20 matches found
DOM-based XSS com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer Dependency in Bamboo Data Center and Server
This High severity DOM-based XSS vulnerability known as CVE-2025-66021 was introduced in versions 10.2.9, 11.0.7, 12.0.1, and 12.1.0 of Bamboo Data Center and Server. This DOM-based XSS vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of...
EUVD-2023-53525
Malicious code in bioql PyPI...
CVE-2023-49575
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, in Sync Breeze Enterprise Server 10.4.18 version, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setupsmtp in smtpserver, smtpuser, smtppassword an...
CVE-2023-49574
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /addjob in jobname. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page...
CVE-2023-49573
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /addcommandaction in actionvalue. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered wh...
CVE-2023-49573
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /addcommandaction in actionvalue. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered wh...
CVE-2023-49572
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setupodbc in odbcdatasource, odbcuser and odbcpassword parameters. This vulnerability could allow an...
CVE-2023-49575 XSS vulnerability in VX Search Enterprise
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, in Sync Breeze Enterprise Server 10.4.18 version, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setupsmtp in smtpserver, smtpuser, smtppassword an...
CVE-2023-49575
CVE-2023-49575 affects VX Search Enterprise (v10.2.14) and related Flexense products (Sync Breeze Enterprise Server 10.4.18, Disk Pulse Enterprise 10.4.18). A persistent XSS vulnerability exists via the /setup_smtp API endpoints, specifically in smtp_server, smtp_user, smtp_password, and smtp_ema...
CVE-2023-49574 XSS vulnerability in VX Search Enterprise
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /addjob in jobname. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page...
CVE-2023-49573 XSS vulnerability in VX Search Enterprise
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /addcommandaction in actionvalue. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered wh...
CVE-2023-49573
VX Search Enterprise 10.2.14 is affected by a persistent XSS in the API endpoint exposed via the /add_command_action (action_value) field. The issue allows storing malicious JavaScript payloads that execute when the page loads. The connected PT-2024-13752 entry corroborates an XSS via the /add co...
CVE-2023-49572
CVE-2023-49572 corresponds to a persistent XSS vulnerability in VX Search Enterprise (v10.2.14) and Disk Pulse Enterprise (v10.4.18) exploitable via /setup_odbc parameters odbc_data_source, odbc_user and odbc_password. The issue allows an attacker to store and trigger malicious JavaScript payload...
CVE-2023-49572 XSS vulnerability in VX Search Enterprise
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setupodbc in odbcdatasource, odbcuser and odbcpassword parameters. This vulnerability could allow an...
Flexense VX Search 跨站脚本漏洞
Flexense VX Search is a rule-based automated file search solution from Flexense, Inc. Allows users to search for files based on file type, category, filename, size, location, extension, regular expressions, text and binary patterns, creation, modification and last access dates, EXIF tags, etc.,...
Flexense VX Search 跨站脚本漏洞
Flexense VX Search is a rule-based automated file search solution from Flexense, Inc. Allows users to search for files based on file type, category, filename, size, location, extension, regular expressions, text and binary patterns, creation, modification and last access dates, EXIF tags, etc.,...
Flexense VX Search 跨站脚本漏洞
Flexense VX Search is a rule-based automated file search solution from Flexense, Inc. Allows users to search for files based on file type, category, filename, size, location, extension, regular expressions, text and binary patterns, creation, modification and last access dates, EXIF tags, etc.,...
PT-2024-13753 · Unknown · Vx Search Enterprise
Name of the Vulnerable Software and Affected Versions: VX Search Enterprise version 10.2.14 Description: A vulnerability has been discovered that could allow an attacker to execute persistent XSS through the "/add job" API endpoint in the job name variable. This could allow an attacker to store...
PT-2024-13754 · Unknown · Vx Search Enterprise
Name of the Vulnerable Software and Affected Versions: VX Search Enterprise version 10.2.14 Description: A vulnerability has been discovered that could allow an attacker to execute persistent XSS through the "/setup smtp" API endpoint in the smtp server, smtp user, smtp password, and smtp email...
VX Search 10.2.14 - command_nameuffer Overflow Exploit
Exploit for windows platform in category remote exploits !/usr/bin/python print " VX Search Enterprise v10.2.14 Buffer Overflow SEH \n" Exploit Title : VX Search Enterprise v10.2.14 Buffer Overflow SEH Discovery by : W01fier00t Twitter : @wolfieroot Discovery Date : 22/11/2017 Software Link :...