Lucene search
K

457 matches found

Huntr
Huntr
added 2022/11/03 8:16 p.m.20 views

XSS Stored inside help links onevent attribute

📜 Description Cross-site scripting XSS is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. The persistent or stored XSS vulnerability is a more devastating variant of a...

0.1AI score
Exploits0References1
Huntr
Huntr
added 2022/11/01 4:36 p.m.12 views

XSS Stored inside website title

📜 Description Cross-site scripting XSS is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. The persistent or stored XSS vulnerability is a more devastating variant of a...

0.7AI score
Exploits0References1
Hacker One
Hacker One
added 2022/08/29 8:28 a.m.42 views

TikTok: XSS at TikTok Ads Endpoint

Vulnerability description not provided...

7.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/07/25 6:15 a.m.3 views

CVE-2022-36446

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command...

9.8CVSS8.7AI score0.96049EPSS
Exploits8References9
NVD
NVD
added 2022/07/25 6:15 a.m.19 views

CVE-2022-36446

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command...

9.8CVSS0.96049EPSS
Exploits8References6
OSV
OSV
added 2022/07/25 6:15 a.m.30 views

CVE-2022-36446

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command...

9.8CVSS6.5AI score
Exploits0References6
Prion
Prion
added 2022/07/25 6:15 a.m.24 views

Command injection

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command...

7.5CVSS9.3AI score0.96049EPSS
Exploits8References6Affected Software1
Cvelist
Cvelist
added 2022/07/25 5:56 a.m.30 views

CVE-2022-36446

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command...

9.6AI score0.96049EPSS
Exploits8References6
CVE
CVE
added 2022/07/25 5:56 a.m.333 views

CVE-2022-36446

CVE-2022-36446 : Webmin versions before 1.997 are vulnerable to an authenticated remote code execution via software/apt-lib.pl which fails to HTML-escape a UI command, enabling an OS command injection when updating packages. Exploitation requires access to the Software Package Updates module and ...

9.8CVSS9.2AI score0.96049EPSS
Exploits8References6Affected Software1
CNNVD
CNNVD
added 2022/07/25 12:0 a.m.4 views

Webmin 安全漏洞

Webmin is a set of Web-based system administration tools for Unix-like operating systems from the Webmin community. A security vulnerability exists in versions of Webmin prior to 1.997, which stems from the lack of HTML escaping of UI commands in its software/apt-lib.pl component...

9.8CVSS8.3AI score0.96049EPSS
Exploits8References12
OSV
OSV
added 2022/06/30 6:15 p.m.3 views

CVE-2022-34786

Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...

5.4CVSS5.7AI score0.00567EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/06/23 5:15 p.m.2 views

CVE-2022-34173

In Jenkins 2.340 through 2.355 both inclusive the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

5.4CVSS6.2AI score0.01351EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/05/24 5:29 p.m.3 views

GHSA-H8QX-MJ6V-2934 MediaWiki Cross-site Scripting (XSS) vulnerability

An issue was discovered in MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3. The non-jqueryMsg version of mw.message.parse doesn't escape HTML. This affects both message contents which are generally safe and the parameters which can be based on user input. When jqueryMsg is loaded,...

6.1CVSS6.7AI score0.01089EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2022/05/21 12:15 a.m.57 views

CVE-2019-15618

Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location...

8.1CVSS0.9AI score0.01924EPSS
Exploits5References1
Github Security Blog
Github Security Blog
added 2022/05/14 3:35 a.m.25 views

Drupal cross-site scripting vulnerability

Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain JavaScript function which is used to escape potentially dangerous text before outputting it to HTML as JavaScript output does not typically go through Twig autoescaping. This function does not correctly...

6.1CVSS5.8AI score0.01705EPSS
Exploits0References8Affected Software2
Github Security Blog
Github Security Blog
added 2022/05/14 3:3 a.m.20 views

xapian-core Cross-site Scripting vulnerability

A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet...

6.1CVSS1.2AI score0.01452EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/14 3:3 a.m.17 views

GHSA-7QW4-W7HF-22Q3 xapian-core Cross-site Scripting vulnerability

A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet...

6.1CVSS5.8AI score0.01452EPSS
Exploits0References5
RubySec
RubySec
added 2022/05/14 12:0 a.m.23 views

xapian-core Cross-site Scripting vulnerability

A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet...

6.1CVSS1.2AI score0.01452EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:32 a.m.13 views

statics-server Cross-site Scripting vulnerability

An XSS in statics-server element without escaping, which allows to embed HTML tag with src attribute points to another HTML file in the directory. This file can contain malicious JavaScript code, which will be executed: js // ./nodemodules/statics-server/index.js, line 18:...

6.1CVSS5.8AI score0.00922EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2022/04/26 7:3 a.m.41 views

Cross-Site Scripting (XSS)

Liferay Layout SEO Web is vulnerable to stored cross-site scripting. The vulnerability exists in getOpenGraphTag function in OpenGraphTopHeadDynamicInclude.java due to lack of html escaping which allows an attacker to inject and execute arbitrary javascript...

6.1CVSS1.4AI score0.00674EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder