Lucene search
+L

345 matches found

CNNVD
CNNVD
added 2022/02/15 12:0 a.m.3 views

Burden 跨站脚本漏洞

Josh Fradley Burden is a full-featured task management application written in Php by the individual developer Josh Fradley in Spain. Burden suffers from a security vulnerability that stems from the WEB application's lack of proper validation of client-side data. An attacker can exploit the...

6.1CVSS6.4AI score0.00775EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/02/10 12:0 a.m.7 views

Packagist microweber 跨站脚本漏洞

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A cross-site scripting vulnerability exists in Packagist microweber, which stems from a...

9.8CVSS7.2AI score0.00903EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/02/10 12:0 a.m.5 views

Piwigo 跨站脚本漏洞

Piwigo is a Web-based open source photo gallery software. The software includes features such as image management, image categorization and permission management. Piwigo suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data in the WEB...

6.1CVSS6.1AI score0.00786EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/01/23 12:0 a.m.24 views

vditor 跨站脚本漏洞

vditor is a browser-based Markdown editor that supports WYSIWYG, on-the-fly rendering similar to Typora, and split-screen preview modes. vditor suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the web application. An attacker...

6.8CVSS5.3AI score0.00664EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/01/22 12:0 a.m.6 views

showdoc 跨站脚本漏洞

showdoc is an open source tool ideal for IT teams to share documents online. showdoc suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit the vulnerability to execute client-side code...

6.5CVSS5.4AI score0.00642EPSS
Exploits1References3
OSV
OSV
added 2022/01/21 7:15 p.m.5 views

CVE-2021-43355

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypa...

9.8CVSS5.8AI score0.00978EPSS
Exploits0References1
Prion
Prion
added 2022/01/21 7:15 p.m.17 views

Design/Logic Flaw

Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 allows user input to be validated on the client side without authentication by the server. The server should not rely on the correctness of the data because users might not support or block JavaScript or intentionally bypa...

7.5CVSS9.5AI score0.00978EPSS
Exploits0References1Affected Software6
CNNVD
CNNVD
added 2022/01/19 12:0 a.m.5 views

BigBlueButton 跨站脚本漏洞

BigBlueButton is an open source web conferencing system from the BigBlueButton Bigbluebutton community. bigbluebutton suffers from a cross-site scripting vulnerability that stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerabilit...

8.1CVSS6.9AI score0.0089EPSS
Exploits1References3
Huntr
Huntr
added 2022/01/16 5:57 p.m.9 views

in livehelperchat/livehelperchat

Lack of server side validation An admin can delete his/her account by bypassing client side validation 1.Login in application as admin. 2.Nagiate to settings and create another user. 3.Now see the list of user, an admin can only delete other user account rather than his/her. 4.Click on delete and...

0.8AI score
Exploits0
CNNVD
CNNVD
added 2022/01/13 12:0 a.m.4 views

Reprise Software Reprise License Manager 跨站脚本漏洞

Reprise Software Reprise License Manager is a software licensing toolkit from Reprise Software, Inc. that provides local and cloud-based license management, license enforcement and product activation solutions for publishers of commercial software applications.Reprise Software Reprise License...

6.1CVSS5.3AI score0.03241EPSS
Exploits3References6
CNNVD
CNNVD
added 2022/01/06 12:0 a.m.3 views

Sourcecodester Vehicle Service Management System 跨站脚本漏洞

Sourcecodester Vehicle Service Management System is an open source PHP project. Sourcecodester Vehicle Service Management System has a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data in the WEB application, which can be exploited by attackers t...

4.8CVSS5.3AI score0.01142EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/01/06 12:0 a.m.6 views

scratch-svg-renderer 跨站脚本漏洞

scratch-svg-renderer is a code library used by the Scratch team to convert SVG to DOM elements. scratch-Svg-Renderer suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data in WEB applications, which can be exploited to execute client-si...

6.1CVSS5.4AI score0.00647EPSS
Exploits0References2
CNVD
CNVD
added 2022/01/05 12:0 a.m.67 views

BeyondTrust Remote Support Cross-Site Request Forgery Vulnerability

BeyondTrust Remote Support is a remote desktop access, help desk and collaboration software for Windows, Mac, Linux, Ios iPad, iPhone, etc. BeyondTrust Remote Support is vulnerable to cross-site request forgery. The vulnerability stems from the lack of proper validation of client-side data in the...

6.1CVSS2.8AI score0.28207EPSS
Exploits3References1
CNNVD
CNNVD
added 2021/12/21 12:0 a.m.4 views

Fresenius Kabi Agilia Connect Infusion System 授权问题漏洞

The Fresenius Kabi Agilia Connect Infusion System is an infusion system from Fresenius Kabi of Germany. A security vulnerability exists in the Fresenius Kabi Agilia Connect Infusion System, which stems from an application that allows user input to be validated on the client side without server...

9.8CVSS8.3AI score0.00978EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/11/29 12:0 a.m.4 views

WordPress plugin Stylish Cost Calculator 跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL.A cross-site scripting vulnerability exists in the WordPress Stylish Cost Calculator plugin, which stems...

5.4CVSS5.6AI score0.00307EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/11/08 12:0 a.m.6 views

JetBrains YouTrack 跨站脚本漏洞

JetBrains YouTrack, a browser-based bug tracking and project management software from JetBrains Czech Republic, is vulnerable to a cross-site scripting vulnerability in versions prior to JetBrains YouTrack 2021.3.24402. The vulnerability stems from the lack of proper validation of client-side dat...

5.4CVSS5.3AI score0.00546EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/10/26 12:0 a.m.6 views

Froala WYSIWYG Editor 跨站脚本漏洞

Froala WYSIWYG Editor is a software application. A beautiful JavaScript web editor that is easy for developers to integrate and your users will love its clean design. Froala WYSIWYG Editor suffers from a cross-site scripting vulnerability that stems from a lack of proper validation of client-side...

6.1CVSS6.1AI score0.0084EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/10/26 12:0 a.m.6 views

Shopware 跨站脚本漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware.Shopware in versions prior to 5.7.6 suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit the...

5.7CVSS5.6AI score0.00737EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/10/19 12:0 a.m.4 views

Ibm Security Risk Manager on Cp4S 跨站脚本漏洞

Ibm Security Risk Manager on Cp4S is a security risk manager from Ibm USA. A security vulnerability exists in Ibm Security Risk Manager on Cp4S, which stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit the vulnerability to execute...

5.4CVSS5.9AI score0.0048EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/10/14 12:0 a.m.17 views

OMERO.web跨站脚本漏洞

OMERO.web is a client program from the Open Microscopy Environment team for viewing images on the OMERO server from a web browser. A cross-site scripting vulnerability exists in omero-web that stems from the WEB application's lack of proper validation of client-side data. An attacker can exploit...

9.8CVSS6.1AI score0.01006EPSS
Exploits0References4
Rows per page
Query Builder