Lucene search
+L

99 matches found

veracode
veracode
added 2024/09/17 5:16 a.m.9 views

Cross Site Scripting(XSS)

Decidim is vulnerable to Cross-Site Scripting XSS attacks. The vulnerability is due to improper sanitization of admin activity logs, allowing XSS payloads to be injected when an admin assigns a valuator to a proposal or performs other actions that generate logs with malicious content...

6.8CVSS5.2AI score0.00353EPSS
Exploits0References6Affected Software1
circl
circl
added 2024/02/14 12:21 a.m.6 views

CVE-2024-25118

creationtimestamp| type| source ---|---|--- 2024-02-14 00:21:58+00:00| seen| https://t.me/ctinow/184320 2024-03-06 08:06:58+00:00| seen| https://t.me/ctinow/201082...

6.5CVSS5.2AI score0.0056EPSS
Exploits0References2
circl
circl
added 2022/03/28 10:41 p.m.43 views

CVE-2022-0679

creationtimestamp| type| source ---|---|--- 2022-03-28 22:41:49+00:00| seen| https://t.me/cibsecurity/39663 2024-12-21 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-12-21 2024-12-24 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities -...

9.8CVSS7AI score0.4783EPSS
In wildExploits2References4
nvd
nvd
added 2021/10/05 12:15 p.m.21 views

CVE-2021-35503

Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs...

6.1CVSS0.00712EPSS
Exploits1References2
osv
osv
added 2021/10/05 12:15 p.m.4 views

CVE-2021-35503

Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs...

6.1CVSS5.8AI score0.00712EPSS
Exploits1References2
prion
prion
added 2021/10/05 12:15 p.m.19 views

Cross site scripting

Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs...

4.3CVSS6.5AI score0.00712EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2021/10/05 11:58 a.m.27 views

CVE-2021-35503

Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs...

6.1AI score0.00712EPSS
Exploits1References1
cve
cve
added 2021/10/05 11:58 a.m.54 views

CVE-2021-35503

CVE-2021-35503 affects Afian FileRun 2021.03.26. The issue is a stored XSS caused by mishandling of the HTTP X-Forwarded-For header when rendering Activity Logs, implying user-supplied header data could be reflected in logs and executed in the browser. The description identifies the affected comp...

6.1CVSS6.5AI score0.00712EPSS
Exploits1References2Affected Software1
kitploit
kitploit
added 2021/05/16 9:30 p.m.207 views

DFIR-O365RC - PowerShell Module For Office 365 And Azure AD Log Collection

PowerShell module for Office 365 and Azure AD log collection Module description The DFIR-O365RC PowerShell module is a set of functions that allow the DFIR analyst to collect logs relevant for Office 365 Business Email Compromise investigations. The logs are generated in JSON format and retrieved...

7.2AI score
Exploits0References3
osv
osv
added 2020/06/24 8:15 p.m.5 views

CVE-2020-13247

BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area...

7.3CVSS6.5AI score0.00965EPSS
Exploits1References2
cvelist
cvelist
added 2020/06/24 7:33 p.m.19 views

CVE-2020-13247

BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injection via a crafted user name that is mishandled during export from the activity logs in the Audit Area...

7.2AI score0.00965EPSS
Exploits1References2
threatpost
threatpost
added 2019/08/21 1:47 p.m.83 views

Adult Content Site Exposed Personal Data of 1M Users

The personal information more than a million users of popular adult website Luscious, including email addresses that sometimes indicated full names, were found exposed in an unsecured Elasticsearch database. The website, which focuses on anime-themed, user-uploaded adult content, has over 1 milli...

6.8AI score
Exploits0References8
thn
thn
added 2019/08/20 12:48 p.m.2 views

How Activity Logs Help WordPress Admins Better Manage Website Security

Managing a WordPress website can sap a lot of your time and energy, which otherwise you'd spend on managing your business. If you're looking to cut down on the hours, you spend troubleshooting WordPress technical and security problems, better managing and monitoring your website and users, or you...

6.5AI score
Exploits0
thn
thn
added 2019/08/20 12:48 p.m.96 views

How Activity Logs Help WordPress Admins Better Manage Website Security

Managing a WordPress website can sap a lot of your time and energy, which otherwise you'd spend on managing your business. If you're looking to cut down on the hours, you spend troubleshooting WordPress technical and security problems, better managing and monitoring your website and users, or you...

7.3AI score
Exploits0
n0where
n0where
added 2017/06/19 5:37 a.m.27 views

Full-Fledged Phishing Framework: FirePhish

FirePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track separate phishing campaigns, schedule sending of emails, and much more. The features will continue to be expanded and will include website spoofing, click tracking, and extensive notification...

7AI score
Exploits0References3
thn
thn
added 2016/06/29 12:38 a.m.12 views

China Orders Apple to Monitor App Store Users and Track their Identities

China has long been known for its strict censorship which makes it difficult for foreign technology companies to do business in the world’s most populous country of over 1.35 billion people. Now, the new law issued by the Chinese government will expand its strict Internet monitoring efforts into...

6.5AI score
Exploits0
cve
cve
added 2013/09/17 1:0 a.m.41 views

CVE-2013-2296

CVE-2013-2296 affects Walrus in Eucalyptus prior to 3.2.2. The issue: GetBucketLoggingStatus, SetBucketLoggingStatus, and SetBucketVersioningStatus bucket operations do not verify authorization, allowing remote authenticated users to bypass restrictions on (1) modifying logging, (2) modifying ver...

5.5CVSS6.3AI score0.01015EPSS
Exploits0References2Affected Software1
circl
circl
added 2008/08/14 12:0 a.m.21 views

CVE-2008-3704

creationtimestamp| type| source ---|---|--- 2008-08-14 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/6244 2008-08-26 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/6317 2010-11-24 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16507 2018-05-29...

9.3CVSS5.8AI score0.55917EPSS
Exploits9References6
securityvulns
securityvulns
added 2005/09/02 12:0 a.m.40 views

Simple Machine Forum 1-0-5 (possibly prior versions) user IP address / information disclosure

Simple Machine Forum 1-0-5 possibly prior versions user IP address / information disclosure Aug 31 2005 10:37AM retrogod aliceposta it Simple Machine Forum 1-0-5 possibly prior versions user IP address / information disclosure software: site: http://www.simplemachines.org/ information disclosure:...

6.9AI score
Exploits0
Rows per page
Query Builder