Lucene search
K

1119288 matches found

Nuclei
Nuclei
added yesterday104 views

npm ansi_up v4 - Cross-Site Scripting

npm package ansiup v4 is vulnerable to cross-site scripting because ANSI escape codes can be used to create HTML hyperlinks. id: CVE-2021-3377 info: name: npm ansiup v4 - Cross-Site Scripting author: geeknik severity: medium description: npm package ansiup v4 is vulnerable to cross-site scripting...

6.1CVSS6.3AI score0.08EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday20 views

KodExplorer - Cross-Site Scripting

KodExplorer is susceptible to a reflected cross-site scripting XSS vulnerability in the file view functionality.The vulnerability exists in app/template/api/view.html where user-supplied input in the 'path' parameter is directly echoed without proper sanitization.This allows attackers to inject...

6.1CVSS6.4AI score0.00705EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday73 views

SysAid Technologies 20.3.64 b14 - Cross-Site Scripting

SysAid 20.3.64 b14 contains a cross-site scripting vulnerability via the /KeepAlive.jsp?stamp= URI. id: CVE-2021-30049 info: name: SysAid Technologies 20.3.64 b14 - Cross-Site Scripting author: daffainfo severity: medium description: SysAid 20.3.64 b14 contains a cross-site scripting vulnerabilit...

6.1CVSS6.4AI score0.0247EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday132 views

WordPress Jannah Theme <5.4.5 - Cross-Site Scripting

WordPress Jannah theme before 5.4.5 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the 'query' POST parameter in its tieajaxsearch AJAX action. id: CVE-2021-24407 info: name: WordPress Jannah Theme 5.4.5 - Cross-Site Scripting author: pikpikcu severity:...

6.1CVSS6.4AI score0.02697EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday72 views

WordPress WHMCS Bridge <6.4b - Cross-Site Scripting

WordPress WHMCS Bridge plugin before 6.4b contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the error parameter before outputting it back in the admin dashboard. id: CVE-2021-25112 info: name: WordPress WHMCS Bridge 6.4b - Cross-Site Scripting author:...

6.1CVSS6.4AI score0.02187EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday126 views

Advantech R-SeeNet - Cross-Site Scripting

Advantech R-SeeNet contains a cross-site scripting vulnerability in the devicegraphpage.php script via the deviceid parameter. A specially crafted URL by an attacker can lead to arbitrary JavaScript code execution. id: CVE-2021-21802 info: name: Advantech R-SeeNet - Cross-Site Scripting author:...

9.6CVSS6.9AI score0.63415EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday163 views

UpdraftPlus < 1.22.9 - Cross-Site Scripting

The plugin does not sanitise and escape the updraftinterval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting XSS vulnerability. id: CVE-2022-0864 info: name: UpdraftPlus 1.22.9 - Cross-Site Scripting author: DhiyaneshDk severity: medium description...

6.1CVSS6.4AI score0.07355EPSS
Exploits4References4
Nuclei
Nuclei
added yesterday58 views

WordPress Embed Swagger <=1.0.0 - Cross-Site Scripting

WordPress Embed Swagger plugin 1.0.0 and prior contains a reflected cross-site scripting vulnerability due to insufficient escaping/sanitization and validation via the url parameter found in the /swagger-iframe.php file, which allows attackers to inject arbitrary web scripts onto the page. id:...

6.1CVSS6.4AI score0.03865EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday73 views

WebTareas 2.4p5 - Cross-Site Scripting

webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. id: CVE-2022-44957 info: name: WebTareas...

5.4CVSS6.3AI score0.01037EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday63 views

Kae's File Manager <=1.4.7 - Cross-Site Scripting

Kae's File Manager through 1.4.7 contains a cross-site scripting vulnerability via a crafted GET request to /kfm/index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.5AI score0.01346EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday34 views

WordPress RSS Aggregator < 4.20 - Authenticated Cross-Site Scripting

WordPress RSS Aggregator 4.20 is susceptible to cross-site scripting. The plugin does not sanitize and escape the id parameter in the wprssfetchitemsrowaction AJAX action before outputting it back in the response, leading to reflected cross-site scripting. id: CVE-2022-0189 info: name: WordPress...

6.1CVSS5.9AI score0.02228EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday60 views

Jeedom <=4.0.38 - Cross-Site Scripting

Jeedom through 4.0.38 contains a cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. id: CVE-2020-9036 info: name: Jeedom =4.0.38 - Cross-Site Scripting author: pikpikcu severity: medium...

6.1CVSS6.6AI score0.03587EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday44 views

PacsOne Server <7.1.1 - Cross-Site Scripting

PacsOne Server PACS Server In One Box below 7.1.1 is vulnerable to cross-site scripting. id: CVE-2020-29164 info: name: PacsOne Server 7.1.1 - Cross-Site Scripting author: geeknik severity: medium description: PacsOne Server PACS Server In One Box below 7.1.1 is vulnerable to cross-site scripting...

6.1CVSS6.1AI score0.05355EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday84 views

Jeesns 1.4.2 - Cross-Site Scripting

Jeesns 1.4.2 is vulnerable to reflected cross-site scripting in the /weibo/topic component and allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field. id: CVE-2020-19295 info: name: Jeesns 1.4.2 - Cross-Site Scripting author:...

6.1CVSS6.6AI score0.03509EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday77 views

Rukovoditel <= 2.7.2 - Cross Site Scripting

A stored cross site scripting XSS vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. id: CVE-2020-35986 info: name: Rukovoditel = 2.7.2 - Cross Sit...

5.4CVSS6.1AI score0.01109EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday41 views

PHPGurukul Hospital Management System - Cross-Site Scripting

PHPGurukul Hospital Management System in PHP 4.0 contains multiple cross-site scripting vulnerabilities. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. id: CVE-2020-5191 info: name: PHPGurukul Hospital Management System -...

6.1CVSS6.6AI score0.0552EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday67 views

Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting

Wordpress EventON Calendar 3.0.5 is vulnerable to cross-site scripting because it allows addons/?q= XSS via the search field. id: CVE-2020-29395 info: name: Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting author: daffainfo severity: medium description: Wordpress EventON Calendar 3.0.5 is...

6.1CVSS6.3AI score0.11696EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday53 views

Revive Adserver <=5.0.3 - Cross-Site Scripting

Revive Adserver 5.0.3 and prior contains a reflected cross-site scripting vulnerability in the publicly accessible afr.php delivery script. In older versions, it is possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php...

6.1CVSS6.6AI score0.07055EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday65 views

D-Link DIR-816L 2.x - Cross-Site Scripting

D-Link DIR-816L devices 2.x before 1.10b04Beta02 contains a cross-site scripting vulnerability. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter before being printed on the webpage. An attacker can inject arbitrary script in the browser of an unsuspecting us...

6.1CVSS6.6AI score0.02835EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday53 views

Nova Lite < 1.3.9 - Cross-Site Scripting

Nova Lite before 1.3.9 for WordPress is susceptible to reflected cross-site scripting via search.php. id: CVE-2020-17362 info: name: Nova Lite 1.3.9 - Cross-Site Scripting author: daffainfo severity: medium description: Nova Lite before 1.3.9 for WordPress is susceptible to reflected cross-site...

6.1CVSS6.4AI score0.02873EPSS
Exploits1References4
Rows per page
Query Builder