Lucene search
+L

35 matches found

Cvelist
Cvelist
added 2025/03/31 9:52 p.m.13 views

CVE-2025-31695 Link field display mode formatter - Moderately critical - Cross site scripting - SA-CONTRIB-2025-024

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Link field display mode formatter allows Cross-Site Scripting XSS.This issue affects Link field display mode formatter: from 0.0.0 before 1.6.0...

0.00242EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/03/31 12:0 a.m.3 views

PT-2025-13866 · Unknown · Rapidoc Oas Field Formatter

Name of the Vulnerable Software and Affected Versions: RapiDoc OAS Field Formatter versions 0.0.0 through 1.0.0 Description: The issue affects the RapiDoc OAS Field Formatter, allowing Cross-Site Scripting XSS due to improper neutralization of input during web page generation. Recommendations: Fo...

6.1CVSS5.6AI score0.00242EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/03/31 12:0 a.m.6 views

Drupal RapiDoc OAS Field Formatter 跨站脚本漏洞

Drupal RapiDoc OAS Field Formatter is a Drupal community field formatter for Drupal. A cross-site scripting vulnerability exists in Drupal RapiDoc OAS Field Formatter versions prior to 1.0.1, which stems from improper input neutralization and could lead to a cross-site scripting attack...

6.1CVSS5.8AI score0.00242EPSS
Exploits0References3
OSV
OSV
added 2025/03/19 6:53 p.m.8 views

DRUPAL-CONTRIB-2025-025

This module can be used to render Open API Documentation using the RapiDoc library. The module provides a custom formatter for link fields. Drupal core does not sufficiently sanitize link element attributes, which can lead to a Cross Site Scripting vulnerability XSS. A separate fix for Drupal cor...

6.1CVSS6.3AI score0.00242EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/19 12:0 a.m.5 views

Drupal RapiDoc OAS Field Formatter module < 1.0.1 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS vulnerability discovered by Joseph Zhao pandaski in WordPress Module RapiDoc OAS Field Formatter versions 1.0.1...

6.1CVSS5.8AI score0.00242EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:33 a.m.3 views

SUSE CVE-2018-3830

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting XSS vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users...

6.1CVSS8.3AI score0.01872EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2018/11/20 3:11 a.m.4 views

kibana: Cross-site scripting via the source field formatter

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting XSS vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users...

6.1CVSS5.6AI score0.01872EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2018/09/24 8:49 p.m.28 views

CVE-2018-3830

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting XSS vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users...

8CVSS4.6AI score0.01872EPSS
Exploits0References2
NVD
NVD
added 2018/09/19 7:29 p.m.25 views

CVE-2018-3830

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting XSS vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users...

6.1CVSS6AI score0.01872EPSS
Exploits0References3
OSV
OSV
added 2018/09/19 7:29 p.m.24 views

CVE-2018-3830

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting XSS vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users...

6.1CVSS5.4AI score
Exploits0References3
CVE
CVE
added 2018/09/19 7:0 p.m.110 views

CVE-2018-3830

Kibana CVE-2018-3830 is a cross-site scripting (XSS) vulnerability in the source field formatter affecting Kibana versions 5.3.0 through 6.4.1. The issue allows an attacker to obtain sensitive information from or perform actions on behalf of other Kibana users. Remediation provided by the linked ...

6.1CVSS5.9AI score0.01872EPSS
Exploits0References3Affected Software1
Elastic
Elastic
added 2018/09/19 1:18 a.m.9 views

Elastic Stack 6.4.1 and 5.6.12 security update

Kibana XSS issue ESA-2018-14 Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting XSS vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. Affected Versions Versions afte...

8.8CVSS5.2AI score0.01985EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2018/09/19 12:0 a.m.4 views

PT-2018-16224 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana versions 5.3.0 through 6.4.1 Description: A cross-site scripting XSS issue was found in the source field formatter, allowing an attacker to obtain sensitive information or perform actions on behalf of other users. Recommendations: For...

6.1CVSS7.2AI score0.01872EPSS
Exploits0References6
Cvelist
Cvelist
added 2015/04/21 6:0 p.m.22 views

CVE-2015-3385

Cross-site scripting XSS vulnerability in the Taxonomy Path module before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the "Link to path" field formatter...

5.3AI score0.00965EPSS
Exploits0References4
Prion
Prion
added 2012/12/26 5:55 p.m.16 views

Code injection

The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to email the stored address via unspecified vectors...

2.6CVSS7AI score0.01162EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder