Lucene search
K

7613 matches found

Prion
Prion
added 2022/02/08 11:15 a.m.13 views

Cross site scripting

Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated attacker to inject an arbitrary script or an arbitrary OS command via a specially crafted CSV file that contains HTML a tag...

6.8CVSS8.6AI score0.03174EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/02/08 11:15 a.m.18 views

Cross site scripting

Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.1 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors...

4.3CVSS6.2AI score0.00761EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/02/08 11:15 a.m.17 views

Cross site scripting

Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R firmware v1.13 and earlier allows an attacker on the adjacent network to inject an arbitrary script via unspecified vectors...

2.9CVSS5.7AI score0.00353EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/02/08 11:15 a.m.13 views

Cross site scripting

Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series...

3.5CVSS5AI score0.00842EPSS
Exploits0References5
CVE
CVE
added 2022/02/08 10:30 a.m.53 views

CVE-2022-22146

CVE-2022-22146 affects TransmitMail (PHP) versions 2.5.0–2.6.1. Public docs identify two issues: (1) a directory traversal vulnerability (CWE-22) that can allow reading arbitrary files, and (2) a cross-site scripting vulnerability (CWE-79) that can inject scripts into a user’s browser. The CVE de...

6.1CVSS6.1AI score0.00761EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/02/08 10:30 a.m.20 views

CVE-2022-21805

Reflected cross-site scripting vulnerability in the attached file name of phpmailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors...

6.2AI score0.00955EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/02/08 10:30 a.m.26 views

CVE-2022-21799

Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R firmware v1.13 and earlier allows an attacker on the adjacent network to inject an arbitrary script via unspecified vectors...

6.1AI score0.00353EPSS
Exploits0References2
CVE
CVE
added 2022/02/08 10:30 a.m.56 views

CVE-2022-21241

CSV+ prior to 0.8.1 is vulnerable to cross-site scripting: a remote unauthenticated attacker can inject arbitrary script or OS commands via a specially crafted CSV containing an HTML tag. Affected versions are CSV+ before 0.8.1; remediation is to update to v0.8.1 or later. CVSS details in source...

9.6CVSS8.6AI score0.03174EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/02/08 10:30 a.m.24 views

CVE-2022-21241

Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated attacker to inject an arbitrary script or an arbitrary OS command via a specially crafted CSV file that contains HTML a tag...

8.9AI score0.03174EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/02/08 10:30 a.m.18 views

CVE-2021-20877

Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series...

5.3AI score0.00842EPSS
Exploits0References5
CVE
CVE
added 2022/02/08 10:30 a.m.48 views

CVE-2021-20877

CVE-2021-20877 is a stored cross-site scripting (XSS) vulnerability affecting Canon laser printers and related small office multifunction devices (many LBP, MF, imageRUNNER series) sold in Japan, the US, and Europe. The issue allows remote attackers to inject arbitrary script via unspecified vect...

4.8CVSS5AI score0.00842EPSS
Exploits0References5Affected Software34
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/02/08 7:33 a.m.3 views

CSV+ vulnerable to cross-site scripting

Overview CSV+ provided by Plus one is a tabbed CSV editor. CSV+ contains a cross-site scripting vulnerability CWE-79. Satoki Tsuji reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a CSV file containing a t...

9.6CVSS6.2AI score0.03174EPSS
Exploits0References5
Prion
Prion
added 2022/02/07 3:15 a.m.19 views

Design/Logic Flaw

Improper neutralization of special elements in output used by a downstream component 'Injection' vulnerability in work flow management in Synology DiskStation Manager DSM before 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

4CVSS5.1AI score0.00597EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2022/01/28 8:15 p.m.17 views

CVE-2021-22813

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to an edit policy file. Affected Products:...

6.1CVSS0.00745EPSS
Exploits0References1
OSV
OSV
added 2022/01/28 8:15 p.m.1 views

CVE-2021-22812

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power...

6.1CVSS6.5AI score0.00745EPSS
Exploits0References1
Prion
Prion
added 2022/01/28 8:15 p.m.20 views

Cross site scripting

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power...

4.3CVSS6.2AI score0.00745EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2022/01/28 8:15 p.m.23 views

Cross site scripting

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase Uninterruptible Power Supply UPS using NMC2 including Smart-UPS,...

4.3CVSS6.2AI score0.00745EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2022/01/28 7:15 p.m.16 views

CVE-2022-22868

Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting XSS vulnerability, that allows attackers to inject arbitrary script via name parameters...

4.8CVSS6.2AI score0.00857EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/01/28 7:9 p.m.20 views

CVE-2021-22810

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing to a delete policy file. Affected Products:...

6.4AI score0.00749EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/01/27 12:0 a.m.5 views

GLPI 跨站脚本漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build a database to fully manage IT computers, monitors, servers, printers, network devices, phones, even toner cartridges...

6.1CVSS5.7AI score0.0096EPSS
Exploits0References5
Rows per page
Query Builder