CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5059 matches found

OSV•added 2022/08/29 5:20 p.m.•19 views

CVE-2022-36036 Improper Control of Generation of Code ('Code Injection') in mdx-mermaid

mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was...

3.6CVSS7.8AI score0.00129EPSS

Exploits1References4

CVE•added 2022/08/29 5:20 p.m.•54 views

CVE-2022-36036

**Summary**CVE-2022-36036 affects the mdx-mermaid component, enabling arbitrary JavaScript injection by placing code into mermaid blocks. Versions affected: < 1.3.0 and

7.8CVSS6.2AI score0.00129EPSS

Exploits1References2Affected Software1

Cvelist•added 2022/08/16 7:46 p.m.•19 views

CVE-2022-34257 Adobe Commerce Stored XSS Arbitrary code execution

Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s...

6.1CVSS5.8AI score0.00769EPSS

Exploits0References1

OSV•added 2022/08/15 7:15 p.m.•2 views

CVE-2022-24654

Authenticated stored cross-site scripting XSS vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload...

5.4CVSS5.8AI score0.02346EPSS

Exploits2References3

Veracode•added 2022/08/15 6:0 a.m.•21 views

Cross-Site Scripting (XSS)

forkcms/forkcms is vulnerable to cross-site scripting. The vulnerability exists due to lack of sanitization of enddate parameter which allows a remote attacker to inject and execute malicious javascript into the system...

4.8CVSS5.3AI score0.00191EPSS

Exploits1References3Affected Software1

CNNVD•added 2022/08/15 12:0 a.m.•1 views

IIntelbras ATA 200 跨站脚本漏洞

Intelbras ATA 200 is a VOIP line adapter for analog telephones from Intelbras, Brazil. It is intended to be integrated between telephone systems. A security vulnerability exists in Intelbras ATA 200 version 74.19.10.21, which originates from the storage of cross-site scripting in the "Field Serve...

5.4CVSS5.5AI score0.02346EPSS

Exploits2References4

Positive Technologies•added 2022/08/15 12:0 a.m.•3 views

PT-2022-16776 · Intelbras · Intelbras Ata 200

Name of the Vulnerable Software and Affected Versions: INTELBRAS ATA 200 Firmware version 74.19.10.21 Description: The issue is an authenticated stored cross-site scripting XSS vulnerability in the "Field Server Address" field. This allows attackers to inject JavaScript code through a crafted...

5.4CVSS5.3AI score0.02346EPSS

Exploits2References6

OSV•added 2022/08/13 12:0 a.m.•13 views

GHSA-65WF-QM95-6MHM ForkCMS XSS via `publish_on_date` parameter

A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the publishondate Parameter. This issue was patched in version 5.11.0...

4.8CVSS4.8AI score0.0023EPSS

Exploits1References4

OSV•added 2022/08/13 12:0 a.m.•9 views

GHSA-9HMC-87H4-W869 ForkCMS stored XSS via `start_date` parameter

A stored cross-site scripting XSS issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the startdate Parameter. This issue was patched in version 5.11.0...

4.8CVSS4.8AI score0.0023EPSS

Exploits1References4

OSV•added 2022/08/12 5:15 p.m.•9 views

CVE-2021-42751

A cross-site scripting XSS vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers with administrative access to inject arbitrary JavaScript within the description of a rule node...

4.8CVSS5.7AI score

Exploits0References2

CVE•added 2022/08/12 4:52 p.m.•62 views

CVE-2021-42751

CVE-2021-42751 describes a cross-site scripting (XSS) flaw in ThingsBoard 3.3.1, where an attacker with administrative access can inject arbitrary JavaScript into the description of a rule node. The payload can execute in the editor when hovering over the node, as demonstrated by PoCs in Exploit-...

4.8CVSS4.8AI score0.00745EPSS

Exploits4References2Affected Software1