Lucene search
+L

105 matches found

cvelist
cvelist
added 2022/06/01 2:31 p.m.48 views

CVE-2021-34083

Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved from google to a shell command, potentially...

8.2AI score0.01924EPSS
Exploits1References3
opera
opera
added 2022/03/30 12:0 a.m.9 views

Opera’s Free Browser VPN Completes Independent Security Audit by Cure53

News Opera’s Free Browser VPN Completes Independent Security Audit by Cure53 Share March 30th, 2022 Today we’re happy to announce the completion of an independent security audit of Opera’s free built-in browser VPN. Opera’s free, no-log, built-in browser VPN was originally launched as part of the...

8.8CVSS7.3AI score0.01654EPSS
Exploits4References1
osv
osv
added 2022/03/10 5:42 p.m.6 views

CVE-2021-33851

A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin...

5.4CVSS5.9AI score0.01318EPSS
Exploits1References1
nvd
nvd
added 2022/01/05 3:15 p.m.43 views

CVE-2022-22109

In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting XSS vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the...

5.4CVSS0.00531EPSS
Exploits0References2
cnnvd
cnnvd
added 2021/10/18 12:0 a.m.5 views

Anuko TimeTracker 跨站脚本漏洞

Anuko TimeTracker is Anuko an open source application . Provides a Web-based open source time tracking application written in PHP. A cross-site scripting vulnerability exists in anuko timetracker that stems from the time tracker using the browsertoday hidden control on several pages to collect...

6.8CVSS5.5AI score0.00478EPSS
Exploits0References2
cnnvd
cnnvd
added 2021/08/02 12:0 a.m.4 views

Cybozu Garoon 跨站脚本漏洞

Cybozu Garoon is a portal-based OA office system from Cybozu Japan. A cross-site scripting vulnerability exists in some of the email functions in Cybozu Garoon. An attacker can use this vulnerability to execute arbitrary scripts on a logged-in user's Web browser...

5.4CVSS5.7AI score0.00605EPSS
Exploits0References4
osv
osv
added 2021/07/14 2:15 p.m.4 views

CVE-2021-33212

A Cross-site scripting XSS vulnerability in the "View in Browser" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SVG image...

5.4CVSS5.9AI score0.00745EPSS
Exploits1References2
prion
prion
added 2021/07/14 2:15 p.m.15 views

Cross site scripting

A Cross-site scripting XSS vulnerability in the "View in Browser" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SVG image...

3.5CVSS5AI score0.00745EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2021/07/14 1:44 p.m.56 views

CVE-2021-33212

A Cross-site scripting XSS vulnerability in the "View in Browser" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SVG image...

5.3AI score0.00745EPSS
Exploits1References2
cve
cve
added 2021/07/14 1:44 p.m.45 views

CVE-2021-33212

Elements-IT HTTP Commander 5.3.3 contains a cross-site scripting (XSS) flaw in the "View in Browser"/"Browser View" feature. A remote authenticated user can inject arbitrary script/HTML through a crafted SVG image. Documented impact is XSS with partial integrity impact; no patch/version remediati...

5.4CVSS5AI score0.00745EPSS
Exploits1References2Affected Software1
bdu_fstec
bdu_fstec
added 2021/02/05 12:0 a.m.5 views

The vulnerability of the eDocLib platform for storing and processing corporate data arises from the lack of measures taken to protect the website structure. This vulnerability allows attackers to carry out cross-site scripting attacks.

The vulnerability of the eDocLib platform for storing and processing corporate data exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the user’s browser by placing it in the “File Contents...

6.3CVSS6AI score
Exploits0Affected Software1
bdu_fstec
bdu_fstec
added 2020/12/18 12:0 a.m.5 views

The vulnerability of the Adobe Experience Manager content and media management system, related to information disclosure, allows a perpetrator to gain access to protected information.

The vulnerability of the Adobe Experience Manager content and media management system is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the browser and gain access to protected information...

7.8CVSS7.6AI score0.03751EPSS
Exploits0References3Affected Software1
jvn
jvn
added 2020/11/18 9:1 a.m.3 views

Movable Type Premium vulnerable to cross-site scripting

Overview Movable Type Premium provided by Six Apart Ltd. contains a cross-site scripting vulnerability CWE-79. Six Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information Security Early Warning...

6.1CVSS6AI score0.00585EPSS
Exploits0References5
akamaiblog
akamaiblog
added 2020/10/13 10:0 p.m.43 views

Akamai and Snyk Partnership Creates a Powerful Combination for In-Browser Script Protection

A web experience begins with the sum of the code you created. But it also includes all the code the user is put in contact with when loading your website. This means the attack surface to monitor for web application software threats is not just your code repositories, but the sum of the assets re...

1.1AI score
Exploits0
osv
osv
added 2020/07/29 1:15 p.m.3 views

CVE-2020-14492

OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-controllable input, which may allow the execution of malicious code within the user’s browser...

6.1CVSS6.9AI score0.01216EPSS
Exploits0References1
cnvd
cnvd
added 2019/09/04 12:0 a.m.3 views

Lenovo XClarity Administrator Cross-Site Scripting Vulnerability

Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The product is capable of providing agentless hardware management for servers, storage, network switches, and more. A cross-site scripting vulnerability exists in Lenovo XClarity Administrator. An...

6.1CVSS6.4AI score0.00823EPSS
Exploits0References1
veracode
veracode
added 2019/08/06 9:12 a.m.10 views

Malicious Package

calrd is a malicious package. The package contains a malicious code which will execute in the browser, steal sensitive information such as password, cvc, cardnumber fileds from forms and send to https://js-metrics.com/minjs.php?pl=...

1.1AI score
Exploits0
cnvd
cnvd
added 2019/07/09 12:0 a.m.3 views

Mailvelope Encryption Problem Vulnerability

Mailvelope is a suite of open source extensions for using in-browsers. The program is primarily used for end-to-end encryption of email traffic within a web browser. A cryptographic issue vulnerability exists in Mailvelope versions prior to 3.3.0, which arises from a network system or product tha...

4.3CVSS6.8AI score0.01388EPSS
Exploits1References1
thn
thn
added 2019/02/28 10:59 a.m.4 views

Hackers Favorite CoinHive Cryptocurrency Mining Service Shutting Down

Coinhive, a notorious in-browser cryptocurrency mining service popular among cybercriminals, has announced that it will discontinue its services on March 8, 2019. Regular readers of The Hacker News already know how Coinhive's service helped cyber criminals earn hundreds of thousands of dollars by...

6.4AI score
Exploits0
seebug
seebug
added 2018/04/28 12:0 a.m.54 views

Heatmiser WiFi thermostat vulnerabilities

Update – if your heating is misbehaving you need to disable port forwarding to port 80 and port 8068. This should be simply following the reverse of whatever you did to set port forwarding up. Alternatively, you could disable WiFi entirely by putting invalid SSID and password in – I believe the...

7.8AI score
Exploits0
Rows per page
Query Builder