Lucene search
K

7613 matches found

OSV
OSV
added 2022/10/24 2:15 p.m.11 views

CVE-2022-40690

Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script...

5.4CVSS6.2AI score
Exploits0References3
NVD
NVD
added 2022/10/24 2:15 p.m.13 views

CVE-2022-40690

Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script...

5.4CVSS0.00692EPSS
Exploits0References3
Prion
Prion
added 2022/10/24 2:15 p.m.13 views

Cross site scripting

Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script...

4.9CVSS5.1AI score0.00692EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/10/21 12:0 a.m.33 views

Cisco Identity Services Engine XSS (cisco-sa-ise-xss-twLnpy3M)

According to its self-reported version, Cisco Identity Services Engine is affected by a cross-site scripting XSS vulnerability due to insufficient input validation in the External RESTful Services ERS API. An attacker could exploit this vulnerability by persuading an authenticated administrator o...

6.1CVSS6.8AI score0.00781EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/10/20 12:0 a.m.9 views

CVE-2022-41358

A stored cross-site scripting XSS vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php...

5.2AI score0.0292EPSS
Exploits4References6
Tenable Nessus
Tenable Nessus
added 2022/10/20 12:0 a.m.27 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : LibreOffice vulnerabilities (USN-5694-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5694-1 advisory. It was discovered that LibreOffice incorrectly handled links using the Office URI Schemes. If a user were tricked into opening a...

8.8CVSS7.5AI score0.04354EPSS
Exploits0References7
OSV
OSV
added 2022/10/18 8:35 p.m.3 views

SUSE-SU-2022:3650-1 Security update for libreoffice

This update for libreoffice fixes the following issues: Updated to version 7.3.6.2 jscSLE-23447: - CVE-2022-3140: Fixed macro URL arbitrary script execution bsc1203209. - CVE-2022-26305: Fixed execution of untrusted Macros due to improper certificate validation bsc1201868. - CVE-2022-26307: Fixed...

8.8CVSS7.7AI score0.04354EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2022/10/14 5:29 a.m.108 views

CVE-2022-3140

A vulnerability was found in LibreOffice that affects the Office URI Schemes. These schemes enable browser integration of LibreOffice with the MS SharePoint server. In LibreOffice, the links using the scheme 'vnd.libreoffice.command' could be constructed to call internal macros with arbitrary...

5.3CVSS2.2AI score0.04354EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/10/13 12:0 a.m.4 views

PT-2022-24615 · Liferay · Liferay Digital Experience Platform

Name of the Vulnerable Software and Affected Versions: Liferay Digital Experience Platform version 7.3.10 SP3 Description: A Cross-site scripting XSS issue in the Blog module's add new topic functionality allows remote attackers to inject arbitrary JS script or HTML into the name field of newly...

5.4CVSS5.3AI score0.00719EPSS
Exploits2References8
Vulnrichment
Vulnrichment
added 2022/10/13 12:0 a.m.4 views

CVE-2022-35612

A cross-site scripting XSS vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field...

5.3AI score0.00438EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2022/10/13 12:0 a.m.31 views

Debian DSA-5252-1 : libreoffice - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5252 advisory. - LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific t...

6.3CVSS6.6AI score0.04354EPSS
Exploits0References5
NVD
NVD
added 2022/10/11 9:15 p.m.14 views

CVE-2022-3140

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

6.3CVSS0.04354EPSS
Exploits0References5
OSV
OSV
added 2022/10/11 9:15 p.m.6 views

CVE-2022-3140

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

6.3CVSS7.2AI score0.04354EPSS
Exploits0References5
Prion
Prion
added 2022/10/11 9:15 p.m.137 views

Design/Logic Flaw

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

6.8CVSS6.3AI score0.04354EPSS
Exploits0References5Affected Software3
UbuntuCve
UbuntuCve
added 2022/10/11 9:15 p.m.17 views

CVE-2022-3140

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

6.3CVSS7AI score0.04354EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/10/11 9:15 p.m.5 views

CVE-2022-3140

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

6.3CVSS6.7AI score0.04354EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/10/11 9:15 p.m.2 views

UBUNTU-CVE-2022-3140

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

6.3CVSS7.3AI score0.04354EPSS
Exploits0References5
Veracode
Veracode
added 2022/10/11 2:52 p.m.25 views

Cross-Site Scripting (XSS)

bodhi is vulnerable to cross-site scripting. The vulnerability exists in overrides.html and updates.html because the input from the query parameter is auto-escaped and doesn't reflected back which allows an attacker to inject and execute arbitrary script...

6.1CVSS6.3AI score0.00395EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/10/11 12:0 a.m.22 views

CVE-2022-3140 Macro URL arbitrary script execution

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

7.5AI score0.04354EPSS
Exploits0References5
CVE
CVE
added 2022/10/11 12:0 a.m.1396 views

CVE-2022-3140

CVE-2022-3140 affects The Document Foundation LibreOffice: 7.4.x before 7.4.1 and 7.3.x before 7.3.6. Root cause is insufficient validation of the vnd.libreoffice.command URI scheme, which could be used to call internal macros with arbitrary arguments. When a user clicks the crafted link or a doc...

6.3CVSS7.3AI score0.04354EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder