Lucene search
K

941 matches found

Prion
Prion
added 2023/02/01 8:15 p.m.18 views

Cross site scripting

Cross site scripting XSS vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component...

5.8CVSS6AI score0.83581EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.6 views

ZOHO ManageEngine ServiceDesk Plus 跨站脚本漏洞

ZOHO ManageEngine ServiceDesk Plus SDP is the United States ZhuoHao ZOHO company's set of ITIL-based architecture of IT service management software. The software integrates Incident Management, Problem Management, Asset Management IT Project Management, Procurement and Contract Management and oth...

6.1CVSS6AI score0.83581EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/01 12:0 a.m.6 views

CVE-2023-23074

Cross site scripting XSS vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component...

6.1AI score0.83581EPSS
Exploits0References2
Prion
Prion
added 2023/01/21 1:15 a.m.19 views

Design/Logic Flaw

Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file...

6.5CVSS9.1AI score0.01461EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/04 12:0 a.m.3 views

PT-2023-12688 · Ibm · Ibm Sterling B2B Integrator Standard Edition

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.1.2.1 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials...

5.4CVSS5.5AI score0.00365EPSS
Exploits0References4
Hacker One
Hacker One
added 2022/12/10 3:23 p.m.7 views

MTN Group: Reflected cross site scripting (XSS) attacks Reflected XSS attacks,

The vulnerability summary is as follows: Reflected XSS attacks occur when a malicious script was reflected off of a web application to the victim's browser. The vulnerability was typically a result of incoming requests not being sufficiently sanitized, which allowed for the manipulation of a web...

6.2AI score
Exploits0
CNNVD
CNNVD
added 2022/12/09 12:0 a.m.3 views

ZKTeco ZKBio Time 跨站脚本漏洞

ZKTeco ZKBio Time is a powerful web-based time and attendance management software from ZKTeco, China. A security vulnerability exists in ZKTeco ZKBio Time prior to version 3.1-164, which originates from a vulnerability that allows users to embed malicious code in the Web UI...

4.8CVSS5.3AI score0.00409EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/12/07 4:40 p.m.7 views

CVE-2022-41735 IBM Business Process Manager cross-site scripting

IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

5.4CVSS6.1AI score0.00385EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/12/07 12:0 a.m.6 views

The vulnerability of the OLE DB driver for SQL Server on the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the OLE DB driver for SQL Server on the Windows operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS8.2AI score0.01758EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/12/07 12:0 a.m.6 views

The vulnerability of the OLE DB driver for SQL Server on the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the OLE DB driver for SQL Server on the Windows operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS8.2AI score0.01758EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/12/07 12:0 a.m.4 views

The vulnerability of the OLE DB driver for SQL Server on the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the OLE DB driver for SQL Server on the Windows operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS8.2AI score0.01758EPSS
Exploits0References2
OSV
OSV
added 2022/11/10 12:0 p.m.50 views

RUSTSEC-2022-0076 Bug in Wasmtime implementation of pooling instance allocator

Bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mapping for WebAssembly memories did not meet the compiler-required configuration...

7.4CVSS6.4AI score0.00577EPSS
Exploits0References4
CVE
CVE
added 2022/11/10 7:30 a.m.73 views

CVE-2022-43754

CVE-2022-43754 describes an XSS vulnerability in spacewalk/Uyuni within the SUSE Manager Server ecosystem (SUSE Manager Server 4.2 and 4.3). The issue is caused by improper neutralization of input during web page generation, allowing remote attackers to embed Javascript via the path /rhn/audit/sc...

5.4CVSS4.7AI score0.00382EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2022/11/03 12:0 a.m.5 views

PT-2022-20207 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted sessio...

5.4CVSS5.3AI score0.00406EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/11/03 12:0 a.m.5 views

PT-2022-22937 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted sessio...

5.4CVSS5.3AI score0.00406EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/10/24 12:0 a.m.2 views

PT-2022-10051 · Seppmail · Seppmail

Name of the Vulnerable Software and Affected Versions: SEPPMail affected versions not specified Description: The issue arises from incorrect embedding of user input in the web page, leading to cross-site scripting vulnerabilities XSS. Recommendations: At the moment, there is no information about ...

6.1CVSS6.2AI score0.00423EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/10/11 7:15 p.m.1 views

CVE-2022-38031

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...

8.8CVSS7.5AI score0.01476EPSS
Exploits0References3Affected Software25
OSV
OSV
added 2022/10/11 7:15 p.m.2 views

CVE-2022-37982

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...

8.8CVSS5.9AI score0.01476EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/09/28 3:55 p.m.6 views

CVE-2022-35722

IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231381...

6.4CVSS5.2AI score0.00373EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2022/09/15 4:15 a.m.29 views

CVE-2022-40736

An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in AP4CttsAtom::Create in Core/Ap4CttsAtom.cpp...

6.5CVSS6.6AI score0.00592EPSS
Exploits1References2
Rows per page
Query Builder