Lucene search
K

135 matches found

OSV
OSV
added 2020/12/06 12:15 a.m.22 views

CVE-2020-29572

app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via the authkey comment field...

6.1CVSS5.8AI score
Exploits0References1
Prion
Prion
added 2020/12/06 12:15 a.m.14 views

Design/Logic Flaw

app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via the authkey comment field...

4.3CVSS5.9AI score0.00765EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/12/05 11:2 p.m.82 views

CVE-2020-29572

CVE-2020-29572 affects MISP 2.4.135, with a cross-site scripting vulnerability in the file app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp via the authkey comment field. The root cause is unsanitized input leading to XSS in the template rendering, enabling arbitrary script e...

6.1CVSS5.9AI score0.00765EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2020/08/31 8:31 p.m.70 views

Shopify: damage to the timeline so that comment fields cannot be displayed or not available to all members in the store

see https://a-alert-b-y000-b-finda.myshopify.com/admin/discounts/416981811222 I tried to make a discount code with a product name and a discount code like: ± ± when I havehtag the product name on the timeline comment and I get a "server error" reply and it causes crashes to the timeline, so...

0.2AI score
Exploits0
CVE
CVE
added 2020/04/15 1:13 p.m.71 views

CVE-2019-19500

CVE-2019-19500 affects Matrix42 Workspace Management 9.1.2.2765 and earlier. The vulnerability is a stored XSS in unfiltered description parameters of the WEB application (e.g., the comment field of a special software order). Root cause: lack of proper validation of client‑side data by the applic...

5.4CVSS5.2AI score0.00772EPSS
Exploits3References2Affected Software1
CVE
CVE
added 2018/03/05 6:0 p.m.54 views

CVE-2017-18215

The CVE-2017-18215 entry concerns the image tool xv, version 3.10a. Affected component: xvpng.c in xv 3.10a. Root cause: memory corruption (out-of-bounds write) when decoding PNG comment fields due to an incorrect length value. Impact: potential crashes or code execution as stated in the sources....

9.8CVSS9.6AI score0.02286EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2018/02/26 12:0 a.m.3 views

PHP Scripts Mall Multi Language Olx Clone Script Cross Site Scripting Vulnerability

PHP Scripts Mall Multi Language Olx Clone Script is a set of PHP based scripts for multilingual information publishing websites from PHP Scripts Mall, India. A cross-site scripting vulnerability exists in PHP Scripts Mall Multi Language Olx Clone Script version 2.0.6. A remote attacker can exploi...

6.1CVSS6AI score0.02528EPSS
Exploits3References1
NVD
NVD
added 2018/02/12 3:29 a.m.31 views

CVE-2018-6845

PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the Leave Comment field...

6.1CVSS6.1AI score0.02528EPSS
Exploits3References1
OSV
OSV
added 2018/02/12 3:29 a.m.5 views

CVE-2018-6845

PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the Leave Comment field...

6.1CVSS5.8AI score0.02528EPSS
Exploits3References1
Cvelist
Cvelist
added 2018/02/12 3:0 a.m.28 views

CVE-2018-6845

PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the Leave Comment field...

6.1AI score0.02528EPSS
Exploits3References1
Hacker One
Hacker One
added 2018/01/03 1:49 p.m.25 views

Paragon Initiative Enterprises: Airship: Persistent XSS via Comment

Affected: Airship 2.0.0 commit 15bdc0d CVSS ---- Medium 6.1 https://www.first.org/cvss/calculator/3.0CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Description ----------- The "name" field of a comment on a blog post is vulnerable to persistent XSS. When replying to a comment, the comment name is...

0.2AI score
Exploits0
ThreatPost
ThreatPost
added 2015/04/27 11:56 a.m.12 views

Wordpress Stored Cross-Site Scripting Zero Day Vulnerability

WordPress security issues have for the most part involved a vulnerable plug-in, but a Finnish researcher has disclosed some details on a zero-day vulnerability he discovered in the WordPress 4.2 and earlier core engine that could lead to remote code execution on the webserver. Juoko Pynnonen of...

0.1AI score
Exploits0References2
Prion
Prion
added 2014/11/24 4:59 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in Liferay Portal Enterprise Edition EE 6.2 SP8 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the 20body parameter in the comment field in an uploaded file...

3.5CVSS5.7AI score0.01514EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.10 views

Live Comment Preview 2.0.2 - Comment Field Preview XSS

The live-comment-preview WordPress plugin was affected by a Comment Field Preview XSS security vulnerability...

2.7AI score
Exploits0Affected Software1
Packet Storm
Packet Storm
added 2014/01/05 12:0 a.m.24 views

Hiox Guest Book 5.0 Cross Site Scripting

Exploit Title : HIOX GUEST BOOK 5.0 HGB-5.0 Cross Site Scripting Author : JoKeRStEx Tested On : Windows Download Software Link : www.hscripts.com/scripts/php/downloads/HGB.zip Date : 03/01/2014 + P.O.C prompt'JoKeRStEx'" prompt'xss email'" prompt'xss comment'" + For test The Exploit Example...

7.4AI score
Exploits0
NVD
NVD
added 2013/10/03 7:55 p.m.23 views

CVE-2013-5690

Multiple cross-site scripting XSS vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via 1 content with the text/xml MIME type or 2 the Status comment field of an appointment...

3.5CVSS5.4AI score0.00767EPSS
Exploits0References1
Prion
Prion
added 2013/10/03 7:55 p.m.25 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via 1 content with the text/xml MIME type or 2 the Status comment field of an appointment...

3.5CVSS5.6AI score0.00767EPSS
Exploits0References1Affected Software1
Atlassian
Atlassian
added 2012/02/06 8:21 p.m.33 views

Comment field on GH cards do not respect the comment visibility.

If you add the Comment field on any Issue Views on GH the field shows the latest comment but it doesn't inherit the comment visibility from Jira. This misbehaviour happens on Planning board and Task board with any GH views Summaries, Cards and Lists. Steps to Reproduce: Add the comment field to a...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/02/06 8:21 p.m.36 views

Comment field on GH cards do not respect the comment visibility.

If you add the Comment field on any Issue Views on GH the field shows the latest comment but it doesn't inherit the comment visibility from Jira. This misbehaviour happens on Planning board and Task board with any GH views Summaries, Cards and Lists. Steps to Reproduce: Add the comment field to a...

0.5AI score
Exploits0
Prion
Prion
added 2010/04/26 7:30 p.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field...

2.1CVSS5.7AI score0.00991EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder