97 matches found
CVE-2022-3985 Videojs HTML5 Player < 1.1.9 - Contributor+ Stored XSS
The Videojs HTML5 Player WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...
CVE-2022-3985
CVE-2022-3985 affects the Videojs HTML5 Player WordPress plugin prior to 1.1.9. The vulnerability arises from insufficient validation and escaping of shortcode attributes, enabling a stored Cross-Site Scripting (XSS) attack. Impact can occur with a low-privilege user role (contributor) when a cra...
Ubuntu: Security Advisory (USN-3985-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-3985
creationtimestamp| type| source ---|---|--- 2021-12-01 14:35:47+00:00| seen| https://t.me/cibsecurity/33187...
CVE-2021-3985
kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-3985
kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-3985
CVE-2021-3985 affects kimai2, an open-source web-based time-tracking app. The vulnerability is a Cross-site Scripting (XSS) caused by improper neutralization of input during web page generation, leading to high-severity impact on confidentiality, integrity, and availability. The CVSS data indicat...
CVE-2021-3985 Cross-site Scripting (XSS) - Stored in kevinpapst/kimai2
kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2020-3985
creationtimestamp| type| source ---|---|--- 2020-11-24 18:46:51+00:00| seen| https://t.me/cibsecurity/16779...
CVE-2020-3985
The SD-WAN Orchestrator vulnerability CVE-2020-3985 allows an authenticated user to elevate privileges by calling a vulnerable API due to an access control weakness. Affected versions are 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4, with remediation to update to the patched releases (3.3.2 P...
VMware SD-WAN Orchestrator updates address multiple security vulnerabilities (CVE-2020-3984, CVE-2020-3985, CVE-2020-4000, CVE-2020-4001, CVE-2020-4002 ,CVE-2020-4003)
3a. SQL injection vulnerability due to improper input validation CVE-2020-3984 The SD-WAN Orchestrator does not apply correct input validation which allows for SQL-injection. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of...
CVE-2019-3985
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter...
CVE-2019-3985
Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter...
CVE-2019-3985
CVE-2019-3985 affects the Blink XT2 Sync Module firmware prior to 2.13.11. The flaw arises from improperly sanitized input in the Wi‑Fi configuration flow when handling the SSID parameter, enabling remote attackers to execute arbitrary commands on the device. Public sources (including NVD and Red...
CVE-2018-3985
CVE-2018-3985 affects CUJO Smart Firewall, specifically the mdnscap mDNS parsing code. The TALOS advisory details an exploitable double-free vulnerability during mDNS packet parsing that frees memory twice when an invalid query name is encountered, enabling arbitrary code execution in the mdnscap...
CVE-2017-3985
CVE-2017-3985 entry is rejected/not used and does not represent an active vulnerability.
Debian: Security Advisory (DSA-3985-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2016-3985
The Terminal Services Remote Desktop Protocol RDP client session restrictions feature in Pulse Connect Secure aka PCS 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access restrictions via unspecified vectors...
CVE-2016-3985
The Terminal Services Remote Desktop Protocol RDP client session restrictions feature in Pulse Connect Secure aka PCS 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access restrictions via unspecified vectors...
CVE-2016-3985
The Terminal Services Remote Desktop Protocol RDP client session restrictions feature in Pulse Connect Secure aka PCS 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access restrictions via unspecified vectors...