Lucene search
K

10 matches found

NVD
NVD
added 2026/05/23 7:16 p.m.15 views

CVE-2018-25349

userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the backup.php endpoint with XSS payloads in the X-Forwarded-For header that execute when administrators...

6.1CVSS0.00155EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/23 6:30 p.m.10 views

CVE-2018-25349

userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the backup.php endpoint with XSS payloads in the X-Forwarded-For header that execute when administrators...

6.1CVSS5.7AI score0.00155EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/23 6:30 p.m.9 views

CVE-2018-25349 userSpice 4.3.24 Cross-Site Scripting via X-Forwarded-For Header

userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the backup.php endpoint with XSS payloads in the X-Forwarded-For header that execute when administrators...

6.1CVSS5.7AI score0.00155EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.8 views

UserSpice 跨站脚本漏洞

UserSpice is an open-source PHP framework for user management and identity authentication developed by UserSpice. Version 4.3.24 of userSpice contains a cross-site scripting vulnerability. This vulnerability stems from the injection of malicious scripts through the X-Forwarded-For HTTP header,...

6.1CVSS5.8AI score0.00155EPSS
Exploits0References2
OSV
OSV
added 2025/10/30 10:15 p.m.3 views

CVE-2022-50585

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.7 / Nagios XI 5.8.9 contains a cross-site scripting XSS vulnerability via the Audit Log page search input. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in...

5.4CVSS5.9AI score0.00405EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/30 9:34 p.m.5 views

CVE-2022-50585 Nagios XI < 5.8.9 Core Config Manager (CCM) XSS via Audit Log Page Search Input

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.7 / Nagios XI 5.8.9 contains a cross-site scripting XSS vulnerability via the Audit Log page search input. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in...

5.1CVSS5.7AI score0.00405EPSS
Exploits0References2
CVE
CVE
added 2025/10/30 9:34 p.m.13 views

CVE-2022-50585

Nagios XI Core Config Manager (CCM) is affected in versions earlier than CCM 3.1.7 / Nagios XI 5.8.9 by a cross-site scripting (XSS) vulnerability via the Audit Log page search input. The issue stems from insufficient validation/escaping of user input, enabling an attacker to inject and execute a...

5.4CVSS5.7AI score0.00405EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.4 views

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.8.7, which stems from insufficient...

5.4CVSS6AI score0.00383EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/04/05 7:29 p.m.20 views

CVE-2025-31119

generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as Entity Audit Framework. If an attacker manages to place some malicious classes into the classpath...

7.6CVSS7.9AI score0.00457EPSS
Exploits0References1
NVD
NVD
added 2023/02/16 7:15 p.m.17 views

CVE-2022-43954

An insertion of sensitive information into log file vulnerability CWE-532 in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices' passwords in the audit log page...

6.5CVSS4.7AI score0.00687EPSS
Exploits0References1
Rows per page
Query Builder