Lucene search
+L

318 matches found

Prion
Prion
added 2023/01/29 7:15 p.m.13 views

Cross site scripting

A vulnerability was found in capnsquarepants wordcraft up to 0.6. It has been classified as problematic. Affected is an unknown function of the file tag.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 0.7 ...

5.8CVSS6.5AI score0.00523EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2022/08/23 12:0 a.m.5 views

notrinoserp 安全漏洞

notrinoserp is a web-based ERP by Phương Individual Developer, an accounting system written in PHP and MySql. A security vulnerability exists in versions of notrinoserp prior to 0.7, which stems from its failure to properly restrict rendered UI layers or frames...

6.4CVSS5.5AI score0.00615EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/08/21 12:0 a.m.6 views

notrinoserp 安全漏洞

notrinoserp is a web-based ERP by Phương Individual Developer, an accounting system written in PHP and MySql. A security vulnerability exists in versions prior to notrinosrp v0.7 that stems from exposing private personal information to unauthorized participants, which can result in elevated...

8.8CVSS7.8AI score0.01105EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/08/17 9:15 a.m.4 views

CVE-2022-2871

Cross-site Scripting XSS - Stored in GitHub repository notrinos/notrinoserp prior to 0.7...

5.4CVSS5.9AI score0.00531EPSS
Exploits1References3
OSV
OSV
added 2022/08/17 9:0 a.m.26 views

CVE-2022-2871 Cross-site Scripting (XSS) - Stored in notrinos/notrinoserp

Cross-site Scripting XSS - Stored in GitHub repository notrinos/notrinoserp prior to 0.7...

4.6CVSS4.8AI score0.00531EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/08/17 12:0 a.m.4 views

PT-2022-19185 · Unknown · Notrinoserp

Name of the Vulnerable Software and Affected Versions: NotrinosERP versions prior to 0.7 Description: The issue is related to stored Cross-site Scripting XSS in the NotrinosERP GitHub repository. A fix is available on the master branch of the repository. Recommendations: For versions prior to 0.7...

5.4CVSS4.5AI score0.00531EPSS
Exploits1References7
OSV
OSV
added 2022/06/17 9:51 p.m.2 views

GHSA-85Q9-7467-R53Q XSS Vulnerability in Markdown Editor

Impact InvenTree uses EasyMDE for displaying markdown text in various places e.g. for the various "notes" fields associated with various models. By default, EasyMDE does not sanitize input data, and it is possible for malicious code to be injected into the markdown editor, and executed in the use...

5.9AI score
Exploits0References1
CNNVD
CNNVD
added 2022/05/30 12:0 a.m.6 views

WordPress plugin Quotes llama 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Quotes llama plugin 0.7 and earlier versions have a cross-site scripting vulnerability that...

4.8CVSS5.4AI score0.0064EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/04/14 1:15 p.m.2 views

CVE-2022-26507

A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828,...

9.8CVSS7.5AI score0.02545EPSS
Exploits9References3
NVD
NVD
added 2022/04/14 1:15 p.m.37 views

CVE-2022-26507

A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828,...

9.8CVSS0.02277EPSS
Exploits0References2
OSV
OSV
added 2022/04/14 1:15 p.m.5 views

CVE-2022-26507

A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828,...

9.8CVSS6.3AI score0.02277EPSS
Exploits0References2
Prion
Prion
added 2022/04/14 1:15 p.m.23 views

Heap overflow

UNSUPPORTED WHEN ASSIGNED A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825,...

7.5CVSS9AI score0.02545EPSS
Exploits9References2Affected Software3
Cvelist
Cvelist
added 2022/04/14 12:4 p.m.29 views

CVE-2022-26507

A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828,...

9.3AI score0.02277EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/02/14 10:15 p.m.7 views

CVE-2022-25139

njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njsawaitfulfilled...

9.8CVSS7.2AI score0.01616EPSS
Exploits1References4
Huntr
Huntr
added 2021/12/13 3:10 a.m.40 views

in netristv/ws-scrcpy

Description read file From server Proof of Concept GET /../../../../../../../../../../../../etc/passwd HTTP/1.1 Host: xxxx Impact test on ws-scrcpy-0.7,this is The latest version...

5CVSS1.9AI score0.01227EPSS
Exploits1
NVD
NVD
added 2021/08/31 5:15 p.m.32 views

CVE-2021-21811

A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

9.8CVSS0.01136EPSS
Exploits1References1
Prion
Prion
added 2021/08/31 5:15 p.m.17 views

Heap overflow

A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...

7.5CVSS9.6AI score0.01136EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/08/31 4:56 p.m.67 views

CVE-2021-21811

CVE-2021-21811 is described across multiple connected documents as a memory corruption vulnerability in AT&T Labs’ Xmill 0.7, specifically in the XML-parsing CreateLabelOrAttrib functionality. The issue is a heap-based buffer overflow that can be triggered by a specially crafted XML file, potenti...

9.8CVSS9.5AI score0.01136EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2021/08/30 4:12 p.m.48 views

GHSA-FG47-3C2X-M2WR TimelockController vulnerability in OpenZeppelin Contracts

Impact A vulnerability in TimelockController allowed an actor with the executor role to take immediate control of the timelock, by resetting the delay to 0 and escalating privileges, thus gaining unrestricted access to assets held in the contract. Instances with the executor role set to "open"...

10CVSS5.9AI score0.0159EPSS
Exploits0References5
NVD
NVD
added 2021/08/20 10:15 p.m.64 views

CVE-2021-21828

A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. In the default case of DecodeTreeBlock a label is created via CurPath::AddLabel in order to track the label for later reference. An attacker can provide a malicious fil...

9.8CVSS0.01136EPSS
Exploits1References1
Rows per page
Query Builder