Lucene search
K

852 matches found

ATTACKERKB
ATTACKERKB
added 2023/03/06 12:15 p.m.4 views

CVE-2022-2178

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saysis Computer Starcities allows Cross-Site Scripting XSS. This issue affects Starcities: before 1.1...

6.1CVSS6.4AI score0.00372EPSS
Exploits0References3
CVE
CVE
added 2023/03/06 11:43 a.m.59 views

CVE-2022-2178

CVE-2022-2178 corresponds to a cross-site scripting (XSS) flaw in Saysis Computer Starcities prior to version 1.1, arising from improper neutralization of input during web page generation. The vulnerability could allow injection of malicious scripts when rendering pages. Affected product/version:...

6.1CVSS6.4AI score0.00372EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/02/28 5:15 p.m.25 views

CVE-2023-27294

Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event. This could...

5.4CVSS5.4AI score0.0053EPSS
Exploits1References1
OSV
OSV
added 2023/02/28 5:15 p.m.13 views

CVE-2023-27293

Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used to steal other users’ cooki...

6.1CVSS7AI score
Exploits0References1
Cvelist
Cvelist
added 2023/02/28 12:0 a.m.25 views

CVE-2023-27294

Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event. This could...

5.6AI score0.0053EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/02/04 12:0 a.m.3 views

Apache Sling 跨站脚本漏洞

Apache Sling is the United States Apache Apache Foundation of a Java platform for open source Web framework. It is designed to create content-centric applications on JSR-170 compliant content repositories such as Apache Jackrabbit. A cross-site scripting vulnerability exists in Apache Sling 1.1.4...

6.1CVSS5.4AI score0.01445EPSS
Exploits0References3
NVD
NVD
added 2023/01/26 9:18 p.m.27 views

CVE-2022-4092

An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input...

8CVSS6.2AI score0.01396EPSS
Exploits1References3
NVD
NVD
added 2022/11/02 12:15 p.m.29 views

CVE-2022-39950

An improper neutralization of input during web page generation vulnerability CWE-79 exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4. Report templates may allow a low privilege level attacker to perform an XSS attack via...

8CVSS0.00684EPSS
Exploits0References1
Prion
Prion
added 2022/09/06 4:15 p.m.14 views

Cross site scripting

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting XSS attack through the URI parameter via the Threat...

4.9CVSS5.1AI score0.00357EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2022/05/11 3:15 p.m.31 views

CVE-2021-43081

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to...

6.1CVSS0.00844EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/05/11 2:30 p.m.31 views

CVE-2021-43081

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to...

6.1CVSS6.3AI score0.00844EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/02/25 12:0 a.m.2 views

Weblate 跨站脚本漏洞

A cross-site scripting vulnerability exists in Weblate, a Copyleft web-based free software continuous localization system, which stems from the failure of versions prior to 4.11 to properly neutralize user input used in the username and language fields. As a result of this improper neutralization...

5.4CVSS5.2AI score0.00741EPSS
Exploits0References6
Prion
Prion
added 2022/01/24 8:15 p.m.10 views

Cross site scripting

An issue was discovered in COINS Construction Cloud 11.12. Due to improper input neutralization, it is vulnerable to reflected cross-site scripting XSS via malicious links affecting the search window and activity view window...

4.3CVSS5.9AI score0.01085EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/01/17 12:15 p.m.6 views

CVE-2021-3853

chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

6.1CVSS6.7AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/12/26 12:15 p.m.7 views

CVE-2021-4169

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

6.1CVSS5.9AI score0.00948EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2021/12/24 8:15 p.m.2 views

CVE-2021-3977

invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

6.5CVSS6.4AI score0.00592EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2021/12/21 1:15 p.m.6 views

CVE-2021-4139

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

9CVSS6.8AI score0.00877EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2021/12/17 1:15 p.m.6 views

CVE-2021-4132

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

7.3CVSS6.6AI score0.00634EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2021/12/17 12:0 a.m.4 views

PT-2021-23274 · Unknown · Livehelperchat

Name of the Vulnerable Software and Affected Versions: livehelperchat affected versions not specified Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This means that the software does not properly neutralize use...

7.3CVSS6AI score0.00634EPSS
Exploits1References9
ATTACKERKB
ATTACKERKB
added 2021/12/16 2:15 p.m.8 views

CVE-2021-4124

janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

8.1CVSS6.8AI score0.00942EPSS
Exploits1References3
Rows per page
Query Builder