Lucene search
K

172 matches found

Prion
Prion
added 2023/04/24 5:15 p.m.26 views

Input validation

An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exploit this,...

4.9CVSS5.4AI score0.00371EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/04/24 5:15 p.m.25 views

Input validation

An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult t...

6.5CVSS8.7AI score0.0059EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/04/24 12:0 a.m.30 views

CVE-2023-26061

An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exploit this,...

6.8CVSS6.7AI score0.00371EPSS
Exploits0References2
OSV
OSV
added 2023/04/05 9:30 p.m.45 views

GHSA-776F-QX25-Q3CC xml2js is vulnerable to prototype pollution

xml2js versions before 0.5.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

5.3CVSS5.3AI score0.01404EPSS
Exploits1References6
NVD
NVD
added 2023/04/05 8:15 p.m.12 views

CVE-2023-0842

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

5.3CVSS5.4AI score0.01404EPSS
Exploits1References4
OSV
OSV
added 2023/04/05 8:15 p.m.2 views

UBUNTU-CVE-2023-0842

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

5.3CVSS7.1AI score0.01404EPSS
Exploits1References5
Prion
Prion
added 2023/04/05 8:15 p.m.13 views

Code injection

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

5CVSS5.3AI score0.01404EPSS
Exploits1References2Affected Software1
UbuntuCve
UbuntuCve
added 2023/04/05 8:15 p.m.66 views

CVE-2023-0842

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

5.3CVSS6.8AI score0.01404EPSS
Exploits1References4
OSV
OSV
added 2023/04/05 12:0 a.m.3 views

CVE-2023-0842 xml2js 0.4.23 - Prototype Pollution

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

5.3CVSS6.5AI score0.01404EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2023/04/05 12:0 a.m.4 views

CVE-2023-0842 xml2js 0.4.23 - Prototype Pollution

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

6.3AI score0.01404EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/04/05 12:0 a.m.13 views

CVE-2023-0842 xml2js 0.4.23 - Prototype Pollution

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited...

5.4AI score0.01404EPSS
Exploits1References4
NVD
NVD
added 2023/04/04 11:15 p.m.19 views

CVE-2023-0738

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

6.1CVSS6.2AI score0.00486EPSS
Exploits1References2
OSV
OSV
added 2023/04/04 11:15 p.m.10 views

CVE-2023-0738

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

6.1CVSS7AI score
Exploits0References2
Prion
Prion
added 2023/04/04 11:15 p.m.33 views

Xxe

markdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the Markdown content entered by the user...

5.8CVSS8AI score0.00597EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/04/04 11:15 p.m.14 views

Design/Logic Flaw

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

5.8CVSS6.2AI score0.00486EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/04/04 12:0 a.m.37 views

CVE-2023-0835 markdown-pdf 11.0.0 - Local File Read via Server Side XSS

markdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the Markdown content entered by the user...

8.3AI score0.00597EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/04/04 12:0 a.m.20 views

CVE-2023-0738

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

6.4AI score0.00486EPSS
Exploits1References2
CVE
CVE
added 2023/04/04 12:0 a.m.57 views

CVE-2023-0486

CVE-2023-0486 affects VitalPBX version 3.2.3-8, where an unauthenticated attacker can obtain the instance administrator account via a malicious link due to a cross-site scripting (XSS) flaw. The connected documents consistently identify the same vulnerability and affected version; no official pat...

6.1CVSS6.1AI score0.00432EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/04 12:0 a.m.6 views

CVE-2023-0738

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

6.8AI score0.00486EPSS
Exploits1References2
OSV
OSV
added 2023/02/09 4:15 p.m.14 views

CVE-2023-0624

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

6.1CVSS6.8AI score0.00486EPSS
Exploits1References2
Rows per page
Query Builder