Lucene search
K

7613 matches found

Vulnrichment
Vulnrichment
added 2022/11/09 12:0 a.m.5 views

CVE-2022-43118

A cross-site scripting XSS vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username text field...

5.9AI score0.00406EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/11/09 12:0 a.m.6 views

CVE-2022-43121

A cross-site scripting XSS vulnerability in the CMS Field Add page of Intelliants Subrion CMS v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tooltip text field...

5.9AI score0.0058EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/11/09 12:0 a.m.5 views

CVE-2022-43119

A cross-site scripting XSS vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username parameter...

5.8AI score0.00473EPSS
Exploits1References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/11/08 12:0 a.m.179 views

JVN#09409909: Multiple vulnerabilities in WordPress

WordPress contains multiple vulnerabilities listed below which are to the WordPress Post by Email Feature. Stored Cross-site scripting CWE-79 - CVE-2022-43497 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

6.1CVSS6.7AI score0.01404EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/11/07 3:15 p.m.3 views

CVE-2022-43317

A cross-site scripting XSS vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS5.9AI score0.00473EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/11/07 12:0 a.m.4 views

PT-2022-26843 · Unknown · Human Resource Management System

Name of the Vulnerable Software and Affected Versions: Human Resource Management System version 1.0 Description: A cross-site scripting XSS issue in the "/hrm/index.php?msg" API endpoint allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Recommendations: For Human...

6.1CVSS6.1AI score0.00473EPSS
Exploits1References4
Prion
Prion
added 2022/11/04 6:15 p.m.10 views

Cross site scripting

A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the Cisco Umbrella dashboard. This vulnerability is due to unsanitized user input. An attacker could exploit this...

4.9CVSS5.4AI score0.00435EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/03 7:31 p.m.10 views

CVE-2022-20969

A vulnerability in multiple management dashboard pages of Cisco Umbrella could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the Cisco Umbrella dashboard. This vulnerability is due to unsanitized user input. An attacker could exploit this...

4.8CVSS6AI score0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/11/03 12:0 a.m.5 views

CVE-2022-41435

OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting XSS vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments...

5.9AI score0.00473EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/11/03 12:0 a.m.20 views

Cisco Identity Services Engine Stored XSS (cisco-sa-ise-stor-xss-kpRBWXY)

According to its self-reported version, Cisco Identity Services Engine Stored is affected by a cross-site scripting vulnerability. This could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected...

5.4CVSS5.9AI score0.00429EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/01 12:0 a.m.3 views

Vehicle Booking System 跨站脚本漏洞

Vehicle Booking System is a vehicle booking system by Martin Mbithi Nzilani personal developer. A security vulnerability exists in Vehicle Booking System v1.0, which originates from a cross-site scripting XSS vulnerability contained in admin-add-vehicle.php. An attacker can exploit this...

4.8CVSS5.3AI score0.00457EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/11/01 12:0 a.m.8 views

CVE-2022-43076

A cross-site scripting XSS vulnerability in /admin/edit-admin.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtemail parameter...

5.8AI score0.00457EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/10/31 12:0 a.m.6 views

CVE-2022-40487

ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload...

6.3AI score0.00406EPSS
Exploits0References2
OSV
OSV
added 2022/10/28 11:32 p.m.5 views

MGASA-2022-0400 Updated libreoffice packages fix security vulnerability

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

6.3CVSS7.2AI score0.04354EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/10/27 12:0 a.m.4 views

PT-2022-26699 · Unknown · Train Scheduler App

Name of the Vulnerable Software and Affected Versions: Train Scheduler App version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Train Code, Train Name, and Destination text fields. This enables the execution of...

5.4CVSS6AI score0.00591EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/10/27 12:0 a.m.2 views

Train Scheduler App 跨站脚本漏洞

Train Scheduler App is a train scheduling application by Carlo Montero Personal Developer. A security vulnerability exists in Train Scheduler App v1.0, which stems from the presence of multiple stored cross-site scripting XSS vulnerabilities that could allow an attacker to execute arbitrary web...

5.4CVSS5.8AI score0.00591EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2022/10/27 12:0 a.m.5 views

CVE-2022-42991

A stored cross-site scripting XSS vulnerability in Simple Online Public Access Catalog v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Account Full Name field...

5.3AI score0.00591EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/10/27 12:0 a.m.2 views

Softr 跨站脚本漏洞

Softr is a no-code website builder from Softr. A security vulnerability exists in Softr version v2.0. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload...

6.1CVSS6.7AI score0.00486EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/10/27 12:0 a.m.20 views

CVE-2022-42991

A stored cross-site scripting XSS vulnerability in Simple Online Public Access Catalog v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Account Full Name field...

5.4AI score0.00591EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/10/27 12:0 a.m.8 views

CVE-2022-42054

Multiple stored cross-site scripting XSS vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields...

5.4AI score0.00451EPSS
Exploits1References1
Rows per page
Query Builder