Lucene search
K

62 matches found

OSV
OSV
added 2020/10/12 4:15 a.m.2 views

CVE-2020-14184

Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1...

5.4CVSS6.2AI score0.00944EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/10/12 3:15 a.m.34 views

CVE-2020-14184

Affected versions of Atlassian Jira Server allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in Jira issue filter export files. The affected versions are before 8.5.9, from version 8.6.0 before 8.12.3, and from version 8.13.0 before 8.13.1...

5.3AI score0.00944EPSS
Exploits0References1
NVD
NVD
added 2019/08/23 2:15 p.m.26 views

CVE-2019-8447

The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery CSRF vulnerability...

4.3CVSS4.7AI score0.00679EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/08/23 1:49 p.m.21 views

CVE-2019-8447

The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery CSRF vulnerability...

4.8AI score0.00679EPSS
Exploits0References1
CVE
CVE
added 2019/08/23 1:49 p.m.76 views

CVE-2019-8447

CVE-2019-8447 affects Atlassian Jira before 8.3.2, where the ServiceExecutor resource is vulnerable to CSRF, enabling remote attackers to trigger the creation of export files. The issue is noted in multiple sources (NVD entry; Jira RS-69776 ticket; Nessus summary for Jira

4.3CVSS4.8AI score0.00679EPSS
Exploits0References1Affected Software1
Atlassian
Atlassian
added 2019/08/09 3:20 a.m.29 views

CSRF in the ServiceExecutor resource - CVE-2019-8447

The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery CSRF vulnerability...

4.3CVSS5.2AI score0.00679EPSS
Exploits0
Atlassian
Atlassian
added 2019/08/09 3:20 a.m.46 views

CSRF in the ServiceExecutor resource - CVE-2019-8447

The ServiceExecutor resource in Jira before version 8.3.2 allows remote attackers to trigger the creation of export files via a Cross-site request forgery CSRF vulnerability...

4.3CVSS7AI score0.00679EPSS
Exploits0Affected Software1
CVE
CVE
added 2019/04/21 10:6 p.m.48 views

CVE-2019-11428

CVE-2019-11428 affects I, Librarian 4.10 and is exposed via XSS in the export.php export_files parameter. Root cause: improper handling of the export_files input leading to cross-site scripting. Impact and exploitability: not detailed beyond XSS; no in-the-wild exploit information provided. Remed...

6.1CVSS5.9AI score0.00869EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/04/21 12:0 a.m.6 views

PT-2019-12307

Name of the Vulnerable Software and Affected Versions I, Librarian version 4.10 Description The issue is related to a security problem where an attacker can execute malicious scripts. This is achieved through the export files parameter in the "export.php" API endpoint. Recommendations For I,...

6.1CVSS6.8AI score0.00869EPSS
Exploits1References4
OSV
OSV
added 2018/11/14 1:29 a.m.4 views

CVE-2018-8582

A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522,...

8.8CVSS6.4AI score0.18594EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/11/14 1:0 a.m.33 views

CVE-2018-8582

A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522,...

8.4AI score0.18594EPSS
Exploits0References3
Veracode
Veracode
added 2017/10/24 3:50 a.m.28 views

Unauthorized File Overwrite

Apache Derby is vulnerable to unauthorized file overwrites. The library accepts the file:// protocol in the url, allowing a malicious user to overwrite existing files when exporting files...

7.5CVSS7.2AI score0.03797EPSS
Exploits0References5Affected Software1
FreeBSD
FreeBSD
added 2017/08/10 12:0 a.m.30 views

GitLab -- two vulnerabilities

GitLab reports: Remote Command Execution in git client An external code review performed by Recurity-Labs identified a remote command execution vulnerability in git that could be exploited via the "Repo by URL" import option in GitLab. The command line git client was not properly escaping command...

8.8CVSS9.2AI score0.0354EPSS
Exploits1References1
OSV
OSV
added 2017/04/14 2:59 p.m.6 views

CVE-2017-7217

The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters...

4.3CVSS5.8AI score0.01065EPSS
Exploits0References3
NVD
NVD
added 2017/04/14 2:59 p.m.18 views

CVE-2017-7217

The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters...

4.3CVSS4.8AI score0.01065EPSS
Exploits0References3
Prion
Prion
added 2017/04/14 2:59 p.m.24 views

Code injection

The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters...

4CVSS4.7AI score0.01065EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/04/14 2:0 p.m.22 views

CVE-2017-7217

The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters...

5.1AI score0.01065EPSS
Exploits0References3
CVE
CVE
added 2017/04/14 2:0 p.m.75 views

CVE-2017-7217

CVE-2017-7217 affects Palo Alto Networks PAN-OS: a flaw in the Management Web Interface allows an authenticated, remote attacker to write arbitrary data to temporary/export files due to improper validation of certain request parameters. This vulnerability impacts PAN-OS 7.0.x up to 7.0.13 and PAN...

4.3CVSS5AI score0.01065EPSS
Exploits0References3Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/04/10 5:30 p.m.513 views

Tampering of temporary export files in the Management Web Interface

A vulnerability exists in the Management Web Interface that could allow an attacker to tamper with export files. The Management Web Interface does not properly validate specific request parameters which can potentially allow arbitrary data to be written to export files. Ref PAN- 70436 /...

2.9AI score0.01065EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2017/04/10 5:30 p.m.7 views

Tampering of temporary export files in the Management Web Interface

A vulnerability exists in the Management Web Interface that could allow an attacker to tamper with export files. The Management Web Interface does not properly validate specific request parameters which can potentially allow arbitrary data to be written to export files. Ref PAN- 70436 /...

4.3CVSS6.9AI score0.01065EPSS
Exploits0References1
Rows per page
Query Builder