Lucene search
K

365 matches found

Prion
Prion
added 2017/11/15 8:29 a.m.29 views

Design/Logic Flaw

The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules...

5CVSS8.6AI score0.01606EPSS
Exploits0References3Affected Software2
UbuntuCve
UbuntuCve
added 2017/11/15 8:29 a.m.24 views

CVE-2017-8815

The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules...

7.5CVSS7.1AI score0.01606EPSS
Exploits0References3
NVD
NVD
added 2017/11/15 8:29 a.m.17 views

CVE-2017-8815

The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules...

7.5CVSS7.8AI score0.01606EPSS
Exploits0References3
OSV
OSV
added 2017/11/15 8:29 a.m.1 views

DEBIAN-CVE-2017-8815

The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules...

7.5CVSS8.3AI score0.01606EPSS
Exploits0References1
OSV
OSV
added 2017/11/15 8:29 a.m.26 views

CVE-2017-8815

The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules...

7.5CVSS9.5AI score
Exploits0References3
CVE
CVE
added 2017/11/15 8:0 a.m.76 views

CVE-2017-8815

CVE-2017-8815 affects MediaWiki’s language converter: unsafe attribute injection via glossary rules in versions before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2. This metadata is supported by multiple advisories (Debian DSA-4036, Arch ASA-2017-11-20, Mageia/MEDIAWiki notes). Impact d...

7.5CVSS8.5AI score0.01606EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/11/15 8:0 a.m.31 views

CVE-2017-8815

The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules...

8.6AI score0.01606EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2017/11/15 8:0 a.m.37 views

CVE-2017-8815

The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules...

7.5CVSS8.8AI score0.01606EPSS
Exploits0
FreeBSD
FreeBSD
added 2017/11/14 12:0 a.m.88 views

mediawiki -- multiple vulnerabilities

mediawiki reports: security fixes: T128209: Reflected File Download from api.php. Reported by Abdullah Hussam. T165846: BotPasswords doesn't throttle login attempts. T134100: On private wikis, login form shouldn't distinguish between login failure due to bad username and bad password. T178451: XS...

9.8CVSS7.6AI score0.07714EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2017/11/14 12:0 a.m.22 views

Debian: Security Advisory (DSA-4036-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.5AI score0.07714EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2017/01/25 12:0 a.m.51 views

FreeBSD : phpMyAdmin -- Multiple vulnerabilities (7721562b-e20a-11e6-b2e2-6805ca0b3d42)

The phpMyAdmin development team reports : Open redirect php-gettext code execution DOS vulnerability in table editing CSS injection in themes Cookie attribute injection attack SSRF in replication DOS in replication status %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text a...

9.8CVSS7AI score0.06711EPSS
Exploits1References9
Hacker One
Hacker One
added 2016/08/03 11:24 p.m.27 views

Algolia: Stored XSS from Display Settings triggered on Save and viewing realtime search demo

Here are the steps to trigger the XSS: 1. Create a JSON record that will contain the following attribute: "": "XSS attribute" 2. Go to Indices - Display and select the attribute under Attributes for Faceting and click save. 3. Note that XSS is triggered multiple times on that page. 4. XSS is now...

0.5AI score
Exploits0
CNVD
CNVD
added 2016/07/05 12:0 a.m.4 views

phpMyAdmin Injection Attack Vulnerability

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security vulnerability exists in phpMyAdmin 4.6.3...

4.3CVSS7.7AI score0.01689EPSS
Exploits0References1
NVD
NVD
added 2016/07/03 1:59 a.m.18 views

CVE-2016-5702

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHPSELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI...

4.3CVSS4.6AI score0.01689EPSS
Exploits0References3
Prion
Prion
added 2016/07/03 1:59 a.m.23 views

Design/Logic Flaw

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHPSELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI...

4.3CVSS7.1AI score0.01689EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2016/07/03 1:0 a.m.68 views

CVE-2016-5702

CVE-2016-5702 affects phpMyAdmin 4.6.x prior to 4.6.3. The vulnerability arises when the environment lacks PHP_SELF, enabling cookie-attribute injection via a crafted URI. Affected component is the web management interface; the root cause is missing PHP_SELF handling that allows manipulation of c...

4.3CVSS6.3AI score0.01689EPSS
Exploits0References3Affected Software1
exploitpack
exploitpack
added 2015/04/27 12:0 a.m.13 views

WordPress 4.2 - Persistent Cross-Site Scripting

WordPress 4.2 - Persistent Cross-Site Scripting Source: http://klikki.fi/adv/wordpress2.html Overview Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed. If...

6.8AI score
Exploits0
NVD
NVD
added 2014/12/15 6:59 p.m.13 views

CVE-2014-6254

Multiple cross-site scripting XSS vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to inject arbitrary web script or HTML via an attribute in a 1 device name, 2 device detail, 3 report name, 4 report detail, or 5 portlet name, or 6 a string to a helper method, aka ZEN-15381...

4.3CVSS5.8AI score0.01181EPSS
Exploits0References2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.10 views

Opera 7.0/7.10 JavaScript Console Single Quote Attribute Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7449/info A vulnerability has been reported for Opera 7 browsers for Microsoft Windows operating systems. The vulnerability exists in the Opera JavaScript console. Attackers may exploit the vulnerability to execute script...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.8 views

Opera 7.0 JavaScript Console Attribute Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6755/info A vulnerability has been reported for Opera 7 browsers for Microsoft Windows operating systems. The vulnerability exists in the Opera JavaScript console. Attackers may exploit the vulnerability to execute script...

7.1AI score
Exploits0
Rows per page
Query Builder