Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Comment System Security Vulnerabilities

cve
cve

CVE-2023-2922

A vulnerability classified as problematic has been found in SourceCodester Comment System 1.0. Affected is an unknown function of the file index.php of the component GET Parameter Handler. The manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack...

6.1CVSS

6AI Score

0.001EPSS

2023-05-27 08:15 AM
17
cve
cve

CVE-2014-5346

Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin 2.77 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) activate or (2) deactivate the plugin via the active parameter to...

7.5AI Score

0.001EPSS

2022-10-03 04:20 PM
18
cve
cve

CVE-2014-5345

Cross-site scripting (XSS) vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step...

6AI Score

0.002EPSS

2022-10-03 04:20 PM
17
cve
cve

CVE-2020-35598

ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. NOTE: this might be the same as...

7.5CVSS

7.4AI Score

0.158EPSS

2020-12-23 07:15 PM
68
cve
cve

CVE-2018-18845

internal/advanced_comment_system/index.php and internal/advanced_comment_system/admin.php in Advanced Comment System, version 1.0, contain a reflected cross-site scripting vulnerability via ACS_path. A remote unauthenticated attacker could potentially exploit this vulnerability to supply malicious....

6.1CVSS

6AI Score

0.004EPSS

2019-03-21 04:00 PM
31
cve
cve

CVE-2018-18619

internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute the sqli attack via a URL in the "page"...

9.8CVSS

9.7AI Score

0.002EPSS

2018-11-29 10:29 PM
66
cve
cve

CVE-2014-5347

Multiple cross-site request forgery (CSRF) vulnerabilities in the Disqus Comment System plugin before 2.76 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) disqus_replace, (2)...

6.8AI Score

0.004EPSS

2014-08-19 07:55 PM
23
cve
cve

CVE-2009-4623

Multiple PHP remote file inclusion vulnerabilities in Advanced Comment System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the ACS_path parameter to (1) index.php and (2) admin.php in advanced_comment_system/. NOTE: this might only be a vulnerability when the administrator....

7.8AI Score

0.158EPSS

2010-01-18 08:30 PM
124
3