Lucene search
K

7613 matches found

OSV
OSV
added 2022/05/24 9:59 p.m.4 views

GHSA-C8J6-GQQ8-4PRJ Alkacon OpenCMS XSS via New User module

Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting XSS in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp. This allows an attacker to insert arbitrary JavaScript as user input First Name or Last Name, which will be executed whenever the affected...

5.3CVSS5.8AI score0.00765EPSS
Exploits1References5
OSV
OSV
added 2022/05/24 7:6 p.m.19 views

GHSA-VRPV-26FM-7VF7 EC-CUBE Cross-site scripting vulnerability

Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 EC-CUBE 3 series and EC-CUBE 4.0.0 to 4.0.5-p1 EC-CUBE 4 series allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation...

6.1CVSS6AI score0.01557EPSS
Exploits0References5
OSV
OSV
added 2022/05/24 7:1 p.m.13 views

GHSA-C8MX-43CQ-993W EC-CUBE Cross-site scripting vulnerability

Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web browser...

6.1CVSS6.1AI score0.02308EPSS
Exploits0References5
CNVD
CNVD
added 2022/05/24 12:0 a.m.22 views

Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability (CNVD-2022-64191)

Cisco Common Services Platform Collector CSPC is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collecto...

6.1CVSS2.5AI score0.00685EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/23 12:0 a.m.21 views

Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability (CNVD-2022-64193)

Cisco Common Services Platform Collector CSPC is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collecto...

6.1CVSS2.5AI score0.00685EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/23 12:0 a.m.11 views

Cisco Common Services Platform Collector跨站脚本漏洞(CNVD-2022-50665)

Cisco Common Services Platform Collector CSPC is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collecto...

6.1CVSS2.7AI score0.00685EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/23 12:0 a.m.18 views

Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability (CNVD-2022-64194)

Cisco Common Services Platform Collector CSPC is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collecto...

6.1CVSS2.5AI score0.00685EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/23 12:0 a.m.33 views

Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability (CNVD-2022-64197)

Cisco Common Services Platform Collector CSPC is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collecto...

6.1CVSS2.4AI score0.00685EPSS
Exploits0References1
CNVD
CNVD
added 2022/05/20 12:0 a.m.15 views

Cisco Common Services Platform Collector跨站脚本漏洞(CNVD-2022-50666)

Cisco Common Services Platform Collector is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collector is...

6.1CVSS2.9AI score0.00685EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/05/19 12:0 a.m.8 views

Cisco Common Services Platform Collector 跨站脚本漏洞

Cisco Common Services Platform Collector CSPC is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collecto...

6.1CVSS6.4AI score0.00685EPSS
Exploits0References3
NVD
NVD
added 2022/05/18 3:15 p.m.11 views

CVE-2022-28717

Cross-site scripting vulnerability in RebooterWATCH BOOT nino RPC-M2C End of Sale all firmware versions, WATCH BOOT light RPC-M5C End of Sale all firmware versions, WATCH BOOT L-zero RPC-M4L End of Sale all firmware versions, WATCH BOOT mini RPC-M4H End of Sale all firmware versions, WATCH BOOT...

4.8CVSS0.0053EPSS
Exploits0References2
Prion
Prion
added 2022/05/18 3:15 p.m.11 views

Cross site scripting

Cross-site scripting vulnerability in RebooterWATCH BOOT nino RPC-M2C End of Sale all firmware versions, WATCH BOOT light RPC-M5C End of Sale all firmware versions, WATCH BOOT L-zero RPC-M4L End of Sale all firmware versions, WATCH BOOT mini RPC-M4H End of Sale all firmware versions, WATCH BOOT...

3.5CVSS5.7AI score0.0053EPSS
Exploits0References2Affected Software8
Snyk
Snyk
added 2022/05/17 4:31 a.m.1 views

Cross-site Scripting (XSS)

Overview web-tp3/wecmap is a WEC Google Maps. Affected versions of this package are vulnerable to Cross-site Scripting XSS via unspecified vectors. An attacker can inject arbitrary web script or HTML by crafting malicious input. Details Cross-site scripting or XSS is a code vulnerability that...

5.4CVSS5.2AI score0.00931EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/17 1:59 a.m.15 views

QooxDoo XSS in Callback Parameter

Cross-site scripting XSS vulnerability in framework/source/resource/qx/test/jsonpprimitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter...

4.3CVSS6.2AI score0.02608EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2022/05/17 12:53 a.m.21 views

GHSA-74C7-R9M3-HVJ4 Dolibarr cross-site scripting (XSS) vulnerability

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the 1 CompanyName, 2 CompanyAddress, 3 CompanyZip, 4 CompanyTown, 5 Fax, 6 EMail, 7 Web, 8 ManagingDirectors, 9 Note, 10 Capital, 11 ProfId1, 12...

5.4CVSS5.4AI score0.00722EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/05/17 12:0 a.m.3 views

Aruba ClearPass Policy Manager 跨站脚本漏洞

Aruba ClearPass Policy Manager is an application of Aruba, Inc. that provides a secure access management system for wireless networks. cross-site scripting is present in Aruba ClearPass Policy Manager versions 6.10.4 and earlier, 6.9.9 and earlier, and 6.8.9-HF2 and earlier. vulnerability. An...

5.4CVSS5.7AI score0.0053EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/05/17 12:0 a.m.3 views

Moodle 跨站脚本漏洞

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A cross-site scripting vulnerability exists in Moodle versions 3.9.0 to 4.0.0, which can be exploited by a remote attacker to inject a...

5.4CVSS7.3AI score0.00828EPSS
Exploits0References10
CNNVD
CNNVD
added 2022/05/16 12:0 a.m.3 views

Cybozu Garoon 跨站脚本漏洞

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A cross-site scripting vulnerability exists in Cybozu Garoon, which stems from insufficient cleaning of...

6.1CVSS5.8AI score0.00609EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/14 2:21 a.m.32 views

Withdrawn Advisory: Apache Struts XSS

Withdrawn Advisory This advisory has been withdrawn because it was deemed invalid. This link is maintained to preserve external references. Original Description Multiple cross-site scripting XSS vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML...

4.3CVSS7.2AI score0.337EPSS
Exploits1References3Affected Software2
OSV
OSV
added 2022/05/14 2:13 a.m.6 views

GHSA-9HR6-5X6G-GG5G Jenkins allows Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via...

2.3CVSS6AI score0.01424EPSS
Exploits0References9
Rows per page
Query Builder