CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

456 matches found

OSV•added 2024/03/06 10:58 a.m.•19 views

BIT-DRUPAL-2020-13666

Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6...

6.1CVSS6.2AI score0.00509EPSS

Exploits0References2

Veracode•added 2023/12/20 10:5 a.m.•16 views

Cross Site Request Forgery (CSRF)

Phpsysinfo is vulnerable to Cross Site Request Forgery CSRF. The vulnerability is caused due to the missing validation for JSONP requests in readconfig.php file. This could allow an attacker to retrieve sensitive JSON data from the server,leads JSONP hijacking vulnerability...

6.5CVSS6.4AI score0.00284EPSS

Exploits1References4Affected Software2

Huntr•added 2023/04/27 5:51 p.m.•15 views

XML.php JSONP hijacking

Description The XML.php file has a JSONP hijacking vulnerability. When a user visits a page carefully crafted by the attacker, the JSON data is obtained and sent to the attacker. Proof of Concept We created an HTML file as a proof of concept to showcase the vulnerability. This HTML file will...

6.9AI score

Exploits0

SUSE CVE•added 2023/02/15 5:27 a.m.•1 views

SUSE CVE-2014-5333

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly...

4.3CVSS7.1AI score0.00349EPSS

Exploits0References4

SUSE CVE•added 2023/02/15 4:30 a.m.•4 views

SUSE CVE-2018-6835

node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions...

9.8CVSS9.4AI score0.00364EPSS

Exploits1References3

The Hacker News•added 2023/02/13 9:59 a.m.•65 views

Honeypot-Factory: The Use of Deception in ICS/OT Environments

The recently published Security Navigator report of Orange Cyberdefense shows there has been a rapid increase of attacks on industrial control systems ICS in the past few years. Looking a bit closer, most of the attacks seem to have spilt over from traditional IT. That's to be expected, as...

0.6AI score

Exploits0

Kitploit•added 2022/06/12 9:30 p.m.•37 views

DOMDig - DOM XSS Scanner For Single Page Applications

DOMDig is a DOM XSS scanner that runs inside the Chromium web browser and it can scan single page applications SPA recursively. Unlike other scanners, DOMDig can crawl any webapplication including gmail by keeping track of DOM modifications and XHR/fetch/websocket requests and it can simulate a...

7AI score

Exploits0References1

OSV•added 2022/05/24 5:49 p.m.•19 views

GHSA-8JJ2-X2GC-GGM7 Drupal Core Cross-site scripting vulnerability

6.1CVSS6.2AI score0.00509EPSS

Exploits0References5

Github Security Blog•added 2022/05/24 5:49 p.m.•27 views

Drupal Core Cross-site scripting vulnerability

6.1CVSS5.5AI score0.00509EPSS

Exploits0References5Affected Software2

OSV•added 2022/05/13 1:53 a.m.•24 views

GHSA-MVMV-RQ2J-97P2 Etherpad Lite Access Restriction Bypass

node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions...

9.8CVSS9.4AI score0.00364EPSS

Exploits1References4

Github Security Blog•added 2022/05/13 1:53 a.m.•21 views

Etherpad Lite Access Restriction Bypass

node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions...

9.8CVSS7AI score0.00364EPSS

Exploits1References4Affected Software1

OpenVAS•added 2022/01/28 12:0 a.m.•19 views

Mageia: Security Advisory (MGASA-2014-0291)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.5AI score0.35827EPSS

Exploits4References4

OSV•added 2021/11/29 1:15 p.m.•2 views

CVE-2021-43697

Workerman-ThinkPHP-Redis last update Mar 16, 2018 is affected by a Cross Site Scripting XSS vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $GETC'VARJSONPHANDLER' then there is a XSS vulnerability...

6.1CVSS6.4AI score

Exploits0References1

Prion•added 2021/11/05 3:15 p.m.•12 views

Cross site scripting

Multiple Cross Site Scripting XSS vulnerabilities exists in PHPGurukul Shopping v3.1 via the 1 callback parameter in a serverside/scripts/idjsonp.php, b serverside/scripts/jsonp.php, and c scripts/objectsjsonp.php, the 2 value parameter in examplessupport/editableajax.php, and the 3 PHPSELF...

4.3CVSS6.2AI score0.0024EPSS

Exploits0References1Affected Software1

Cvelist•added 2021/09/09 9:25 p.m.•17 views

CVE-2021-39200 Information Disclosure in wp_die() via JSONP in wordpress

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wpdie can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on yo...

5.3CVSS5.8AI score0.01767EPSS

Exploits0References3

Tenable Nessus•added 2021/06/14 12:0 a.m.•39 views

JSONP Injection

JSONP JSON with Padding is a JavaScript technique that allows you to query data from a server without worrying about cross-domain issues by using the tag scripts rather than the XMLHttpRequest object and thus not worrying about the browser's same-origin-policy restrictions. Due to the nature of...

7.3AI score

Exploits0References1

OSV•added 2021/05/05 2:15 p.m.•28 views

CVE-2020-13666

6.1CVSS5.5AI score

Exploits0References1