Lucene search
K

73 matches found

OSV
OSV
added 2021/10/14 7:15 p.m.3 views

CVE-2021-36387

In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4"...

5.4CVSS5.8AI score0.01437EPSS
Exploits2References6
CNNVD
CNNVD
added 2021/10/14 12:0 a.m.5 views

Yellowfin Business Intelligence Yellowfin 跨站脚本漏洞

Yellowfin is a business intelligence automated analytics, cross-vendor narrative and collaboration software suite. A stored cross-site scripting vulnerability exists in the video embedding feature in Yellowfin versions prior to 9.6.1. An attacker can exploit this vulnerability by sending a...

5.4CVSS5.3AI score0.01437EPSS
Exploits2References6
Veracode
Veracode
added 2020/09/21 6:29 a.m.26 views

Cross-site Scripting (XSS)

Activity Stream is vulnerable to cross-site scripting XSS. It can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Strea...

5.3CVSS0.9AI score0.01235EPSS
Exploits0References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2020/02/17 12:0 a.m.7 views

The vulnerability in the implementation of the Firefox browser’s Activity Stream page allows a perpetrator to access confidential data.

The vulnerability of the Firefox browser’s Activity Stream page relates to a bug in content writing without clearing. Exploiting this vulnerability can allow an attacker to gain access to confidential data...

5.3CVSS6.8AI score0.01235EPSS
Exploits0References5Affected Software3
Tenable Nessus
Tenable Nessus
added 2019/09/05 12:0 a.m.19 views

Atlassian JIRA 7.x.x < 7.13.1 / 8.0.0 Cross-Site Scripting (XSS) Vulnerability (SB18-141)

According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is potentially affected by a cross-site scripting vulnerability which allows a reflected cross-site scripting XSS attack. This flaw exists because the activity stream gadget does not...

5.4CVSS5.7AI score0.00756EPSS
Exploits1References2
CNVD
CNVD
added 2019/08/13 12:0 a.m.3 views

Atlassian Jira Cross-Site Scripting Vulnerability (CNVD-2019-27253)

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A cross-site scripting vulnerability exists in the activity stream gadget in Atlassian Jira versions prior to 7.13.1. The...

5.4CVSS6.5AI score0.00756EPSS
Exploits1References1
Prion
Prion
added 2019/08/09 8:15 p.m.13 views

Cross site scripting

The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the country parameter...

3.5CVSS5.3AI score0.00756EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/08/09 7:31 p.m.22 views

CVE-2018-20827

The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the country parameter...

5.3AI score0.00756EPSS
Exploits1References1
CVE
CVE
added 2019/08/09 7:31 p.m.151 views

CVE-2018-20827

CVE-2018-20827 — Jira XSS via country parameter Affected: Atlassian Jira (server) with the activity stream gadget, specifically versions before 7.13.1 (and related entries reference 8.0.0 in a Nessus plugin). Description: The vulnerability arises because the activity stream gadget does not proper...

5.4CVSS5.2AI score0.00756EPSS
Exploits1References1Affected Software1
Atlassian
Atlassian
added 2019/08/09 12:46 p.m.21 views

Time logged shown on Activity Stream gadget.

h3. Summary When using a group comment visibility on worklogs the restriction is not applied in the Activity Stream and this shows the time logged by a user even if the user that is logged in is not part of the group. h3. Steps to Reproduce Set up a test user JIRA Users. Enable comment visibility...

1.7AI score
Exploits0Affected Software1
NVD
NVD
added 2019/07/23 2:15 p.m.18 views

CVE-2019-11718

Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper...

5.3CVSS6.4AI score0.01235EPSS
Exploits0References5
OSV
OSV
added 2019/07/23 2:15 p.m.2 views

CVE-2019-11718

Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper...

5.3CVSS6.9AI score0.01235EPSS
Exploits0References5
Prion
Prion
added 2019/07/23 2:15 p.m.17 views

Design/Logic Flaw

Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper...

5CVSS6.1AI score0.01235EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2019/07/23 1:17 p.m.34 views

CVE-2019-11718

Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper...

6.3AI score0.01235EPSS
Exploits0References5
CVE
CVE
added 2019/07/23 1:17 p.m.260 views

CVE-2019-11718

CVE-2019-11718 affects Mozilla Firefox (before 68.0). The issue arises from Activity Stream writing unsanitized content to innerHTML, enabling potential access to information such as browsing history if the Snippet Service is compromised. The CVE is documented with a CVSS v3.1 base score of 5.3 (...

5.3CVSS6.1AI score0.01235EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2019/07/23 1:17 p.m.27 views

CVE-2019-11718

Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper...

5.3CVSS7.7AI score0.01235EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2019/07/11 12:0 a.m.25 views

CVE-2019-11718

Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper...

5.3CVSS6.8AI score0.01235EPSS
Exploits0References3
Atlassian
Atlassian
added 2019/04/29 3:8 a.m.31 views

XSS in the activity stream gadget via the country parameter - CVE-2018-20827

The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the country parameter...

5.4CVSS4.9AI score0.00756EPSS
Exploits1
Atlassian
Atlassian
added 2019/04/29 3:8 a.m.50 views

XSS in the activity stream gadget via the country parameter - CVE-2018-20827

The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the country parameter...

5.4CVSS4.9AI score0.00756EPSS
Exploits1Affected Software1
Atlassian
Atlassian
added 2018/10/30 3:30 p.m.55 views

Restricted Work Log entries show in the Activity Stream in JIRA Server

This is a regression of bug JRASERVER-34022: Restricted Work Log entries show in the Activity Stream in JIRA Server fixed in JIRA Server including JIRA Core 7.3.8|https://jira.atlassian.com/browse/JRASERVER-34022. Apparently this is a regression and users that are not meant to see the worklogs ca...

2.7AI score
Exploits0Affected Software1
Rows per page
Query Builder