Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

456 matches found

UbuntuCve
UbuntuCveadded 2021/05/05 2:15 p.m.29 views

CVE-2020-13666

Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6...

6.1CVSS6.3AI score0.00509EPSS
Exploits0References3
CVE
CVEadded 2021/05/05 1:50 p.m.175 views

CVE-2020-13666

Vulnerability: CVE-2020-13666 – Cross-site scripting in Drupal Core via JSONP in the AJAX API. Affected products (examples): Drupal Core 7.x before 7.73; 8.8.x before 8.8.10; 8.9.x before 8.9.6; 9.0.x before 9.0.6. Root cause: JSONP is not disabled by default in the Drupal AJAX API, enabling XSS ...

6.1CVSS5.9AI score0.00509EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinuxadded 2021/05/05 1:50 p.m.50 views

CVE-2020-13666

Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6...

6.1CVSS6.3AI score0.00509EPSS
Exploits0
Debian CVE
Debian CVEadded 2021/05/05 1:50 p.m.29 views

CVE-2020-13666

Removed by vendor...

6.1CVSS6.2AI score0.00509EPSS
Exploits0
Hacker One
Hacker Oneadded 2021/04/26 9:34 p.m.110 views

GitHub Security Lab: Java: JSONP Injection

This bug was reported directly to GitHub Security Lab...

1.2AI score
Exploits0
Node.js
Node.jsadded 2021/02/24 6:29 p.m.72 views

Cross-Site Scripting (XSS)

Overview Affected versions of angular are vulnerable to JSONP Callback Attack. JSONP JSON with padding is a method used to request data from a server residing in a different domain than the client. Any url could perform JSONP requests, allowing full access to the browser and the JavaScript contex...

6.7AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessusadded 2020/11/20 12:0 a.m.156 views

Debian DLA-2458-1 : drupal7 security update

Two vulnerabilities were discovered in Drupal, a fully-featured content management framework. CVE-2020-13666 The Drupal AJAX API did not disable JSONP by default, which could lead to cross-site scripting. For setups that relied on Drupal's AJAX API for JSONP requests, either JSONP will need to be...

8.8CVSS7AI score0.04504EPSS
Exploits0References7
Tenable Nessus
Tenable Nessusadded 2020/10/19 12:0 a.m.14 views

FreeBSD : drupal -- Multiple Vulnerabilities (95d9d986-1078-11eb-ab74-4c72b94353b5)

Drupal Security Team reports : The Drupal AJAX API does not disable JSONP by default, which can lead to cross-site scripting. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2020 Jacques Vidrin...

4.7AI score
Exploits0References2
Veracode
Veracodeadded 2020/10/05 4:48 a.m.10 views

Cross-Site Scripting (XSS)

mapfish-print is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via JSONP...

9.3CVSS3.7AI score0.00311EPSS
Exploits0References3Affected Software3
OSV
OSVadded 2020/10/02 8:15 p.m.13 views

CVE-2020-15231

In mapfish-print before version 3.24, a user can use the JSONP support to do a Cross-site scripting...

6.1CVSS6.5AI score
Exploits0References2
NVD
NVDadded 2020/10/02 8:15 p.m.7 views

CVE-2020-15231

In mapfish-print before version 3.24, a user can use the JSONP support to do a Cross-site scripting...

9.3CVSS0.00311EPSS
Exploits0References2
Prion
Prionadded 2020/10/02 8:15 p.m.12 views

Cross site scripting

In mapfish-print before version 3.24, a user can use the JSONP support to do a Cross-site scripting...

4.3CVSS6AI score0.00311EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2020/10/02 7:40 p.m.73 views

CVE-2020-15231

CVE-2020-15231 affects mapfish-print prior to version 3.24. A JSONP misuse in mapfish-print allows Cross-site Scripting, enabling an attacker to inject and execute arbitrary JavaScript in a user’s browser via JSONP. Remediation per advisories is to upgrade to version 3.24 or later. The connected ...

9.3CVSS6.2AI score0.00311EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2020/10/02 7:40 p.m.13 views

CVE-2020-15231 Cross-site scripting attack in mapfish-print

In mapfish-print before version 3.24, a user can use the JSONP support to do a Cross-site scripting...

9.3CVSS9AI score0.00311EPSS
Exploits0References2
Drupal
Drupaladded 2020/09/16 12:0 a.m.23 views

Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007

The Drupal AJAX API does not disable JSONP by default, which can lead to cross-site scripting...

6.1CVSS1.1AI score0.00509EPSS
Exploits0References8
FreeBSD
FreeBSDadded 2020/09/16 12:0 a.m.9 views

drupal -- Multiple Vulnerabilities

Drupal Security Team reports: The Drupal AJAX API does not disable JSONP by default, which can lead to cross-site scripting...

0.9AI score
Exploits0References1
Positive Technologies
Positive Technologiesadded 2020/09/10 12:0 a.m.2 views

PT-2020-6401 · Drupal · Drupal Core

Name of the Vulnerable Software and Affected Versions: Drupal Core versions prior to 7.73 Drupal Core 8.8.x versions prior to 8.8.10 Drupal Core 8.9.x versions prior to 8.9.6 Drupal Core 9.0.x versions prior to 9.0.6 Description: The issue is related to a cross-site scripting vulnerability in...

8.8CVSS6.6AI score0.04504EPSS
Exploits0References25
Veracode
Veracodeadded 2020/07/09 5:47 a.m.16 views

Cross-Site Scripting (XSS)

print-lib/print-servlet is vulnerable to cross-site scripting. A remote attacker is able to inject and execute Javascript in a user's browser via JSONP...

9.3CVSS4AI score0.00311EPSS
Exploits0References4Affected Software2
OSV
OSVadded 2020/07/07 4:32 p.m.21 views

GHSA-W534-Q4XF-H5V2 XSS in Mapfish Print relating to JSONP support

Impact A user can use the JSONP support to do a Cross-site scripting. Patches Use version = 3.24 Workarounds No References https://github.com/mapfish/mapfish-print/pull/1397/commits/89155f2506b9cee822e15ce60ccae390a1419d5e https://cwe.mitre.org/data/definitions/79.html For more information If you...

9.3CVSS7.5AI score0.00311EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2020/07/07 4:32 p.m.38 views

XSS in Mapfish Print relating to JSONP support

Impact A user can use the JSONP support to do a Cross-site scripting. Patches Use version = 3.24 Workarounds No References https://github.com/mapfish/mapfish-print/pull/1397/commits/89155f2506b9cee822e15ce60ccae390a1419d5e https://cwe.mitre.org/data/definitions/79.html For more information If you...

9.3CVSS0.00311EPSS
Exploits0References4Affected Software3
Rows per page
Query Builder