.4
CVSSv3
CVE-2023-27225
A cross-site scripting (XSS) vulnerability in User Registration & Login and User Management System with Admin Panel v3 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the first and last name field.
User Registration \\& Login And User Management System With Admin Panel Project User Registration \\& Login And User Management System With Admin Panel 3.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »