Lucene search
K

7613 matches found

Tenable Nessus
Tenable Nessus
added 2021/07/15 12:0 a.m.29 views

Cisco Identity Services Engine Stored XSS (cisco-sa-ise-stored-xss-TWwjVPdL)

According to its self-reported version, Cisco Identity Services Engine is affected by multiple stored cross-site scripting XSS vulnerabilities due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user...

4.8CVSS5.5AI score0.00594EPSS
Exploits0References11
NVD
NVD
added 2021/07/14 2:15 a.m.12 views

CVE-2021-20784

HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product...

6.1CVSS0.01118EPSS
Exploits0References4
Cvelist
Cvelist
added 2021/07/14 1:20 a.m.24 views

CVE-2021-20784

HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product...

6.1CVSS6.5AI score0.01118EPSS
Exploits0References3
CVE
CVE
added 2021/07/14 1:20 a.m.93 views

CVE-2021-20784

Summary of CVE-2021-20784 : The HTTP server in Voidtools Everything (versions 1.0, 1.1, 1.2; Lite version excluded) contains an HTTP header injection flaw that may allow a remote attacker to inject arbitrary scripts or alter pages used by the product. The condition is tied to the software’s HTTP ...

6.1CVSS6.4AI score0.01118EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2021/07/13 12:0 a.m.5 views

CSZ CMS Cross-Site Scripting Vulnerability (CNVD-2021-50173)

CSZ CMS is a PHP-based open source content management system CMS. CSZ CMS suffers from a cross-site scripting vulnerability that can be exploited to execute arbitrary web script or HTML via a specially crafted load entered in the "New Article" field under the "Article" plugin...

5.4CVSS6.3AI score0.0045EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/13 12:0 a.m.3 views

Codoforum cross-site scripting vulnerability (CNVD-2021-50176)

Codoforum is a set of PHP and MySQL based forum software. A cross-site scripting vulnerability exists in Codoforum version 5.0.2, which can be exploited by an attacker to execute arbitrary web script or HTML via a crafted payload with the "Smiley Code" parameter...

5.4CVSS6.3AI score0.00507EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/13 12:0 a.m.4 views

moziloCMS Stored Cross-Site Scripting Vulnerability

moziloCMS is open source a content management system CMS. A security vulnerability exists in moziloCMS, which can be exploited by an attacker to execute arbitrary web script or HTML through a specially crafted load by entering the "Content" parameter...

5.4CVSS7.1AI score0.00447EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/12 12:0 a.m.8 views

dotCMS Cross-Site Scripting Vulnerability (CNVD-2021-50940)

dotcms is a powerful Content Management System CMS developed in Java. A stored cross-site scripting vulnerability exists in dotCMS version 21.05.1 in dotAdmin//c/cImages, which can be exploited by an attacker to execute arbitrary Web script or HTML via the 'Title' and 'Filename' parameters...

4.8CVSS6.1AI score0.00497EPSS
Exploits1References1
Hacker One
Hacker One
added 2021/07/10 9:40 a.m.18 views

GitLab: Stored XSS in main page of a project caused by arbitrary script payload in group "Default initial branch name"

Summary A stored XXS exists in the main page of a project. By changing the "default branch name" of a group a malicious user can inject arbitrary JavaScript into the main page of a project. Any user that is either at least developer of the project, or an administrator of the GitLab instance, and...

0.5AI score
Exploits0
CNNVD
CNNVD
added 2021/07/09 12:0 a.m.4 views

Dotcms dotCMS 跨站脚本漏洞

dotcms is a powerful Content Management System CMS developed in Java. A stored cross-site scripting vulnerability exists in dotCMS version 21.05.1 in dotAdmin//c/cImages, which can be exploited by an attacker to execute arbitrary Web script or HTML via the 'Title' and 'Filename' parameters...

4.8CVSS5.6AI score0.00497EPSS
Exploits1References2
NVD
NVD
added 2021/07/08 7:15 p.m.23 views

CVE-2021-1607

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user. These vulnerabilities exist because the web-based management interface does not...

4.8CVSS0.00594EPSS
Exploits0References1
NVD
NVD
added 2021/07/08 7:15 p.m.12 views

CVE-2021-1575

A vulnerability in the web-based management interface of Cisco Virtualized Voice Browser could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not...

6.1CVSS0.00813EPSS
Exploits0References1
Prion
Prion
added 2021/07/08 7:15 p.m.16 views

Cross site scripting

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user. These vulnerabilities exist because the web-based management interface does not...

3.5CVSS4.9AI score0.00594EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/07/08 7:15 p.m.20 views

Cross site scripting

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user. These vulnerabilities exist because the web-based management interface does not...

3.5CVSS4.9AI score0.00594EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/07/08 7:15 p.m.22 views

Cross site scripting

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user. These vulnerabilities exist because the web-based management interface does not...

3.5CVSS4.9AI score0.00594EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/07/08 7:15 p.m.22 views

Cross site scripting

A vulnerability in the web-based management interface of Cisco Virtualized Voice Browser could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not...

4.3CVSS5.9AI score0.00813EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/07/08 6:36 p.m.24 views

CVE-2021-1607 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user. These vulnerabilities exist because the web-based management interface does not...

4.8CVSS5.2AI score0.00594EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/07/08 6:30 p.m.10 views

CVE-2021-1575 Cisco Virtualized Voice Browser Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Virtualized Voice Browser could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not...

6.1CVSS6.1AI score0.00813EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/07/08 6:30 p.m.14 views

CVE-2021-1575 Cisco Virtualized Voice Browser Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Virtualized Voice Browser could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not...

6.1CVSS6.1AI score0.00813EPSS
Exploits0References1
Prion
Prion
added 2021/07/08 4:15 p.m.13 views

Cross site scripting

A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/...

4.3CVSS6.2AI score0.0115EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder