ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views...
5.4CVSS
0.001EPSS
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views...
7.6CVSS
5.3AI Score
0.001EPSS
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views...
7.6CVSS
5.5AI Score
0.001EPSS
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views...
7.6CVSS
3.7AI Score
0.001EPSS
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views...
5.4CVSS
5.3AI Score
0.001EPSS
CVE-2022-39285 Stored Cross-Site Scripting Vulnerability In File Parameter in zoneminder
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views...
7.6CVSS
7.4AI Score
0.001EPSS
ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views...
7.6CVSS
5.5AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
5.3AI Score
0.001EPSS
Multiple heap-based buffer overflows in Huawei Campus Series Switches S3700HI, S5700, S6700, S3300HI, S5300, S6300, S9300, S7700, and LSW S9700 with software V200R001 before V200R001SPH013; S5700, S6700, S5300, and S6300 with software V200R002 before V200R002SPH005; S7700, S9300, S9300E, S5300,...
6.7AI Score
0.002EPSS
Multiple heap-based buffer overflows in Huawei Campus Series Switches S3700HI, S5700, S6700, S3300HI, S5300, S6300, S9300, S7700, and LSW S9700 with software V200R001 before V200R001SPH013; S5700, S6700, S5300, and S6300 with software V200R002 before V200R002SPH005; S7700, S9300, S9300E, S5300,...
6.9AI Score
0.002EPSS
Huawei Quidway switches with firmware before V200R005C00SPC300 allows remote attackers to gain privileges via a crafted...
7.2AI Score
0.003EPSS
Stack-based buffer overflow in the HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches allows remote attackers to execute arbitrary code via a long...
8.3AI Score
0.004EPSS
The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, S7800, and S8500 switches does not check whether HTTP data is longer than the value of the Content-Length field, which allows.....
8.1AI Score
0.003EPSS
The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a...
6.8AI Score
0.003EPSS
The firewall module on the Huawei Quidway Service Process Unit (SPU) board S7700, S9300, and S9700 on Huawei Campus Switch devices allows remote authenticated users to obtain sensitive information from the high-priority security zone by leveraging access to the low-priority security...
6.1AI Score
0.001EPSS
The firewall module on the Huawei Quidway Service Process Unit (SPU) board S7700, S9300, and S9700 on Huawei Campus Switch devices allows remote authenticated users to obtain sensitive information from the high-priority security zone by leveraging access to the low-priority security...
5.9AI Score
0.001EPSS
WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than...
6.2AI Score
0.172EPSS
WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than...
6.1AI Score
0.172EPSS
td-sd.ru Cross Site Scripting vulnerability OBB-2937465
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.2AI Score
ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File
Impact This GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom field contains executable code / formulas, it might be run when an endpoint opens that CSV file in a spreadsheet program. The data flow looks like this 👇🏻 mermaid.....
9.8CVSS
6.9AI Score
0.002EPSS
ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File
Impact This GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom field contains executable code / formulas, it might be run when an endpoint opens that CSV file in a spreadsheet program. The data flow looks like this 👇🏻 mermaid.....
9.8CVSS
9.3AI Score
0.002EPSS
7.2CVSS
0.9AI Score
0.137EPSS
Cisco ASA-X With FirePOWER Services Authenticated Command Injection Exploit
This Metasploit module exploits an authenticated command injection vulnerability affecting Cisco ASA-X with FirePOWER Services. This exploit is executed through the ASA's ASDM web server and lands in the FirePower Services SFR module's Linux virtual machine as the root user. Access to the virtual.....
7.2CVSS
0.3AI Score
0.137EPSS
Debian DLA-3099-1 : qemu - LTS security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3099 advisory. sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations. A guest OS user can...
8.8CVSS
8.8AI Score
0.003EPSS
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
Impact Arbitary javascript injection Modify any mermaid code blocks with the following code and the code inside will execute when the component is loaded by MDXjs + (function () { // Put Javascript code here return '' }()) + The block below shows a valid mermaid code block md ```mermaid.....
7.8CVSS
1.3AI Score
0.0005EPSS
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
Impact Arbitary javascript injection Modify any mermaid code blocks with the following code and the code inside will execute when the component is loaded by MDXjs + (function () { // Put Javascript code here return '' }()) + The block below shows a valid mermaid code block md ```mermaid.....
7.8CVSS
7.6AI Score
0.0005EPSS
Vehicle Service Management System 1.0 - Cross Site Scripting
Vehicle Service Management System 1.0 contains a cross-site scripting vulnerability via the User List section in login...
4.8CVSS
4.9AI Score
0.001EPSS
ehicle Service Management System 1.0 - Cross-Site Scripting
Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Category List section in login...
4.8CVSS
4.9AI Score
0.001EPSS
Vehicle Service Management System 1.0 - Stored Cross Site Scripting
Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Service List section in login...
4.8CVSS
4.9AI Score
0.001EPSS
Vehicle Service Management System 1.0 - Stored Cross Site Scripting
Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Mechanic List section in login...
4.8CVSS
4.9AI Score
0.001EPSS
PHPGurukul Hospital Management System - Cross-Site Scripting
PHPGurukul Hospital Management System in PHP 4.0 contains multiple cross-site scripting vulnerabilities. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...
6.1CVSS
6.3AI Score
0.003EPSS
Exploit for Improper Check for Unusual or Exceptional Conditions in Polkit Project Polkit
XDR-LabSetup.sh Description This program is used in...
