CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2021/10/06 8:28 p.m.•57 views

CVE-2021-42043

The CVE-2021-42043 entry concerns MediaWiki’s Special:MediaSearch in the MediaSearch extension up to version 1.36.2. The bug is caused by improper sanitization of the suggestion text parameter to mediasearch-did-you-mean, enabling injection/execution of HTML and JavaScript via the intitle: search...

6.1CVSS6.4AI score0.0044EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2021/10/06 12:0 a.m.•2 views

PT-2021-23482 · Mediawiki +2 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36.2 MediaSearch extension versions through 1.36.2 Description: An issue was discovered in Special:MediaSearch in the MediaSearch extension. The suggestion text, a parameter to mediasearch-did-you-mean, was not...

8.8CVSS6.2AI score0.01215EPSS

Positive Technologies•added 2021/10/06 12:0 a.m.•2 views

PT-2021-23481 · Mediawiki +1 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36.2 GrowthExperiments extension in MediaWiki versions through 1.36.2 Description: An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension. The...

8.8CVSS6.2AI score0.01215EPSS

Positive Technologies•added 2021/10/06 12:0 a.m.•2 views

PT-2021-23487 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36.2 Description: An issue was discovered in the Growth extension in MediaWiki. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits...

8.8CVSS6.4AI score0.01215EPSS

Positive Technologies•added 2021/10/06 12:0 a.m.•2 views

PT-2021-23485 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.36.3 Description: An issue was discovered in the GlobalWatchlist extension where the rev-deleted-user and ntimes messages were not properly escaped, allowing users to inject HTML and JavaScript. Recommendations:...

8.8CVSS6AI score0.01215EPSS

CNNVD•added 2021/10/04 12:0 a.m.•2 views

Calibre-Web 跨站脚本漏洞

Calibre-Web is a web application for browsing, reading and downloading eBooks from the Calibre database. A cross-site scripting vulnerability exists in the Calibre-web application versions v0.6.0 through v0.6.12, which can be exploited by an attacker to inject JavaScript exploit script into the...

5.4CVSS5.2AI score0.00281EPSS

CNNVD•added 2021/09/30 12:0 a.m.•2 views

Netscout NgeniusOne 跨站脚本漏洞

Netscout NgeniusOne is a centralized application and network performance management solution from Netscout, Inc. A cross-site scripting vulnerability exists in Netscaut nGeniusONE in version 6.3.0 build 1004 and earlier, which stems from a lack of validation of user input and filtering of input...

5.4CVSS5.3AI score0.00354EPSS

Prion•added 2021/09/23 6:15 p.m.•11 views

Cross site scripting

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbusGUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

3.5CVSS5.2AI score0.00197EPSS

Exploits0References2Affected Software1

OSV•added 2021/09/23 5:15 p.m.•2 views

CVE-2021-20484

IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...

5.4CVSS5.4AI score0.00158EPSS

CNNVD•added 2021/09/23 12:0 a.m.•1 views

IBM Aspera 跨站脚本漏洞

IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from IBM U.S. A cross-site scripting vulnerability exists in IBM Aspera Cloud, which could be exploited by an attacker to embed arbitrary JavaScript code in the Web UI to alter the intended...

6.4CVSS6.1AI score0.0015EPSS

CNNVD•added 2021/09/22 12:0 a.m.•1 views

IBM Jazz for Service Management和IBM Tivoli Netcool/OMNIbus_GUI 跨站脚本漏洞

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbusGUI are both products of IBM Corporation, U.S.A. IBM Jazz for Service Management is an integrated service management product that provides visibility into the service management environment. IBM Tivoli Netcool/OMNIbusGUI is a graphical...

6.4CVSS6.1AI score0.00197EPSS

CNNVD•added 2021/09/22 12:0 a.m.•2 views

IBM Jazz for Service Management和IBM Tivoli Netcool/OMNIbus_GUI 跨站脚本漏洞

Jazz is IBM Rational's next-generation collaboration platform for software delivery technology.The Jazz platform has been carefully designed and developed specifically for global and geographically diverse teams, and will change the way people collaborate to build software - improving the...

6.4CVSS6AI score0.00197EPSS

NVD•added 2021/09/21 9:15 p.m.•14 views

CVE-2021-41086

jsuites is an open source collection of common required javascript web components. In affected versions users are subject to cross site scripting XSS attacks via clipboard content. jsuites is vulnerable to DOM based XSS if the user can be tricked into copying anything from a malicious and pasting...

8.7CVSS0.00638EPSS

Prion•added 2021/09/21 9:15 p.m.•14 views

Cross site scripting

3.5CVSS5.4AI score0.00638EPSS

Exploits0References3Affected Software1

CNNVD•added 2021/09/20 12:0 a.m.•0 views

IBM Jazz for Service Management和IBM Tivoli Netcool/OMNIbus_GUI 跨站脚本漏洞

5.4CVSS5.8AI score0.00208EPSS