Lucene search
K

187 matches found

Tenable Nessus
Tenable Nessus
added 2008/06/30 12:0 a.m.49 views

Resin viewfile Servlet file Parameter XSS

The remote host is running Resin, an application server. The 'viewfile' Servlet included with the version of Resin installed on the remote host fails to sanitize user input to the 'file' parameter before including it in dynamic HTML output. An attacker may be able to leverage this issue to inject...

4.3CVSS5.8AI score0.02849EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2008/06/02 12:0 a.m.107 views

Xerox DocuShare dsweb Servlet Multiple XSS

The remote host is running DocuShare, a web-based document management application from Xerox. The version of DocuShare installed on the remote host fails to sanitize user input to the 'dsweb' servlet before including it in dynamic HTML output. An attacker may be able to leverage this issue to...

4.3CVSS5.6AI score0.04103EPSS
Exploits0References4
securityvulns
securityvulns
added 2008/02/26 12:0 a.m.118 views

Alkacon OpenCms tree_files.jsp resource XSS

Alkacon OpenCms treefiles.jsp resource XSS Product: Alkacon OpenCms http://www.opencms.org/ OpenCms contains a cross-site scripting vulnerability in the file tree navigation function. An invalid value supplied to parameter resource in page opencms/system/workplace/views/explorer/treefiles.jsp is...

0.2AI score
Exploits0
Fedora
Fedora
added 2007/11/13 12:5 a.m.54 views

[SECURITY] Fedora 7 Update: kdevelop-3.5.0-4.fc7

The KDevelop Integrated Development Environment provides many features that developers need as well as providing a unified interface to programs like gdb, the C/C++ compiler, and make. KDevelop manages or provides: All development tools needed for C++ programming like Compiler, Linker, automake a...

9.3CVSS2.3AI score0.0702EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2005/01/03 12:0 a.m.43 views

MySQL Eventum index.php email Parameter XSS

The MySQL Eventum install hosted on the remote web server is vulnerable to a cross-site scripting attack because it fails to sanitize user-supplied input to the 'email' parameter of the 'index.php' script before using it to generate dynamic HTML output. With a specially crafted URL, an attacker c...

5.6AI score
Exploits0References2
NVD
NVD
added 2003/12/31 5:0 a.m.20 views

CVE-2003-1219

Cross-site scripting XSS vulnerability in the tephreflink function in htmloutput.php for osCommerce before 2.2-MS3 allows remote attackers to inject arbitrary web script or HTML via the osCsid parameter...

4.3CVSS5.8AI score0.03316EPSS
Exploits0References4
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.7 views

HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`

More info at https://symfony.com/cve-2026-46637...

5.8AI score0.0006EPSS
Exploits0Affected Software1
Rows per page
Query Builder