Lucene search
K

7613 matches found

OSV
OSV
added 2022/05/14 2:13 a.m.6 views

GHSA-9HR6-5X6G-GG5G Jenkins allows Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via...

2.3CVSS6AI score0.01424EPSS
Exploits0References9
Snyk
Snyk
added 2022/05/14 1:36 a.m.5 views

Cross-site Scripting (XSS)

Overview modx/revolution is a Content Management System. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the parseCustomData function in the update.class.php file. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious...

6.1CVSS5.5AI score0.00861EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.12 views

YUI Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML...

4.3CVSS6AI score0.01492EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2022/05/13 1:11 a.m.22 views

GHSA-J57P-G33W-95C5 OpenStack Horizon Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a networ...

3.5CVSS4.8AI score0.01917EPSS
Exploits1References15
Tenable Nessus
Tenable Nessus
added 2022/05/13 12:0 a.m.27 views

Adobe ColdFusion 2018.x < 2018 Update 14 / 2021.x < 2021 Update 4 XSS (APSB22-22)

The version of Adobe ColdFusion installed on the remote Windows host is prior to 2018.x update 14 or 2021.x update 4. It is, therefore, affected by a cross-site scripting XSS vulnerability due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote...

6.1CVSS6.6AI score0.41175EPSS
Exploits0References2
OSV
OSV
added 2022/05/09 6:15 p.m.3 views

CVE-2022-27308

A stored cross-site scripting XSS vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title...

5.4CVSS6.2AI score
Exploits0References3
CVE
CVE
added 2022/05/03 8:1 p.m.74 views

CVE-2022-27330

CVE-2022-27330 describes a cross-site scripting (XSS) vulnerability in the E-Commerce Website v1.0, exploitable through a crafted payload injected into the Product Title field when using the admin URL /public/admin/index.php?add_product. The vulnerability allows execution of arbitrary web scripts...

5.4CVSS5.2AI score0.00538EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/05/03 4:15 a.m.18 views

Cross site scripting

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of...

3.5CVSS5.3AI score0.00541EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/05/03 4:15 a.m.18 views

Cross site scripting

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of...

3.5CVSS5.3AI score0.00541EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/05/03 3:16 a.m.9 views

CVE-2022-20629 Cisco Firepower Management Center Software Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of...

5.4CVSS6AI score0.00541EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/02 3:46 a.m.24 views

TYPO3 Backend vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.3AI score0.01537EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/05/01 7:2 a.m.11 views

GHSA-MQ4X-8WHH-JX73 Improper Input Validation in Mortbay Jetty

jetty 6.0.x jetty6 beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations...

5.3CVSS6.6AI score0.0135EPSS
Exploits1References3
OSV
OSV
added 2022/05/01 2:25 a.m.1 views

GHSA-G4FC-J79Q-GJRH Alkacon OpenCms XSS via username during login

Cross-site scripting XSS vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the username in the login page...

5.3CVSS6AI score0.01374EPSS
Exploits0References5
Snyk
Snyk
added 2022/04/23 12:40 a.m.2 views

Cross-site Scripting (XSS)

Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Cross-site Scripting XSS via a crafted URL that points to Jenkins. An attacker can inject arbitrary web script or HTML by crafting a malicious URL. Details Cross-site...

6.1CVSS5.1AI score0.01849EPSS
Exploits0References2
OSV
OSV
added 2022/04/22 12:24 a.m.9 views

GHSA-MCFM-J5G6-W26F Elgg Reflected XSS Vulnerability

VULNERABILITY DESCRIPTION The internalname parameter is not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser PROOF-OF-CONCEPT/EXPLOIT http...

6.1CVSS6.3AI score0.01057EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2022/04/22 12:24 a.m.18 views

Elgg Reflected XSS Vulnerability

VULNERABILITY DESCRIPTION The internalname parameter is not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser PROOF-OF-CONCEPT/EXPLOIT http...

6.1CVSS7.1AI score0.01057EPSS
Exploits1References8Affected Software1
CNVD
CNVD
added 2022/04/22 12:0 a.m.11 views

Cisco Unified CM和Unified CM SME跨站脚本漏洞

Cisco Unified Communications Manager is a call processing component of Cisco's Unified Communications System. Unified Communications Manager Session Management Edition is the session management version of Unified Communications Manager. A cross-site scripting vulnerability exists in Unified CM an...

6.1CVSS2.5AI score0.00779EPSS
Exploits0References1
Prion
Prion
added 2022/04/21 7:15 p.m.21 views

Cross site scripting

A vulnerability in the authentication component of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. This vulnerability is due to insufficient validation of user-supplied input by the...

4.3CVSS6.1AI score0.00761EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/04/21 6:50 p.m.25 views

CVE-2022-20788 Cisco Unified Communications Products Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM, Cisco Unified CM Session Management Edition Unified CM SME, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a...

6.1CVSS6.1AI score0.00779EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/04/21 6:50 p.m.11 views

CVE-2022-20778 Cisco Webex Meetings Cross-Site Scripting Vulnerability

A vulnerability in the authentication component of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. This vulnerability is due to insufficient validation of user-supplied input by the...

6.1CVSS6.3AI score0.00761EPSS
Exploits0References1
Rows per page
Query Builder