7.8CVSS
8.3AI Score
0.012EPSS
Summary OpenSSL vulnerabilities were disclosed on January 28, 2016 by the OpenSSL Project. OpenSSL is used by IBM Cisco MDS Directors and Switches. IBM Cisco MDS Directors and Switches has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0701 DESCRIPTION: OpenSSL could allow a.....
5.9CVSS
6.3AI Score
0.119EPSS
Summary GNU C library (glibc) vulnerability that has been referred to as GHOST affects BM/Cisco Switches and Directors Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION:The gethostbyname functions of the GNU C Library (glibc) are vulnerable to a buffer overflow. By sending a specially...
8.3AI Score
0.975EPSS
Security Bulletin: Vulnerability in SSLv3 affects IBM/Cisco switches and directors (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in IBM/Cisco switches and directors. Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain...
3.4CVSS
4.1AI Score
0.975EPSS
Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as “Bash Bug” or “Shellshock” and two memory corruption vulnerabilities. Bash is used by IBM/Cisco switches and directors. Vulnerability Details CVE-ID:...
9.8CVSS
9.5AI Score
0.976EPSS
Summary OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by IBM Cisco MDS Directors and switches. IBM Cisco MDS Directors and switches has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-3193 DESCRIPTION: OpenSSL could allow a.....
7.5CVSS
7.2AI Score
0.944EPSS
Cisco ASA-X with FirePOWER Services Authenticated Command Injection
This module exploits an authenticated command injection vulnerability affecting Cisco ASA-X with FirePOWER Services. This exploit is executed through the ASA's ASDM web server and lands in the FirePower Services SFR module's Linux virtual machine as the root user. Access to the virtual machine...
7.2CVSS
0.3AI Score
0.137EPSS
Microweber < 1.2.12 - Stored Cross-Site Scripting
Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability via the Type parameter in the body of POST request, which is triggered by Add/Edit...
5.4CVSS
5.3AI Score
0.001EPSS
Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions
Cisco on Wednesday released patches to contain multiple flaws in its software that could be abused to leak sensitive information on susceptible appliances. The issue, assigned the identifier CVE-2022-20866 (CVSS score: 7.4), has been described as a "logic error" when handling RSA keys on devices...
8.1CVSS
3.3AI Score
0.137EPSS
Rapid7 Discovered Vulnerabilities in Cisco ASA, ASDM, and FirePOWER Services Software
Rapid7 discovered vulnerabilities and “non-security” issues affecting Cisco Adaptive Security Software (ASA), Adaptive Security Device Manager (ASDM), and FirePOWER Services Software for ASA. Rapid7 initially reported the issues to Cisco in separate disclosures in February and March 2022. Rapid7...
8.1CVSS
1.7AI Score
0.137EPSS
WordPress EasyCart <2.0.6 - Information Disclosure
WordPress EasyCart plugin before 2.0.6 contains an information disclosure vulnerability. An attacker can obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo...
6AI Score
0.028EPSS
The Bug Report – July 2022 Edition
The Bug Report – July 2022 Edition By Trellix · August 3, 2022 This story was also written by Kasimir Schulz and Jesse Chick Your Cybersecurity Comic Relief Why am I here? Welcome to the Bug Report, Heat Wave Edition! In the face of chronic irritability and soggy-pants syndrome, we are back at...
8.5AI Score
0.013EPSS
The Bug Report – July 2022 Edition
The Bug Report – July 2022 Edition By Trellix · August 3, 2022 This story was also written by Kasimir Schulz and Jesse Chick Your Cybersecurity Comic Relief Why am I here? Welcome to the Bug Report, Heat Wave Edition! In the face of chronic irritability and soggy-pants syndrome, we are back at...
9.7AI Score
0.013EPSS
Carel pCOWeb <B1.2.4 - Cross-Site Scripting
Carel pCOWeb prior to B1.2.4 is vulnerable to stored cross-site scripting, as demonstrated by the config/pw_snmp.html "System contact"...
5.4CVSS
5.3AI Score
0.17EPSS
td-grafik.de Cross Site Scripting vulnerability OBB-2799473
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.1AI Score
Cisco Unified Communications Manager IM & Presence XSS (cisco-sa-cucm-xss-ksKd5yfA)
The version of Cisco Unified Communications Manager IM & Presence Service installed on the remote host is 11.5(1) prior to 11.5(1)SU11, 12.5(1) prior to 12.5(1)SU6 or 14 prior to 14SU2. It is, therefore affect by a cross-site scripting vulnerability (XSS) in the web-based management interface. An.....
6.1CVSS
0.8AI Score
0.001EPSS
Cisco Unified Communications Manager XSS (cisco-sa-cucm-xss-ksKd5yfA)
The version of Cisco Unified Communications Manager installed on the remote host is version 14 prior to 14SU2. It is, therefore affect by a cross-site scripting vulnerability (XSS) in the web-based management interface. An unauthenticated remote attacker can, with the action of an authorized user,....
6.1CVSS
1AI Score
0.001EPSS
Cisco Unified Communications Manager Improper Access Control (cisco-sa-ucm-access-dMKvV2DY)
The version of Cisco Unified Communications Manager installed on the remote host is 14.x prior to 14SU2. It is, therefore, affected by an improper access control vulnerability. An authenticated attacker with read-only privileges can exploit this vulnerability to perform a set of administrative...
8.8CVSS
8.6AI Score
0.001EPSS