Lucene search
K

457 matches found

Cvelist
Cvelist
added 2024/04/15 10:16 p.m.13 views

CVE-2024-27794

Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. The vulnerability was resolved in FileMaker Server 20.3.2 by escaping the HTML contents of the login...

6AI score0.00308EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/15 10:16 p.m.11 views

CVE-2024-27794

Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. The vulnerability was resolved in FileMaker Server 20.3.2 by escaping the HTML contents of the login...

6.2AI score0.00308EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/04/15 12:0 a.m.46 views

XWiki 3.0.1 < 14.10.19, 15.0-rc-1 < 15.5.4, 15.6-rc-1 < 15.9 RCE Vulnerability (GHSA-hf43-47q4-fhq5)

Xwiki is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

10CVSS7.8AI score0.02104EPSS
Exploits1References1
NVD
NVD
added 2024/04/10 9:15 p.m.26 views

CVE-2024-31996

XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn't escape , which, when used in certain places, allows XWiki syntax injection and thereby remote code execution...

10CVSS9.8AI score0.02104EPSS
Exploits1References6
Cvelist
Cvelist
added 2024/04/10 8:46 p.m.41 views

CVE-2024-31996 XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution

XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn't escape , which, when used in certain places, allows XWiki syntax injection and thereby remote code execution...

10CVSS10AI score0.02104EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2024/04/10 8:46 p.m.16 views

CVE-2024-31996 XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution

XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn't escape , which, when used in certain places, allows XWiki syntax injection and thereby remote code execution...

10CVSS7.5AI score0.02104EPSS
Exploits1References6
CVE
CVE
added 2024/04/10 8:46 p.m.100 views

CVE-2024-31996

CVE-2024-31996 affects XWiki Platform (XWiki Commons). The issue is improper escaping in the HTML escapetool used by XWiki, which fails to escape the “{” character, enabling syntax injection and remote code execution. Affected versions start at 3.0.1 and extend up to 4.10.19, 15.5.4, and 15.10-rc...

10CVSS7.4AI score0.02104EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2024/04/10 8:46 p.m.40 views

CVE-2024-31996 XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution

XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn't escape , which, when used in certain places, allows XWiki syntax injection and thereby remote code execution...

10CVSS8.9AI score0.02104EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2024/04/10 5:16 p.m.35 views

XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution

Impact The HTML escaping of escaping tool that is used in XWiki doesn't escape , which, when used in certain places, allows XWiki syntax injection and thereby remote code execution. To reproduce in an XWiki installation, open...

10CVSS7.7AI score0.02104EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2024/03/06 10:54 a.m.20 views

BIT-JASPERREPORTS-2022-41562

The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS...

8.4CVSS8AI score0.00718EPSS
Exploits0References2
Prion
Prion
added 2024/01/30 6:15 p.m.24 views

Design/Logic Flaw

urql is a GraphQL client that exposes a set of helpers for several frameworks. The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses non-RSC. This vulnerability is...

5.8CVSS6.9AI score0.00355EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/30 12:0 a.m.6 views

PT-2024-20447 · Npm · @Urql/Next

Name of the Vulnerable Software and Affected Versions: @urql/next versions prior to 1.1.1 Description: The @urql/next package is vulnerable to XSS due to improper escaping of html-like characters in the response-stream. To exploit this, an attacker would need to ensure that the response returns...

7.2CVSS6.1AI score0.00355EPSS
Exploits0References9
Veracode
Veracode
added 2023/12/19 5:53 a.m.17 views

Cross Site Scripting (XSS)

resque is vulnerable to Reflected Cross Site Scripting XSS. The vulnerability is caused due to not sanitizing and escaping HTML while displaying failed queue lists related web pages of the resque-web component. An attacker can make a user click on a malicious link leading to Reflected XSS when th...

6.3CVSS5.6AI score0.00526EPSS
Exploits0References5Affected Software1
Hacker One
Hacker One
added 2023/11/14 9:50 a.m.26 views

TikTok: RXSS via region parameter

A cross-site scripting vulnerability was discovered in a TikTok endpoint. User-supplied data in the 'region' parameter was reflected without appropriate escaping, allowing JavaScript injection...

6.7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/09/07 2:34 a.m.2 views

SUSE CVE-2023-39514

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability which allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti...

5.4CVSS5.6AI score0.00742EPSS
Exploits1References4
NVD
NVD
added 2023/09/05 9:15 p.m.22 views

CVE-2023-39514

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability which allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti...

6.1CVSS7.1AI score0.00742EPSS
Exploits1References5
OSV
OSV
added 2023/09/05 9:9 p.m.27 views

CVE-2023-39516 Stored Cross-Site-Scripting on data_sources.php debug html-block in Cacti

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability which allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti...

6.1CVSS6.5AI score0.00702EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2023/09/05 12:0 a.m.3 views

PT-2023-5426 · Cacti +1 · Cacti +1

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.25 Description: The issue is related to a Stored Cross-Site-Scripting XSS vulnerability in Cacti, an open source operational monitoring and fault management framework. This vulnerability allows an authenticated use...

9.8CVSS5.8AI score0.99826EPSS
Exploits138References222
OSV
OSV
added 2023/07/10 4:15 p.m.3 views

CVE-2023-1119

The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin before 2.4.1 use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability...

6.1CVSS7.2AI score0.01099EPSS
Exploits2References1
Veracode
Veracode
added 2023/06/18 6:57 a.m.14 views

Cross-site Scripting (XSS)

jstachio is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the HtmlEscaper.java does not properly escape single quotes ' in HTML, which allows an attacker to inject and execute malicious javascript in the context of other users visiting pages that use this template engin...

6.1CVSS6.5AI score0.00579EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder