Lucene search
K

7613 matches found

Prion
Prion
added 2022/12/12 1:15 p.m.17 views

Cross site scripting

A vulnerability within the web-based management interface of EdgeConnect Enterprise could allow a remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface by uploading a specially crafted file. A successful exploit could allow an attacker to execute...

4.9CVSS5.3AI score0.00469EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2022/12/07 10:15 a.m.35 views

CVE-2022-42458

Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered...

9.8CVSS0.01078EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/12/07 12:0 a.m.31 views

CVE-2022-42458

Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered...

9.8AI score0.01078EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/12/07 12:0 a.m.24 views

CVE-2022-45122

Cross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier Movable Type 7 Series, Movable Type Advanced 7 r.5301 and earlier Movable Type Advanced 7 Series, Movable Type 6.8.7 and earlier Movable Type 6 Series, Movable Type Advanced 6.8.7 and earlier Movable Type Advance...

6.5AI score0.00508EPSS
Exploits0References2
CVE
CVE
added 2022/12/07 12:0 a.m.57 views

CVE-2022-37406

CVE-2022-37406 affects Ricoh Aficio SP 4210N firmware versions prior to Web Support 1.05. The vulnerability is a cross-site scripting (XSS) issue in Web Image Monitor that can be exploited by a remote, authenticated attacker with administrative privileges to inject arbitrary scripts. Remediation ...

4.8CVSS4.8AI score0.00598EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/07 12:0 a.m.13 views

CVE-2022-43660

Improper neutralization of Server-Side Includes SSW within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable...

7AI score0.00972EPSS
Exploits0References2
CVE
CVE
added 2022/12/07 12:0 a.m.195 views

CVE-2022-42458

CVE-2022-42458 affects bingo!CMS versions 1.7.4.1 and earlier, where an authentication bypass vulnerability in management functions allows remote, unauthenticated attackers to upload arbitrary files, potentially enabling arbitrary script execution or file modification. The Red Hat and JVN entries...

9.8CVSS9.5AI score0.01078EPSS
In wildExploits0References2Affected Software1
Cvelist
Cvelist
added 2022/12/07 12:0 a.m.31 views

CVE-2022-42486

Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script...

5.2AI score0.00586EPSS
Exploits0References2
NVD
NVD
added 2022/12/05 11:15 p.m.38 views

CVE-2022-43706

Cross-site scripting XSS vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users...

5.4CVSS0.00389EPSS
Exploits0References1
OSV
OSV
added 2022/12/05 11:15 p.m.19 views

CVE-2022-43706

Cross-site scripting XSS vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users...

5.4CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2022/12/05 4:15 a.m.22 views

CVE-2022-43499

Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script...

5.4CVSS0.00826EPSS
Exploits1References4
NVD
NVD
added 2022/12/05 4:15 a.m.13 views

CVE-2022-43500

Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7...

6.1CVSS0.00729EPSS
Exploits0References3
OSV
OSV
added 2022/12/05 4:15 a.m.12 views

CVE-2022-43497

Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7...

6.1CVSS6.2AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2022/12/05 4:15 a.m.23 views

CVE-2022-43497

Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7...

6.1CVSS6.4AI score0.00958EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2022/12/05 4:15 a.m.30 views

CVE-2022-43500

Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7...

6.1CVSS6.4AI score0.00729EPSS
Exploits0References4
Prion
Prion
added 2022/12/05 4:15 a.m.135 views

Cross site scripting

Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7...

5.8CVSS6.2AI score0.00729EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/12/05 4:15 a.m.18 views

Cross site scripting

Cross-site scripting vulnerability in Salon booking system versions prior to 7.9 allows a remote unauthenticated attacker to inject an arbitrary script...

5.8CVSS6.1AI score0.00785EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/12/05 12:0 a.m.3 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress versions prior to 6.0.3. An attacker exploiting this...

6.1CVSS5.8AI score0.00958EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2022/12/05 12:0 a.m.73 views

CVE-2022-43500

Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7...

6.1CVSS6.1AI score0.00729EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/12/05 12:0 a.m.35 views

CVE-2022-43497

Cross-site scripting vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to inject an arbitrary script. The developer also provides new patched releases for all versions since 3.7...

6.1CVSS6.1AI score0.00958EPSS
Exploits0
Rows per page
Query Builder