Lucene search
K

36 matches found

RedhatCVE
RedhatCVE
added 2025/06/08 1:19 p.m.13 views

CVE-2025-30627

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in regolithsjk Elegant Visitor Counter elegant-visitor-counter allows Stored XSS.This issue affects Elegant Visitor Counter: from n/a through = 3.1...

5.9CVSS5.9AI score0.00225EPSS
Exploits0References1
NVD
NVD
added 2025/06/06 1:15 p.m.4 views

CVE-2025-30627

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in regolithsjk Elegant Visitor Counter elegant-visitor-counter allows Stored XSS.This issue affects Elegant Visitor Counter: from n/a through = 3.1...

5.9CVSS0.00225EPSS
Exploits0References1
CVE
CVE
added 2025/06/06 12:54 p.m.46 views

CVE-2025-30627

CVE-2025-30627 describes a Stored XSS in Elegant Visitor Counter (WordPress plugin) due to improper input neutralization during web page generation. Affected software: Elegant Visitor Counter up to version 3.1. Root cause: inadequate sanitization of input leading to script injection in pages gene...

5.9CVSS5.9AI score0.00225EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:15 a.m.8 views

CVE-2023-30627

jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to version 10.8.10, a stored cross-site scripting vulnerability in device.js can be used to make arbitrary calls to the REST endpoints with admin privileges. When combined with...

9CVSS6.8AI score0.01972EPSS
Exploits3References1
Circl
Circl
added 2023/04/25 12:19 a.m.8 views

CVE-2023-30627

creationtimestamp| type| source ---|---|--- 2023-04-25 00:19:33+00:00| seen| https://t.me/cibsecurity/62768 2023-04-25 00:19:37+00:00| seen| https://t.me/cibsecurity/62771...

9CVSS6.4AI score0.01281EPSS
Exploits1References2
NVD
NVD
added 2023/04/24 9:15 p.m.23 views

CVE-2023-30627

jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to version 10.8.10, a stored cross-site scripting vulnerability in device.js can be used to make arbitrary calls to the REST endpoints with admin privileges. When combined with...

9CVSS8.2AI score0.01281EPSS
Exploits1References4
Prion
Prion
added 2023/04/24 9:15 p.m.18 views

Directory traversal

Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. When combined with a cross-site scripting vulnerability CVE-2023-30627, this can result...

5.5CVSS6.7AI score0.01972EPSS
Exploits3References6Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/24 8:7 p.m.5 views

CVE-2023-30627 jellyfin-web has a stored cross-site scripting vulnerability in devices.js

jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to version 10.8.10, a stored cross-site scripting vulnerability in device.js can be used to make arbitrary calls to the REST endpoints with admin privileges. When combined with...

9CVSS8.5AI score0.01281EPSS
Exploits1References4
CVE
CVE
added 2023/04/24 8:7 p.m.53 views

CVE-2023-30627

Summary: CVE-2023-30627 is a stored XSS in jellyfin-web (device.js) affecting Jellyfin web client versions 10.1.0 up to, but not including, 10.8.10. Exploitation lets an attacker covertly call REST endpoints with admin privileges, and when chained with CVE-2023-30626 this can lead to remote code ...

9CVSS6.7AI score0.01281EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2023/04/24 8:7 p.m.29 views

CVE-2023-30627 jellyfin-web has a stored cross-site scripting vulnerability in devices.js

jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to version 10.8.10, a stored cross-site scripting vulnerability in device.js can be used to make arbitrary calls to the REST endpoints with admin privileges. When combined with...

9CVSS8.9AI score0.01281EPSS
Exploits1References4
CVE
CVE
added 2022/07/18 12:57 p.m.57 views

CVE-2022-30627

CVE-2022-30627 affects all company products that include FW versions: update_i90_cv2.021_b20210104, update_i50_v1.0.55_b20200509, update_x6_v2.1.2_b202001127, update_b5_v2.0.9_b20200706. The vulnerability allows extracting existing user passwords from the OS via the FW. The root cause is describe...

7.5CVSS6.3AI score0.00256EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2022/05/09 12:0 a.m.36 views

Google Chrome Security Update (stable-channel-update-for-desktop-2021-09) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

9.6CVSS7.9AI score0.64546EPSS
Exploits4References3
OPENSUSE Linux
OPENSUSE Linux
added 2022/03/03 12:0 a.m.90 views

Security update for nodejs-electron (important)

openSUSE Security Update: Security update for nodejs-electron Announcement ID: openSUSE-SU-2022:0070-1 Rating: important References: Cross-References: CVE-2021-30625 CVE-2021-30626 CVE-2021-30627 CVE-2021-30628 CVE-2021-30630 CVE-2021-30631 CVE-2021-30632 CVE-2021-30633 CVE-2021-37981...

9.6CVSS6.9AI score0.64546EPSS
Exploits7
OpenVAS
OpenVAS
added 2022/01/30 12:0 a.m.33 views

Fedora: Security Advisory for qt5-qtwebengine (FEDORA-2022-ecdf338eb1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.6CVSS7.9AI score0.36238EPSS
Exploits7References4
OpenVAS
OpenVAS
added 2021/10/30 12:0 a.m.28 views

Fedora: Security Advisory for chromium (FEDORA-2021-591b3a2af0)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.6CVSS9.6AI score0.64546EPSS
Exploits10References4
Circl
Circl
added 2021/10/09 12:40 a.m.8 views

CVE-2021-30627

creationtimestamp| type| source ---|---|--- 2021-10-09 00:40:37+00:00| seen| https://t.me/cibsecurity/30281...

8.8CVSS8.5AI score0.00876EPSS
Exploits0References1
OSV
OSV
added 2021/10/08 9:15 p.m.3 views

DEBIAN-CVE-2021-30627

Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.6AI score0.00876EPSS
Exploits0References1
OSV
OSV
added 2021/10/08 9:15 p.m.7 views

CVE-2021-30627

Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS9AI score
Exploits0References4
NVD
NVD
added 2021/10/08 9:15 p.m.16 views

CVE-2021-30627

Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS0.00876EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2021/10/08 9:15 p.m.30 views

CVE-2021-30627

Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.3AI score0.00876EPSS
Exploits0References1
Rows per page
Query Builder