Lucene search
+L

154 matches found

CNNVD
CNNVD
added 2023/06/23 12:0 a.m.34 views

XWiki Platform 跨站脚本漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A cross-site scripting vulnerability exists in xwiki-platform-web versions 2.2.1 through 14.4.8, xwiki-platform-web-templates versions prior to 14.4.8, 14.5 through 14.10.5...

9CVSS5.3AI score0.00714EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/06/14 12:0 a.m.7 views

PT-2023-5495 · Unknown · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a...

7.8CVSS7.4AI score0.00406EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2023/05/29 12:0 a.m.8 views

The vulnerability of the PDF document viewing program Foxit PDF Reader (formerly Foxit Reader) and the PDF file editing program Foxit PDF Editor (formerly Foxit PhantomPDF) lies in the use of dangerous methods or functions, allowing a perpetrator to execute arbitrary code.

The vulnerability of the PDF document viewing program Foxit PDF Reader formerly Foxit Reader and the PDF file editing program Foxit PDF Editor formerly Foxit PhantomPDF is related to the use of dangerous methods or functions. Exploiting this vulnerability can allow an attacker to execute arbitrar...

7.8CVSS7.6AI score0.00538EPSS
Exploits0References5Affected Software2
CNNVD
CNNVD
added 2023/03/29 12:0 a.m.7 views

PDF-XChange Editor 缓冲区错误漏洞

Tracker Software PDF-XChange Editor is a suite of software for viewing and editing documents in PDF format from Tracker Software, a Canadian company. A buffer error vulnerability exists in PDF-XChange Editor, which is caused by a buffer overflow problem in the handling of Doc objects...

5.5CVSS5.3AI score0.0073EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/03/15 12:0 a.m.6 views

The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, and Adobe Acrobat 2020/Adobe Acrobat Reader 2020 involve reading data beyond the buffer in memory, allowing attackers to gain unauthorized access to protected information.

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2020, and Adobe Acrobat Reader 2020 are related to reading data beyond the buffer in memory. Exploiting these vulnerabilities can allow attackers to gai...

5.5CVSS5.8AI score0.00528EPSS
Exploits0References2Affected Software4
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.4 views

PDF-XChange Editor 缓冲区错误漏洞

Tracker Software PDF-XChange Editor is a suite of software for viewing and editing PDF format files from Tracker Software, a Canadian company. A security vulnerability exists in PDF-XChange Editor that originates from a problem with the parsing of certain PDF files...

5.5CVSS5.3AI score0.00341EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.6 views

PDF-XChange Editor 缓冲区错误漏洞

Tracker Software PDF-XChange Editor is a suite of software for viewing and editing PDF format files from Tracker Software, a Canadian company. A buffer error vulnerability exists in PDF-XChange Editor that stems from problems parsing certain PDF files...

7.8CVSS7.5AI score0.00377EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.4 views

Tracker Software PDF-XChange Editor 缓冲区错误漏洞

Tracker Software PDF-XChange Editor is a suite of software for viewing and editing PDF format files from Tracker Software, a Canadian company. A security vulnerability exists in Tracker Software PDF-XChange Editor that stems from a problem with the parsing of certain U3D files...

7.8CVSS7.2AI score0.00386EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.7 views

PDF-XChange Editor 缓冲区错误漏洞

Tracker Software PDF-XChange Editor is a suite of software for viewing and editing PDF format files from Tracker Software, a Canadian company. A buffer error vulnerability exists in PDF-XChange Editor that stems from problems parsing certain JP2 files...

5.5CVSS5.6AI score0.00332EPSS
Exploits0References3
NVD
NVD
added 2023/01/23 3:15 p.m.26 views

CVE-2021-43446

ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting XSS. The "macros" feature of the document editor allows malicious cross site scripting payloads to be used...

6.1CVSS6AI score0.00824EPSS
Exploits1References3
OSV
OSV
added 2023/01/23 3:15 p.m.24 views

CVE-2021-43449

ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery SSRF. The document editor service can be abused to read and serve arbitrary URLs as a document...

8.1CVSS8AI score
Exploits0References3
NVD
NVD
added 2023/01/23 3:15 p.m.18 views

CVE-2021-43447

ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An authentication bypass in the document editor allows attackers to edit documents without authentication...

7.5CVSS7.7AI score0.01254EPSS
Exploits1References3
OSV
OSV
added 2023/01/23 3:15 p.m.12 views

CVE-2021-43446

ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting XSS. The "macros" feature of the document editor allows malicious cross site scripting payloads to be used...

6.1CVSS6AI score
Exploits0References3
Prion
Prion
added 2023/01/23 3:15 p.m.29 views

Cross site scripting

ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting XSS. The "macros" feature of the document editor allows malicious cross site scripting payloads to be used...

5.8CVSS5.9AI score0.00824EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/01/23 3:15 p.m.27 views

Server side request forgery (ssrf)

ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery SSRF. The document editor service can be abused to read and serve arbitrary URLs as a document...

5.8CVSS7.9AI score0.01249EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/01/23 3:15 p.m.20 views

Authentication flaw

ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An authentication bypass in the document editor allows attackers to edit documents without authentication...

5CVSS7.7AI score0.01254EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2023/01/23 12:0 a.m.5 views

ONLYOFFICE 跨站脚本漏洞

Ascensio System ONLYOFFICE is an office software from Ascensio System, Latvia. A security vulnerability exists in all versions of ONLYOFFICE prior to 2021-11-08 that stems from vulnerability to cross-site scripting XSS attacks. The "macros" feature of the document editor allows the use of malicio...

6.1CVSS5.8AI score0.00824EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/01/23 12:0 a.m.17 views

CVE-2021-43449

ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery SSRF. The document editor service can be abused to read and serve arbitrary URLs as a document...

8.2AI score0.01249EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/01/23 12:0 a.m.32 views

CVE-2021-43445

ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service of the ONLYOFFICE document editor which is protected by JWT auth by using a default JWT signing key...

9.6AI score0.01707EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/01/23 12:0 a.m.6 views

PT-2023-12450 · Unknown · Onlyoffice

Name of the Vulnerable Software and Affected Versions: ONLYOFFICE versions prior to the version released after 2021-11-08 Description: The issue concerns a Cross Site Scripting XSS problem. The "macros" feature of the document editor in ONLYOFFICE allows malicious cross site scripting payloads to...

6.1CVSS5.8AI score0.00824EPSS
Exploits1References14
Rows per page
Query Builder