Lucene search
K

197 matches found

AlpineLinux
AlpineLinux
added 2023/12/11 12:15 p.m.22 views

CVE-2023-6186

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning th...

6.5CVSS7.6AI score0.00772EPSS
Exploits0
OSV
OSV
added 2023/12/11 12:15 p.m.2 views

DEBIAN-CVE-2023-6186

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning th...

8.8CVSS8AI score0.00772EPSS
Exploits0References1
OSV
OSV
added 2023/12/11 12:15 p.m.24 views

CVE-2023-6186

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning th...

8.8CVSS8.8AI score0.00772EPSS
Exploits0References4
NVD
NVD
added 2023/12/11 12:15 p.m.22 views

CVE-2023-6186

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning th...

8.8CVSS0.00772EPSS
Exploits0References4
CVE
CVE
added 2023/12/11 11:56 a.m.309 views

CVE-2023-6186

CVE-2023-6186 affects LibreOffice. The vulnerability arises from insufficient macro permission validation, enabling certain built-in macros or internal commands to be executed when a user activates hyperlinks that target macros, without explicit user permission. Connected documents corroborate th...

8.8CVSS8.8AI score0.00772EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2023/12/11 11:56 a.m.24 views

CVE-2023-6186

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning th...

8.8CVSS8.9AI score0.00772EPSS
Exploits0
OSV
OSV
added 2023/12/11 12:0 a.m.1 views

UBUNTU-CVE-2023-6186

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning th...

8.8CVSS5.9AI score0.00772EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/12/11 12:0 a.m.11 views

PT-2023-7595 · Document Foundation +10 · Libreoffice +10

Name of the Vulnerable Software and Affected Versions: LibreOffice affected versions not specified Description: The issue is related to insufficient macro permission validation, allowing an attacker to execute built-in macros without warning. In affected versions, LibreOffice supports hyperlinks...

8.8CVSS7.1AI score0.64635EPSS
Exploits2References108
Github Security Blog
Github Security Blog
added 2023/08/03 4:32 p.m.30 views

pimcore/customer-management-framework-bundle Cross-site Scripting vulnerability in Segment name

Impact As HTML injection works in email an attacker can trick a victim to click on such hyperlinks to redirect him to any malicious site and also can host a XSS page. All this will surely cause some damage to the victim. This could lead to users being tricked into giving logins away to malicious...

6.5CVSS6.4AI score0.00538EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2023/08/03 4:32 p.m.64 views

GHSA-735F-W79P-282X pimcore/customer-management-framework-bundle Cross-site Scripting vulnerability in Segment name

Impact As HTML injection works in email an attacker can trick a victim to click on such hyperlinks to redirect him to any malicious site and also can host a XSS page. All this will surely cause some damage to the victim. This could lead to users being tricked into giving logins away to malicious...

6.5CVSS5.4AI score0.00538EPSS
Exploits1References6
OSV
OSV
added 2023/07/26 3:30 p.m.2 views

GHSA-69VW-3PCM-84RW Jenkins Stored Cross-site Scripting vulnerability

Jenkins applies formatting to the console output of builds, transforming plain URLs into hyperlinks. Jenkins 2.415 and earlier, 2.414 and earlier, and LTS 2.401.2 and earlier does not sanitize or properly encode URLs of these hyperlinks in build logs. This results in a stored cross-site scripting...

8CVSS5.9AI score0.00862EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2023/07/26 2:15 p.m.17 views

CVE-2023-39151

Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control build log contents...

5.4CVSS5.8AI score0.00862EPSS
Exploits0
Prion
Prion
added 2023/07/26 2:15 p.m.29 views

Cross site scripting

Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control build log contents...

4.9CVSS5.1AI score0.00862EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/26 12:0 a.m.3 views

PT-2023-26808 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.415 and earlier Jenkins LTS versions 2.401.2 and earlier Description: The issue is related to the transformation of URLs in build logs into hyperlinks, which are not properly sanitized or encoded. This results in a stored...

8CVSS5.6AI score0.00862EPSS
Exploits0References11
CNNVD
CNNVD
added 2023/07/26 12:0 a.m.11 views

Jenkins 跨站脚本漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins 2.415 and earlier, Jenkins LTS 2.401.2 and earlier, which stems from the fact...

5.4CVSS6.6AI score0.00862EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/07/26 12:0 a.m.25 views

FreeBSD : jenkins -- Stored XSS vulnerability (a0321b74-031d-485c-bb76-edd75256a6f0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a0321b74-031d-485c-bb76-edd75256a6f0 advisory. - Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build...

5.4CVSS6.2AI score0.00862EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/06/29 3:15 a.m.4 views

CVE-2022-46408

Ericsson Network Manager ENM, versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager NCM where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker...

6.8CVSS7.3AI score0.00924EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/06/29 12:0 a.m.12 views

CVE-2022-46408

Ericsson Network Manager ENM, versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager NCM where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker...

7.9AI score0.00924EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/06/29 12:0 a.m.5 views

Ericsson Network Manager 安全漏洞

Ericsson Network Manager is a network manager from Ericsson, Sweden. It covers monitoring, troubleshooting, configuration, automation and optimization of networks. A security vulnerability exists in Ericsson Network Manager versions prior to 22.1, which stems from improperly neutralized formula...

6.8CVSS7.4AI score0.00924EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/06/29 12:0 a.m.29 views

CVE-2022-46408

Ericsson Network Manager ENM, versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager NCM where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker...

7.2AI score0.00924EPSS
Exploits0References1
Rows per page
Query Builder