Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

76 matches found

Prion
Prionadded 2021/10/14 8:15 p.m.17 views

Privilege escalation

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

6CVSS7.1AI score0.02474EPSS
Exploits1References1Affected Software1
OSV
OSVadded 2021/10/14 8:15 p.m.1 views

UBUNTU-CVE-2021-38295

In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will b...

7.3CVSS5.8AI score0.02474EPSS
Exploits1References2
CVE
CVEadded 2021/10/14 7:55 p.m.87 views

CVE-2021-38295

CVE-2021-38295 affects Apache CouchDB before 3.1.2. A malicious user who can create documents can attach an HTML file; when an admin opens the attachment in a browser (e.g., Fauxton) the embedded JavaScript runs in the admin’s security context, enabling privilege escalation. Affected routes inclu...

7.3CVSS7.1AI score0.02474EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessusadded 2021/10/13 12:0 a.m.23 views

FreeBSD : couchdb -- user privilege escalation (a7dd4c2d-77e4-46de-81a2-c453c317f9de)

Cory Sabol reports : A malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will...

6.8CVSS6.2AI score0.01187EPSS
Exploits0References3
FreeBSD
FreeBSDadded 2021/08/09 12:0 a.m.17 views

couchdb -- user privilege escalation

Cory Sabol reports: A malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will ...

6.8CVSS1AI score0.01187EPSS
Exploits0References1
Prion
Prionadded 2018/11/12 5:29 p.m.14 views

Design/Logic Flaw

steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of , as demonstrated by an onload attribute in a BODY element, within an HTML attachment...

4.3CVSS5.8AI score0.60162EPSS
Exploits0References3Affected Software2
UbuntuCve
UbuntuCveadded 2018/11/12 5:29 p.m.18 views

CVE-2018-19206

steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of , as demonstrated by an onload attribute in a BODY element, within an HTML attachment...

6.1CVSS6.7AI score0.60162EPSS
Exploits0References7
NVD
NVDadded 2018/11/12 5:29 p.m.10 views

CVE-2018-19206

steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of , as demonstrated by an onload attribute in a BODY element, within an HTML attachment...

6.1CVSS5.9AI score0.60162EPSS
Exploits0References3
OSV
OSVadded 2018/11/12 5:29 p.m.0 views

UBUNTU-CVE-2018-19206

steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of , as demonstrated by an onload attribute in a BODY element, within an HTML attachment...

6.1CVSS6.7AI score0.60162EPSS
Exploits0References8
OSV
OSVadded 2018/11/12 5:29 p.m.13 views

CVE-2018-19206

steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of , as demonstrated by an onload attribute in a BODY element, within an HTML attachment...

6.1CVSS5.5AI score
Exploits0References3
CVE
CVEadded 2018/11/12 5:0 p.m.102 views

CVE-2018-19206

CVE-2018-19206 affects Roundcube Webmail: a cross‑site scripting vulnerability in how HTML attachments are parsed, via crafted content that can execute when an onload attribute is used in a BODY tag. Affected are Roundcube versions before 1.3.8 (and, per Debian advisories, prior patches and rela...

6.1CVSS5.7AI score0.60162EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2018/11/12 5:0 p.m.19 views

CVE-2018-19206

steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of , as demonstrated by an onload attribute in a BODY element, within an HTML attachment...

5.8AI score0.60162EPSS
Exploits0References3
Debian CVE
Debian CVEadded 2018/11/12 5:0 p.m.29 views

CVE-2018-19206

steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of , as demonstrated by an onload attribute in a BODY element, within an HTML attachment...

6.1CVSS5.9AI score0.60162EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 2018/11/03 12:0 a.m.2 views

PT-2018-14862

Name of the Vulnerable Software and Affected Versions Roundcube versions prior to 1.3.8 ALT Linux affected versions not specified Description The issue allows for XSS via crafted use of , as demonstrated by an onload attribute in a BODY element, within an HTML attachment. This can lead to potenti...

8.8CVSS6.8AI score0.60162EPSS
Exploits6References25
exploitpack
exploitpackadded 2017/10/28 12:0 a.m.56 views

PHPMyFAQ 2.9.8 - Cross-Site Scripting (3)

PHPMyFAQ 2.9.8 - Cross-Site Scripting 3 Exploit Title: phpMyFAQ 2.9.8 Stored XSS Vulnerability Date: 28-9-2017 Exploit Author: Nikhil Mittal Payatu Labs Vendor Homepage: http://www.phpmyfaq.de/ Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip Version: 2.9.8 Tested on: MAC OS CVE :...

6.8AI score
Exploits0
Exploit DB
Exploit DBadded 2017/10/28 12:0 a.m.30 views

PHPMyFAQ 2.9.8 - Cross-Site Scripting (3)

Exploit Title: phpMyFAQ 2.9.8 Stored XSS Vulnerability Date: 28-9-2017 Exploit Author: Nikhil Mittal Payatu Labs Vendor Homepage: http://www.phpmyfaq.de/ Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip Version: 2.9.8 Tested on: MAC OS CVE : 2017-15727 1. Description In phpMyFAQ befo...

7.4AI score
Exploits0
CNVD
CNVDadded 2017/10/23 12:0 a.m.3 views

phpMyFAQ cross-site scripting vulnerability (CNVD-2017-33504)

phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A cross-site scripting vulnerability exists in...

5.4CVSS5.5AI score0.01798EPSS
Exploits1References1
Prion
Prionadded 2017/10/22 6:29 p.m.12 views

Cross site scripting

In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting XSS via an HTML attachment...

3.5CVSS5.3AI score0.01798EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2017/10/22 6:29 p.m.19 views

CVE-2017-15727

In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting XSS via an HTML attachment...

5.4CVSS6AI score
Exploits0References2
NVD
NVDadded 2017/10/22 6:29 p.m.19 views

CVE-2017-15727

In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting XSS via an HTML attachment...

5.4CVSS5.3AI score0.01798EPSS
Exploits1References2
Rows per page
Query Builder