Lucene search
K

7613 matches found

Cvelist
Cvelist
added 2021/08/18 5:36 a.m.17 views

CVE-2021-20766

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors...

6.5AI score0.00757EPSS
Exploits0References2
CVE
CVE
added 2021/08/18 5:36 a.m.53 views

CVE-2021-20766

CVE-2021-20766 is a cross-site scripting vulnerability in Cybozu Garoon, affecting 4.0.0 through 5.0.2 in the Message component. An attacker can inject arbitrary scripts via unspecified vectors, potentially leading to code execution in a logged-in user’s browser. The connected records confirm the...

6.1CVSS6.2AI score0.00757EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/08/18 5:36 a.m.19 views

CVE-2021-20765

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors...

6.5AI score0.008EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/08/18 5:35 a.m.16 views

CVE-2021-20753

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...

6AI score0.00605EPSS
Exploits0References2
OSV
OSV
added 2021/08/16 7:15 p.m.2 views

CVE-2021-34655

The WP Songbook WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the url parameter found in the /inc/class.ajax.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.11...

6.1CVSS5.8AI score0.00844EPSS
Exploits1References2
Prion
Prion
added 2021/08/12 10:15 p.m.20 views

Cross site scripting

A cross site scripting XSS vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter...

3.5CVSS5.5AI score0.00595EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/08/12 9:7 p.m.58 views

CVE-2020-20990

CVE-2020-20990 is a cross-site scripting (XSS) vulnerability in Domainmod 4.13 that affects the /segments/edit.php Segment Name parameter. The underlying issue is lack of proper validation of user-supplied data, allowing attackers to inject arbitrary web scripts or HTML. The affected component is...

5.4CVSS5.4AI score0.00595EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2021/08/12 3:15 p.m.3 views

CVE-2020-20977

A stored cross site scripting XSS vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section...

5.4CVSS5.6AI score0.00503EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/08/11 12:0 a.m.4 views

Maccms 跨站脚本漏洞

Maccms 10 is a PHP-based film and television content management system CMS. Maccms 10 is vulnerable to a cross-site scripting vulnerability, which originates from the ""wd"" parameter in the software's background search function that is not effectively restricted and checked, and can be exploited...

5.4CVSS5.5AI score0.00475EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/08/10 12:0 a.m.3 views

Eyoucms 跨站脚本漏洞

Zanzan Network Technology EyouCms EyouCms is a ThinkPHP-based open source content management system CMS from Zanzan Network Technology in China. version v1.4.1 of Eyoucms has a security vulnerability. An attacker can use the vulnerability to execute arbitrary web scripts or HTML...

5.4CVSS6AI score0.005EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/08/05 12:0 a.m.6 views

WordPress 跨站请求伪造漏洞

WordPress is the WordPress Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. function in the /news-plugin.php file is vulnerable to a cross-site request forgery attack, which...

8.8CVSS5.7AI score0.0056EPSS
Exploits1References1
OSV
OSV
added 2021/08/02 9:15 p.m.5 views

CVE-2021-34632

The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request Forgery via the locconfig function found in the /seo-backlinks.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.0.1...

8.8CVSS5.8AI score0.0068EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/08/02 12:0 a.m.5 views

WordPress 插件 跨站请求伪造漏洞

WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in the WordPress plugin, which stems from the vulnerability to cross-site request forgery via the OptionsPage function in the php settings.php file, which allows an attacker to inject arbitrary we...

8.8CVSS7.8AI score0.007EPSS
Exploits2References3
CNNVD
CNNVD
added 2021/08/02 12:0 a.m.7 views

WordPress 插件 跨站请求伪造漏洞

WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in the WordPress plugin admin-custom-login, which stems from the fact that the Admin Custom Login WordPress plugin is susceptible to cross-site request forgery attacks due to the loginbgSave found...

8.8CVSS7.6AI score0.007EPSS
Exploits2References3
NVD
NVD
added 2021/07/30 2:15 p.m.19 views

CVE-2020-20699

A cross site scripting XSS vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings...

4.8CVSS0.00527EPSS
Exploits1References1
Prion
Prion
added 2021/07/30 2:15 p.m.15 views

Cross site scripting

Cross-site scripting vulnerability in GroupSession GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0 allows a remote attacker to inject...

3.5CVSS5.3AI score0.006EPSS
Exploits0References2Affected Software3
CNVD
CNVD
added 2021/07/27 12:0 a.m.21 views

SourceCodester E-Commerce Website Cross-Site Scripting Vulnerability

SourceCodester E-Commerce Website is an application. A PHP e-commerce website project for bookstores. SourceCodester E-Commerce Website v 1.0 is vulnerable to a cross-site scripting vulnerability that could be exploited to inject arbitrary web script or HTM into feedbackprocess.php via the subjec...

5.4CVSS0.9AI score0.00658EPSS
Exploits1References1
NCSC
NCSC
added 2021/07/27 12:0 a.m.6 views

Vulnerability fixed in CheckMK

A vulnerability has been fixed in CheckMK. A malicious party can exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. CheckMK has released updates to fix t...

5.4CVSS6.7AI score0.0172EPSS
Exploits2
Hacker One
Hacker One
added 2021/07/25 8:33 p.m.86 views

U.S. Dept Of Defense: XSS due to CVE-2020-3580 [██████]

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the web services interface of an...

2.6CVSS1.5AI score0.85439EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/19 12:0 a.m.83 views

JVN#86026700: Multiple vulnerabilities in GroupSession

GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2021-20785 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

6.1CVSS5.6AI score0.00916EPSS
Exploits0
Rows per page
Query Builder