Lucene search
K

5662 matches found

ATTACKERKB
ATTACKERKB
added 2022/04/04 8:15 p.m.4 views

CVE-2022-1175

Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes...

8.7CVSS7.1AI score0.82003EPSS
Exploits3References5Affected Software1
UbuntuCve
UbuntuCve
added 2022/04/04 8:15 p.m.52 views

CVE-2022-1175

Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes...

8.7CVSS7AI score0.82003EPSS
Exploits3References4
CVE
CVE
added 2022/04/04 7:46 p.m.143 views

CVE-2022-1175

GitLab CE/EE is affected by CVE-2022-1175 due to improper neutralization of user input in notes, enabling Stored XSS. Affected ranges are GitLab CE/EE versions: 14.4 up to before 14.7.7, 14.8 up to before 14.8.5, and 14.9 up to before 14.9.2. Connected documents indicate fixes exist in later rele...

8.7CVSS5.8AI score0.82003EPSS
Exploits3References4Affected Software1
Debian CVE
Debian CVE
added 2022/04/04 7:46 p.m.37 views

CVE-2022-1175

Removed by vendor...

8.7CVSS7.1AI score0.82003EPSS
Exploits3
NVD
NVD
added 2022/02/25 9:15 p.m.21 views

CVE-2022-24710

Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutralization it is possible to perform cross-site scripting via these fields. The issues were fixed i...

5.4CVSS0.00741EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/02/25 12:0 a.m.2 views

Weblate 跨站脚本漏洞

A cross-site scripting vulnerability exists in Weblate, a Copyleft web-based free software continuous localization system, which stems from the failure of versions prior to 4.11 to properly neutralize user input used in the username and language fields. As a result of this improper neutralization...

5.4CVSS5.2AI score0.00741EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/02/04 12:0 a.m.4 views

Schneider Electric EcoStruxure Power Monitoring Expert 跨站脚本漏洞

The Schneider Electric EcoStruxure Power Monitoring Expert is a device from Schneider Electric, France, for power distribution monitoring in IoT environments. The Schneider Electric EcoStruxure Power Monitoring Expert suffers from a cross-site scripting vulnerability that stems from an incorrect...

5.4CVSS5.4AI score0.00451EPSS
Exploits0References2
Prion
Prion
added 2022/02/02 11:15 a.m.20 views

Cross site scripting

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to...

4.3CVSS6.5AI score0.12936EPSS
Exploits5References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/02/02 11:8 a.m.13 views

CVE-2021-43062

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to...

6.1CVSS7.4AI score0.12936EPSS
Exploits5References2
Prion
Prion
added 2022/01/28 8:15 p.m.15 views

Cross site scripting

A CWE-79 Improper Neutralization of Input During Web Page Generation ?Cross-site Scripting? vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the chargi...

4.3CVSS6.2AI score0.00562EPSS
Exploits0References1Affected Software6
NVD
NVD
added 2022/01/24 8:15 p.m.9 views

CVE-2021-45223

An issue was discovered in COINS Construction Cloud 11.12. Due to insufficient input neutralization, it is vulnerable to denial of service attacks via forced server crashes...

6.5CVSS0.01644EPSS
Exploits1References3
OSV
OSV
added 2022/01/24 8:15 p.m.4 views

CVE-2021-45223

An issue was discovered in COINS Construction Cloud 11.12. Due to insufficient input neutralization, it is vulnerable to denial of service attacks via forced server crashes...

6.5CVSS6.6AI score0.01644EPSS
Exploits1References3
Prion
Prion
added 2022/01/24 8:15 p.m.9 views

Cross site scripting

An issue was discovered in COINS Construction Cloud 11.12. Due to improper input neutralization, it is vulnerable to reflected cross-site scripting XSS via malicious links affecting the search window and activity view window...

4.3CVSS5.9AI score0.01085EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2022/01/24 8:15 p.m.13 views

Input validation

An issue was discovered in COINS Construction Cloud 11.12. Due to insufficient input neutralization, it is vulnerable to denial of service attacks via forced server crashes...

4CVSS6.3AI score0.01644EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/01/24 7:58 p.m.14 views

CVE-2021-45225

An issue was discovered in COINS Construction Cloud 11.12. Due to improper input neutralization, it is vulnerable to reflected cross-site scripting XSS via malicious links affecting the search window and activity view window...

6.2AI score0.01085EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/01/24 7:57 p.m.16 views

CVE-2021-45223

An issue was discovered in COINS Construction Cloud 11.12. Due to insufficient input neutralization, it is vulnerable to denial of service attacks via forced server crashes...

6.5AI score0.01644EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/01/24 12:0 a.m.8 views

PT-2022-12308 · Coins · Coins Construction Cloud

Name of the Vulnerable Software and Affected Versions: COINS Construction Cloud version 11.12 Description: The issue is related to insufficient input neutralization, making it vulnerable to denial of service attacks via forced server crashes. Recommendations: For COINS Construction Cloud version...

6.5CVSS6.3AI score0.01644EPSS
Exploits1References6
OSV
OSV
added 2022/01/18 5:15 p.m.22 views

CVE-2021-39946

Improper neutralization of user input in GitLab CE/EE versions 14.3 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed an attacker to exploit XSS by abusing the generation of the HTML code related to emojis...

5.4CVSS5.6AI score0.01042EPSS
Exploits0References3
Veracode
Veracode
added 2022/01/18 5:19 a.m.27 views

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to cross-site scripting XSS attacks. An attacker is able to bypass the validations due to improper input neutralization during web page generation. The vulnerability can be exploited via changing the rule name in the admin dev page allowing attackers to inject and...

5.4CVSS5.5AI score0.01456EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/01/17 4:15 p.m.7 views

CVE-2022-0257

pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

6.1CVSS6AI score0.01456EPSS
Exploits1References3
Rows per page
Query Builder