Lucene search
K

5968 matches found

CNNVD
CNNVD
added 2023/07/15 12:0 a.m.5 views

Plane 代码问题漏洞

Plane is an open source, self-hosted project planning tool from Plane Open Source. A security vulnerability exists in Plane version 0.7.1-dev, which stems from a vulnerability that allows an attacker to change the avatar of their profile, thereby allowing the upload of files with HTML extensions...

7.1CVSS5.1AI score0.00458EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/07/12 12:0 a.m.6 views

PT-2023-23658 · Apache +1 · Apache Jena +1

Name of the Vulnerable Software and Affected Versions: Apache Jena versions 3.7.0 through 4.8.0 Description: The issue is related to insufficient restrictions of called script functions in Apache Jena, allowing a remote user to execute javascript via a SPARQL query. Recommendations: For Apache Je...

8.8CVSS7.1AI score0.01324EPSS
Exploits0References16
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.3 views

Apache Jena 安全漏洞

Apache Jena is the United States Apache Apache Foundation of a Java Semantic Web framework. Used to build semantic Web and linked data applications. Apache Jena suffers from a code execution vulnerability that stems from insufficient restrictions on called script functions. An attacker can exploi...

8.8CVSS7.7AI score0.01324EPSS
Exploits0References3
Snyk
Snyk
added 2023/07/11 10:47 p.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization in the external link redirections. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this...

8.1CVSS5.4AI score0.00641EPSS
Exploits0References2
Snyk
Snyk
added 2023/07/11 10:46 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization in the processes filter. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to...

8.1CVSS5.4AI score0.00579EPSS
Exploits0References2
Snyk
Snyk
added 2023/07/11 10:46 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization in the processes filter. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to...

8.1CVSS5.4AI score0.00579EPSS
Exploits0References2
CVE
CVE
added 2023/07/11 5:19 p.m.51 views

CVE-2023-32693

Summary: CVE-2023-32693 affects the Decidim framework (Ruby on Rails). The vulnerability is a Cross-Site Scripting flaw in the external link feature, allowing a remote attacker to execute JavaScript in the context of a logged-in user and potentially influence user endorsements of proposals. Affec...

8.1CVSS6.6AI score0.00641EPSS
Exploits0References3Affected Software1
Huntr
Huntr
added 2023/07/07 3:4 a.m.6 views

Stored XSS in description of theme

Description The attacker can execute JavaScript code through the theme's description. Proof of Concept Step 1 : - Choose any theme to upload i used a copy of vanila theme - Open theme folder and change description tag of config.xml file vanilla Bootstrap Vanilla theme 16/10/2017 LimeSurvey GmbH...

7.2AI score
Exploits0
Veracode
Veracode
added 2023/06/30 5:38 a.m.13 views

Cross-site Scripting (XSS)

khodakhah/nodcms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validations in the contact forms address element, which allows an admin authenticated attacker to inject and execute arbitrary JavaScript into the browser...

4.8CVSS6.5AI score0.00546EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/06/29 12:0 a.m.5 views

Gibbon 跨站脚本漏洞

Gibbon is a school platform that solves real-world problems that educators encounter every day. A security vulnerability exists in Gibbon version 25.0.0 that stems from the presence of a cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary Javascript code...

6.1CVSS6.2AI score0.01868EPSS
Exploits1References2
Huntr
Huntr
added 2023/06/28 5:28 p.m.11 views

Incorrect Authorization to Stored XSS in Import User Role function

Description The application incorrectly checks user permissions, enabling the attacker to use the 'import file user roles' functionality, which contains a payload for executing JavaScript code, without requiring any specific privileges. Proof of Concept Step1: Even without the privilege to manage...

6.9AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2023/06/27 6:15 p.m.9 views

CVE-2023-34835

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable deletefile parameter...

5.4CVSS6.5AI score0.00762EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/06/27 12:0 a.m.4 views

PT-2023-5199 · Ibm · Ibm Qradar Siem

Name of the Vulnerable Software and Affected Versions: IBM QRadar SIEM version 7.5.0 Description: The issue is related to a lack of protection for the web page structure, allowing a remote attacker to bypass restrictions on executing JavaScript. This can enable users to embed arbitrary JavaScript...

5.5CVSS5.6AI score0.00371EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/06/25 12:0 a.m.5 views

PT-2023-25021 · Microworld Technologies · Escan Management Console

Name of the Vulnerable Software and Affected Versions: Microworld Technologies eScan Management console version 14.0.1400.2281 Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete file parameter. This enables the attacker ...

5.4CVSS5.5AI score0.00762EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/06/19 12:0 a.m.4 views

PT-2023-24892 · Pybb · Pybb

Name of the Vulnerable Software and Affected Versions: PyBB versions 0.1.0 Description: A manual code review of the PyBB bulletin board server revealed a vulnerability that allows users to submit any type of HTML tag, which can be executed. For example, a malicious tag, such as xss, can be used t...

5.4CVSS5.4AI score0.00337EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/06/15 9:15 p.m.2 views

CVE-2023-24031

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 8.8.15. XSS can occur, via one of attributes of the webmail /h/ endpoint, to execute arbitrary JavaScript code, leading to information disclosure...

6.1CVSS6.1AI score0.00401EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/06/15 12:0 a.m.8 views

CVE-2023-29304 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)

Adobe Experience Manager versions 6.5.16.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

5.4CVSS5.8AI score0.0046EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/06/15 12:0 a.m.33 views

CVE-2023-24031

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 8.8.15. XSS can occur, via one of attributes of the webmail /h/ endpoint, to execute arbitrary JavaScript code, leading to information disclosure...

6.1AI score0.00401EPSS
Exploits0References2
OSV
OSV
added 2023/06/14 10:15 p.m.5 views

CVE-2023-2819

A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull PTR/TRAP could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type. This could result in arbitrary javascript code...

4.3CVSS6.2AI score0.00256EPSS
Exploits0References1
NVD
NVD
added 2023/06/14 10:15 p.m.25 views

CVE-2023-2819

A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull PTR/TRAP could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type. This could result in arbitrary javascript code...

4.3CVSS4.7AI score0.00256EPSS
Exploits0References1
Rows per page
Query Builder