Lucene search
K

15795 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:27 a.m.8 views

CVE-2013-3375

Cross-site scripting XSS vulnerability in the portal page in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCue23798...

4.3CVSS5.8AI score0.00942EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:23 a.m.8 views

CVE-2013-5706

Multiple cross-site scripting XSS vulnerabilities in Coursemill Learning Management System LMS 6.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to error messages and 1 crafted event attributes or 2 greater than characters that are optional within a browser's...

4.3CVSS5.8AI score0.01141EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:22 a.m.8 views

CVE-2013-1778

Cross-site scripting XSS vulnerability in the Creative Theme 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons...

2.1CVSS5.4AI score0.00941EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:21 a.m.5 views

CVE-2013-1887

Multiple cross-site scripting XSS vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields...

2.1CVSS5.6AI score0.02046EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:20 a.m.4 views

CVE-2013-1760

The Bug Genie before 3.2.6 has Multiple XSS and HTML Injection Vulnerabilities...

6.1CVSS6.4AI score0.01149EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:38 a.m.7 views

CVE-2019-25148

The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.9.0.3 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrato...

6.1CVSS7.1AI score0.0075EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:32 a.m.7 views

CVE-2019-14758

An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed File Manager application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a file via email to the victim that will inject HTML into the File Manager application assuming the victim chooses to download th...

6.1CVSS7AI score0.00835EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:32 a.m.9 views

CVE-2019-14760

An issue was discovered in KaiOS 2.5. The pre-installed Recorder application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Recorder application. At a bare minimum, this allows an attacker to take control over the Recorder application's...

4.4CVSS6.9AI score0.00405EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:31 a.m.10 views

CVE-2019-14759

An issue was discovered in KaiOS 1.0, 2.5, and 2.5.1. The pre-installed Radio application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Radio application. At a bare minimum, this allows an attacker to take control over the Radio...

4.4CVSS6.9AI score0.00383EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:31 a.m.11 views

CVE-2019-14757

An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Contacts application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a vCard file to the victim that will inject HTML into the Contacts application assuming the victim chooses to import the file. At a...

6.1CVSS7AI score0.00835EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:25 a.m.9 views

CVE-2019-10349

A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins...

5.4CVSS5.6AI score0.03885EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:24 a.m.3 views

CVE-2019-10887

A reflected HTML injection vulnerability on Salicru SLC-20-cube35 devices running firmware version cs121-SNMP v4.54.82.130611 allows remote attackers to inject arbitrary HTML elements via a /DataLog.csv?log= or /AlarmLog.csv?log= or /waitlog.cgi?name= or /chart.shtml?data= or /createlog.cgi?name=...

6.1CVSS7.2AI score0.05817EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:9 a.m.13 views

CVE-2019-19134

The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index.php p parameter because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to inject HTML or arbitrary JavaScript within the browser of ...

6.1CVSS5.8AI score0.05651EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:6 a.m.8 views

CVE-2019-13068

public/app/features/panel/panelctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links via the Title or url field...

5.4CVSS7AI score0.51915EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:56 a.m.6 views

CVE-2011-5080

Cross-site scripting XSS vulnerability in lib/class.txjftcaformstceFunc.php in the Additional TCA Forms jftcaforms extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.01148EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:52 a.m.6 views

CVE-2011-1339

Cross-site scripting XSS vulnerability in Google Search Appliance before 5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.9AI score0.00489EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:37 a.m.7 views

CVE-2015-5519

Cross-site scripting XSS vulnerability in the applyConvolution demo in WideImage 11.02.19 allows remote attackers to inject arbitrary web script or HTML via the matrix parameter to demo/index.php...

4.3CVSS5.9AI score0.0221EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:24 a.m.7 views

CVE-2015-8755

Multiple cross-site scripting XSS vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors...

5.4CVSS5.6AI score0.01141EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:17 a.m.5 views

CVE-2019-25075

HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request...

6.1CVSS6.8AI score0.00616EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:59 a.m.5 views

CVE-2019-13588

A cross-site scripting XSS vulnerability in getPagingStart in core/lists/PAGING.php in WIKINDX before 5.8.2 allows remote attackers to inject arbitrary web script or HTML via the PagingStart parameter...

6.1CVSS5.7AI score0.0104EPSS
Exploits0References1
Rows per page
Query Builder