Lucene search
+L

97 matches found

Vulnrichment
Vulnrichment
added 2022/12/19 1:41 p.m.5 views

CVE-2022-3985 Videojs HTML5 Player < 1.1.9 - Contributor+ Stored XSS

The Videojs HTML5 Player WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...

5.9AI score0.00471EPSS
Exploits2References1
CVE
CVE
added 2022/12/19 1:41 p.m.60 views

CVE-2022-3985

CVE-2022-3985 affects the Videojs HTML5 Player WordPress plugin prior to 1.1.9. The vulnerability arises from insufficient validation and escaping of shortcode attributes, enabling a stored Cross-Site Scripting (XSS) attack. Impact can occur with a low-privilege user role (contributor) when a cra...

5.4CVSS5.3AI score0.00471EPSS
Exploits2References1Affected Software1
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.25 views

Ubuntu: Security Advisory (USN-3985-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS7.5AI score0.01553EPSS
Exploits0References3
Circl
Circl
added 2021/12/01 2:35 p.m.9 views

CVE-2021-3985

creationtimestamp| type| source ---|---|--- 2021-12-01 14:35:47+00:00| seen| https://t.me/cibsecurity/33187...

9CVSS7.9AI score0.01216EPSS
Exploits1References1
NVD
NVD
added 2021/12/01 11:15 a.m.30 views

CVE-2021-3985

kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

9CVSS0.01216EPSS
Exploits1References2
OSV
OSV
added 2021/12/01 11:15 a.m.11 views

CVE-2021-3985

kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

9CVSS6.7AI score
Exploits0References2
CVE
CVE
added 2021/12/01 11:5 a.m.52 views

CVE-2021-3985

CVE-2021-3985 affects kimai2, an open-source web-based time-tracking app. The vulnerability is a Cross-site Scripting (XSS) caused by improper neutralization of input during web page generation, leading to high-severity impact on confidentiality, integrity, and availability. The CVSS data indicat...

9CVSS8.5AI score0.01216EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/12/01 11:5 a.m.28 views

CVE-2021-3985 Cross-site Scripting (XSS) - Stored in kevinpapst/kimai2

kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

8CVSS9.3AI score0.01216EPSS
Exploits1References2
Circl
Circl
added 2020/11/24 6:46 p.m.4 views

CVE-2020-3985

creationtimestamp| type| source ---|---|--- 2020-11-24 18:46:51+00:00| seen| https://t.me/cibsecurity/16779...

8.8CVSS8.7AI score0.01406EPSS
Exploits0References1
CVE
CVE
added 2020/11/24 3:35 p.m.83 views

CVE-2020-3985

The SD-WAN Orchestrator vulnerability CVE-2020-3985 allows an authenticated user to elevate privileges by calling a vulnerable API due to an access control weakness. Affected versions are 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4, with remediation to update to the patched releases (3.3.2 P...

8.8CVSS9AI score0.01406EPSS
Exploits0References1Affected Software1
VMware
VMware
added 2020/11/18 12:0 a.m.60 views

VMware SD-WAN Orchestrator updates address multiple security vulnerabilities (CVE-2020-3984, CVE-2020-3985, CVE-2020-4000, CVE-2020-4001, CVE-2020-4002 ,CVE-2020-4003)

3a. SQL injection vulnerability due to improper input validation CVE-2020-3984 The SD-WAN Orchestrator does not apply correct input validation which allows for SQL-injection. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of...

7.5CVSS7.5AI score0.43017EPSS
Exploits0References13Affected Software1
NVD
NVD
added 2019/12/11 11:15 p.m.13 views

CVE-2019-3985

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter...

8.8CVSS9.1AI score0.01664EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/12/11 10:39 p.m.15 views

CVE-2019-3985

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter...

9.1AI score0.01664EPSS
Exploits1References1
CVE
CVE
added 2019/12/11 10:39 p.m.83 views

CVE-2019-3985

CVE-2019-3985 affects the Blink XT2 Sync Module firmware prior to 2.13.11. The flaw arises from improperly sanitized input in the Wi‑Fi configuration flow when handling the SSID parameter, enabling remote attackers to execute arbitrary commands on the device. Public sources (including NVD and Red...

8.8CVSS9AI score0.01664EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/03/21 3:30 p.m.56 views

CVE-2018-3985

CVE-2018-3985 affects CUJO Smart Firewall, specifically the mdnscap mDNS parsing code. The TALOS advisory details an exploitable double-free vulnerability during mDNS packet parsing that frees memory twice when an invalid query name is encountered, enabling arbitrary code execution in the mdnscap...

9.8CVSS9.7AI score0.01857EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/03/16 2:4 p.m.26 views

CVE-2017-3985

CVE-2017-3985 entry is rejected/not used and does not represent an active vulnerability.

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2017/09/27 12:0 a.m.21 views

Debian: Security Advisory (DSA-3985-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.1AI score0.26331EPSS
Exploits0References3
OSV
OSV
added 2016/04/12 2:0 a.m.4 views

CVE-2016-3985

The Terminal Services Remote Desktop Protocol RDP client session restrictions feature in Pulse Connect Secure aka PCS 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access restrictions via unspecified vectors...

6.5CVSS5.8AI score0.01219EPSS
Exploits0References2
NVD
NVD
added 2016/04/12 2:0 a.m.17 views

CVE-2016-3985

The Terminal Services Remote Desktop Protocol RDP client session restrictions feature in Pulse Connect Secure aka PCS 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access restrictions via unspecified vectors...

6.5CVSS6.2AI score0.01219EPSS
Exploits0References2
Cvelist
Cvelist
added 2016/04/08 4:0 p.m.23 views

CVE-2016-3985

The Terminal Services Remote Desktop Protocol RDP client session restrictions feature in Pulse Connect Secure aka PCS 8.1R7 and 8.2R1 allow remote authenticated users to bypass intended access restrictions via unspecified vectors...

6.2AI score0.01219EPSS
Exploits0References2
Rows per page
Query Builder