Lucene search
K

7613 matches found

CVE
CVE
added 2022/10/11 12:0 a.m.1396 views

CVE-2022-3140

CVE-2022-3140 affects The Document Foundation LibreOffice: 7.4.x before 7.4.1 and 7.3.x before 7.3.6. Root cause is insufficient validation of the vnd.libreoffice.command URI scheme, which could be used to call internal macros with arbitrary arguments. When a user clicks the crafted link or a doc...

6.3CVSS7.3AI score0.04354EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2022/10/11 12:0 a.m.116 views

CVE-2022-3140

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

6.3CVSS6AI score0.04354EPSS
Exploits0
Prion
Prion
added 2022/10/07 7:15 p.m.19 views

Cross site scripting

A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow a remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser ...

5.8CVSS6.5AI score0.00545EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2022/10/07 6:15 p.m.28 views

CVE-2022-37892

A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a...

5.4CVSS0.00574EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/07 12:0 a.m.2 views

Total Avengers Totaljs Framework 跨站脚本漏洞

Total Avengers Totaljs Framework is a Javascript-based codebase for building web, desktop, service or IoT applications from Total Avengers Slovakia. The application is similar to PHPs Laravel, Pythons Django, ASP.NET MVC for building Node applications. Total Avengers A security vulnerability exis...

5.4CVSS6.1AI score0.00632EPSS
Exploits1References4
Prion
Prion
added 2022/10/06 6:16 p.m.13 views

Cross site scripting

A cross-site scripting XSS vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML via a crafted payload injected into the ServiceTemplates servicealias parameter...

4.9CVSS5.3AI score0.00616EPSS
Exploits3References1Affected Software1
CNNVD
CNNVD
added 2022/09/30 12:0 a.m.9 views

BookStack 跨站脚本漏洞

BookStack is a simple, self-hosted, easy-to-use platform from BookStack, Inc. for organizing and storing information. A cross-site scripting vulnerability exists in versions prior to BookStack v22.09. An attacker can exploit this vulnerability to execute arbitrary script on a user's web browser...

5.4CVSS5.9AI score0.00692EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/09/28 12:0 a.m.18 views

EC-CUBE DOM-based cross-site scripting vulnerability

DOM-based cross-site scripting vulnerability in EC-CUBE 4 series EC-CUBE 4.0.0 to 4.1.2 allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted page...

5.4CVSS6.3AI score0.00538EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/09/28 12:0 a.m.32 views

GHSA-PGGW-RQFM-72RH EC-CUBE DOM-based cross-site scripting vulnerability

DOM-based cross-site scripting vulnerability in EC-CUBE 4 series EC-CUBE 4.0.0 to 4.1.2 allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted page...

5.4CVSS5.2AI score0.00538EPSS
Exploits0References4
NVD
NVD
added 2022/09/27 11:15 p.m.14 views

CVE-2022-37346

EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary files other than image files. If a user with an administrative...

9.8CVSS0.00956EPSS
Exploits0References2
NVD
NVD
added 2022/09/22 1:15 a.m.18 views

CVE-2022-28980

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter prefix...

6.1CVSS0.00357EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/09/22 12:13 a.m.4 views

CVE-2022-28980

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter prefix...

6.2AI score0.00357EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/09/22 12:0 a.m.2 views

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

6.1CVSS6.7AI score0.00357EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/09/21 11:38 p.m.9 views

CVE-2022-28978

Stored cross-site scripting XSS vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject...

5.6AI score0.00494EPSS
Exploits0References2
OSV
OSV
added 2022/09/21 6:15 p.m.4 views

CVE-2022-40027

SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component newTask.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter...

6.1CVSS5.9AI score0.00666EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/09/21 5:11 p.m.9 views

CVE-2022-40027

SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component newTask.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter...

6.1AI score0.00666EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/09/19 10:51 p.m.5 views

CVE-2022-38550

A stored cross-site scripting XSS vulnerability in the /weibo/list component of Jeesns v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.6AI score0.0038EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/09/19 12:0 a.m.2 views

OPSWAT MetaDefender ICAP Server 跨站脚本漏洞

OPSWAT MetaDefender ICAP Server is an advanced threat protection software for network traffic from OPSWAT, USA. It is used to protect systems and users by examining every file transmitted over a network. A security vulnerability exists in OPSWAT MetaDefender ICAP Server versions prior to 4.13.0. ...

5.4CVSS6.2AI score0.00395EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/15 12:0 a.m.39 views

JVN#21213852: Multiple vulnerabilities in EC-CUBE

EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple vulnerabilities listed below. Directory traversal vulnerability CWE-22 - CVE-2022-40199 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N| Base Score: 2.7 CVSS v2| AV:N/AC:L/Au:S/C:P/I:N/A:N| Base Score:...

5.4CVSS4.8AI score0.01028EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/15 12:0 a.m.22 views

JVN#30900552: EC-CUBE plugin "Product Image Bulk Upload Plugin" vulnerable to insufficient verification in uploading files

EC-CUBE plugin "Product Image Bulk Upload Plugin", a plugin that enables to upload image files, provided by EC-CUBE CO.,LTD. contains an insufficient verification vulnerability when uploading files CWE-20. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary...

9.8CVSS9.5AI score0.00956EPSS
Exploits0
Rows per page
Query Builder