Lucene search
K

37 matches found

Cvelist
Cvelist
added 2022/02/15 3:45 p.m.17 views

CVE-2022-24590

A stored cross-site scripting XSS vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML...

5.5AI score0.00624EPSS
Exploits1References2
NVD
NVD
added 2021/08/05 4:15 p.m.42 views

CVE-2021-38138

OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release...

5.4CVSS0.01503EPSS
Exploits2References3
OSV
OSV
added 2021/08/05 4:15 p.m.23 views

CVE-2021-38138

OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release...

5.4CVSS5.9AI score
Exploits0References3
Prion
Prion
added 2021/08/05 4:15 p.m.22 views

Design/Logic Flaw

OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release...

3.5CVSS5.2AI score0.01503EPSS
Exploits2References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/08/05 4:15 p.m.2 views

CVE-2021-38138

OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release...

5.4CVSS6.1AI score0.01503EPSS
Exploits2References4
Cvelist
Cvelist
added 2021/08/05 3:59 p.m.43 views

CVE-2021-38138

OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release...

5.5AI score0.01503EPSS
Exploits2References3
CVE
CVE
added 2021/08/05 3:59 p.m.53 views

CVE-2021-38138

CVE-2021-38138 affects OneNav beta 0.9.12. The issue is a stored cross‑site scripting (XSS) vulnerability in the Add Link feature, with root cause described as the vendor intentionally lacking XSS protection for now; protection is planned for a future release. Publicly referenced exploit activity...

5.4CVSS5.2AI score0.01503EPSS
Exploits2References3Affected Software1
CNNVD
CNNVD
added 2021/08/05 12:0 a.m.6 views

OneNav 跨站脚本漏洞

OneNav is a minimalist navigation/bookmark management system developed using PHP. OneNav beta 0.9.12 suffers from a cross-site scripting vulnerability, which allows attackers to conduct XSS attacks via the Add Link feature...

5.4CVSS5.4AI score0.01503EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2021/08/05 12:0 a.m.12 views

PT-2021-21960 · Onenav · Onenav

Name of the Vulnerable Software and Affected Versions: OneNav beta version 0.9.12 Description: The issue allows for XSS via the Add Link feature. The vendor has stated that there is intentionally no XSS protection at present, as the attack risk is largely limited to a compromised account. However...

5.4CVSS6AI score0.01503EPSS
Exploits2References7
Prion
Prion
added 2018/01/04 6:29 p.m.11 views

Design/Logic Flaw

The "Add Link to Facebook" plugin through 2.3 for WordPress has XSS via the al2fbfacebookid parameter to wp-admin/profile.php...

3.5CVSS5.2AI score0.00595EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2015/03/09 12:0 a.m.9 views

Add Link To Facebook <= 1.215 - Cross Site Scripting (XSS)

The add-link-to-facebook WordPress plugin was affected by a Cross Site Scripting XSS security vulnerability...

1.4AI score
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2007/03/08 12:0 a.m.20 views

bj-xss.txt

BJ Webring XSS By : sn0oPy Risk : high exploit : just inject any script on the add link menu : http://www.target.ma/webring/formulaire.php Dork : intitle:".: index webring :." contact : [email protected] greetz : subzero, http://forums.avenir-geopolitique.net. reference :...

7.4AI score
Exploits0
Prion
Prion
added 2007/03/07 9:19 p.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in formulaire.php in Bernard JOLY BJ Webring allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter related to the add link menu...

4.3CVSS6.2AI score0.01653EPSS
Exploits1References3
NVD
NVD
added 2007/03/07 9:19 p.m.10 views

CVE-2007-1328

Cross-site scripting XSS vulnerability in formulaire.php in Bernard JOLY BJ Webring allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter related to the add link menu...

4.3CVSS5.8AI score0.01653EPSS
Exploits1References3
Cvelist
Cvelist
added 2007/03/07 9:0 p.m.17 views

CVE-2007-1328

Cross-site scripting XSS vulnerability in formulaire.php in Bernard JOLY BJ Webring allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter related to the add link menu...

5.8AI score0.01653EPSS
Exploits1References3
CVE
CVE
added 2007/03/07 9:0 p.m.43 views

CVE-2007-1328

The CVE-2007-1328 entry describes a cross-site scripting (XSS) vulnerability in formulaire.php of Bernard JOLY BJ Webring. Affects the add link menu functionality; an unspecified parameter allows remote attackers to inject arbitrary web script or HTML. The issue enables client-side script executi...

4.3CVSS5.8AI score0.01653EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2007/02/27 2:28 a.m.3 views

CVE-2007-1129

Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload and execute files via 1 an avatar upload in an adddown action, or 2 an addlink action...

7.5CVSS5.6AI score0.01359EPSS
Exploits0References5
Rows per page
Query Builder