Lucene search
K

7613 matches found

Prion
Prion
added 2021/06/21 8:15 p.m.15 views

Input validation

The Admin Columns Free WordPress plugin before 4.3 and Admin Columns Pro WordPress plugin before 5.5.1, rendered input on the posted pages with improper input validation on the value passed into the field 'Label' parameter, by taking this as an advantage an authenticated attacker can supply a...

3.5CVSS5.6AI score0.00997EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/06/21 12:0 a.m.3 views

WordPress plugin Admin Columns 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.4CVSS5.8AI score0.00997EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/06/17 12:0 a.m.3 views

Hitachi Application Server 跨站脚本漏洞

Hitachi Application Server is a server from Hitachi, Japan. A cross-site scripting vulnerability exists in Hitachi Application Server that could allow a remote attacker to inject arbitrary script via an unspecified vector...

6.1CVSS6.2AI score0.00754EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2021/06/16 5:45 p.m.15 views

CVE-2021-1395 Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not...

4.7CVSS6AI score0.00813EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2021/06/10 12:0 a.m.411 views

TextPattern CMS 4.8.7 - Stored Cross-Site Scripting (XSS)

Exploit Title: TextPattern CMS 4.8.7 - Stored Cross-Site Scripting XSS Date: 2021/09/06 Exploit Author: Mert Daş [email protected] Software Link: https://textpattern.com/filedownload/113/textpattern-4.8.7.zip Software web: https://textpattern.com/ Tested on: Server: Xampp TextPattern is pron...

7.4AI score
Exploits0
OSV
OSV
added 2021/06/08 11:10 p.m.24 views

GHSA-RCP4-JM2V-MR3F Cross-site scripting in Shopizer

A stored cross-site scripting XSS vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customername in various forms of store administration. It is saved in the database. The code is executed for any user of store administration when informati...

4.8CVSS4.9AI score0.0285EPSS
Exploits2References4
OSV
OSV
added 2021/06/08 8:10 p.m.16 views

GHSA-V9W8-HQ92-V39M Cross-site Scripting (XSS) in baserCMS

Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...

5.4CVSS5.4AI score0.00731EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/06/08 8:10 p.m.49 views

Cross-site Scripting (XSS) in baserCMS

Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...

5.4CVSS5.3AI score0.00731EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/06/08 8:10 p.m.13 views

GHSA-24P5-X9F9-VVPX Cross-site Scripting (XSS) in baserCMS

Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...

5.4CVSS5.4AI score0.00731EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/06/03 12:0 a.m.7 views

YzmCMS 跨站脚本漏洞

YzmCMS is a lightweight open source content management system based on PHP+Mysql architecture developed by Yuan Zhimeng alone. YzmCMS 5.8 version of the /admin/systemmanage/userconfigedit.html page there is a cross-site scripting vulnerability, an attacker can use the vulnerability to inject...

5.4CVSS5.4AI score0.00503EPSS
Exploits1References1
CNVD
CNVD
added 2021/06/02 12:0 a.m.7 views

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2021-39688)

CMS Made Simple is a simple, easy-to-use content management system developed using PHP, MySQL and Smarty template engine. A cross-site scripting vulnerability exists in the "Setup News" module in the admin panel of CMS Made Simple version 2.2.14. An attacker can exploit this vulnerability to...

4.8CVSS6.5AI score0.00534EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/06/02 12:0 a.m.7 views

Mozilla Firefox 跨站脚本漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A cross-site scripting vulnerability exists in Firefox 3.6.24 and versions between 4.x and 7. An attacker can exploit this vulnerability to inject arbitrary web script or HTML to execute client-side co...

6.1CVSS5.9AI score0.00761EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/06/01 12:0 a.m.5 views

Fastspot BigTree 跨站脚本漏洞

Fastspot BigTree is an open source content management system CMS based on PHP and MySQL from Fastspot Inc. in the United States. A cross-site scripting vulnerability exists in BigTree CMS version 4.4.10 and prior versions that allows an authenticated attacker to update the site's index.php...

5.4CVSS5.6AI score0.00604EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2021/06/01 12:0 a.m.5 views

The vulnerability of the virtual learning environment Moodle, related to the lack of protection for the website structure, allows a hacker to execute arbitrary HTML code and script code in the user’s browser within the context of the vulnerable website.

The vulnerability of the virtual learning environment Moodle is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary HTML code and script code in the user’s browser, within the context of the...

7.2CVSS7AI score0.00569EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2021/06/01 12:0 a.m.5 views

CMS Made Simple 跨站脚本漏洞

CMS Made Simple is a simple, easy-to-use content management system developed using PHP, MySQL and Smarty template engine. A cross-site scripting vulnerability exists in the "Setup News" module in the admin panel of CMS Made Simple version 2.2.14. An attacker can exploit this vulnerability to...

4.8CVSS5.6AI score0.00534EPSS
Exploits1References1
OSV
OSV
added 2021/05/28 8:15 p.m.4 views

CVE-2020-26642

A cross-site scripting XSS vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to inject arbitrary web script or HTML...

6.1CVSS5.8AI score0.00662EPSS
Exploits1References1
Prion
Prion
added 2021/05/27 9:15 a.m.20 views

Cross site scripting

Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allows an attacker to execute an arbitrary script by loading a file or code snippet containing an invalid iframe into Zettlr...

4.3CVSS6.2AI score0.01036EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/25 6:46 p.m.59 views

Cross-site Scripting in OpenNMS Horizon

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting since ther...

4.8CVSS3.3AI score0.0102EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/05/25 12:0 a.m.20 views

Cisco Adaptive Security Appliance Software Web-Based Management Interface Reflected XSS (cisco-sa-asa-rxss-L54Htxp)

According to its self-reported version, Cisco ASA Software is affected by a vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the...

6.1CVSS7.3AI score0.00823EPSS
Exploits0References3
NVD
NVD
added 2021/05/24 4:15 a.m.9 views

CVE-2021-20725

Reflected cross-site scripting vulnerability in the admin page of Calendar01 free edition ver1.0.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors...

6.1CVSS0.00777EPSS
Exploits0References2
Rows per page
Query Builder