Lucene search
K

5968 matches found

OSV
OSV
added 2023/06/09 10:41 p.m.27 views

GHSA-XP5H-F8JF-RC8Q rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements

NOTE: rails-ujs is part of Rails/actionview since 5.1.0. There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML...

6.3CVSS6.1AI score0.00632EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.12 views

CVE-2023-0709 Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_last_name shortcode

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mflastname' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to injec...

5.4CVSS6.7AI score0.00556EPSS
Exploits0References3
Veracode
Veracode
added 2023/06/08 10:38 a.m.18 views

Cross-site Scripting (XSS)

avo is vulnerable to Cross-site Scripting XSS. The vulnerability exists in multiple files due to improper html sanitization in form content which allows an attacker to inject and execute arbitrary JavaScript in a victims browser...

7.3CVSS6.8AI score0.00563EPSS
Exploits1References2Affected Software1
Hacker One
Hacker One
added 2023/06/06 8:12 p.m.65 views

inDrive: #2 XSS on watchdocs.indriverapp.com

An XSS vulnerability was discovered on watchdocs.indriverapp.com. The vulnerability allowed execution of JavaScript on the user's browser...

6.2AI score
Exploits0
OSV
OSV
added 2023/06/06 6:3 p.m.30 views

CVE-2023-33977 Stored cross site scripting (XSS) via unrestricted file upload in Kiwi TCMS

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded...

8.1CVSS6.4AI score0.0087EPSS
Exploits1References7
OSV
OSV
added 2023/06/06 12:45 a.m.2 views

GHSA-GWXV-JV83-6QJR JStachio XSS vulnerability: Unescaped single quotes

Impact Description: JStachio fails to escape single quotes ' in HTML, allowing an attacker to inject malicious code. Reproduction Steps: Use the following template code: html Set the value variable to ' onblur='alert1. java public class Escaping public static void mainString args Model model = ne...

5.4CVSS6.2AI score0.00579EPSS
Exploits1References7
OSV
OSV
added 2023/06/01 5:15 p.m.3 views

CVE-2023-32715

In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the app, which causes that code to run on the user’s machine. The app itself does not contain the potentially malicious JavaScript code. The vulnerability requires the...

6.1CVSS6.5AI score0.00313EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/31 12:0 a.m.10 views

CVE-2023-33287

A stored cross-site scripting XSS vulnerability in the Inline Table Editing application before 3.8.0 for Confluence allows attackers to store and execute arbitrary JavaScript via a crafted payload injected into the tables...

5.8AI score0.00475EPSS
Exploits0References3
Huntr
Huntr
added 2023/05/30 3:24 a.m.9 views

Stored XSS in End page

Description Allows a user who only has the authority to create surveys not the administrator to bypass validation and embed javascript schemes when creating surveys Step to reproduce - Login as administrator 1. Open User management and Create a user with create surveys only permissions. 1. Logout...

6.9AI score
Exploits0
Vulnrichment
Vulnrichment
added 2023/05/30 12:0 a.m.12 views

CVE-2023-28350

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Attacker-supplied input is not validated/sanitized before being rendered in both the Teacher and Student Console applications, enabling an attacker to execute JavaScript in these applications. Due to the rich and highly privileged...

6.5AI score0.01069EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/05/30 12:0 a.m.4 views

PT-2023-24603 · Jstachio · Jstachio

Name of the Vulnerable Software and Affected Versions: JStachio versions prior to 1.0.1 Description: JStachio fails to escape single quotes ' in HTML, allowing an attacker to inject malicious code. This can be exploited to execute arbitrary JavaScript code in the context of other users visiting...

6.1CVSS6.4AI score0.00579EPSS
Exploits1References10
NVD
NVD
added 2023/05/27 4:15 a.m.17 views

CVE-2023-32686

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded...

8.1CVSS8AI score0.00431EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/05/26 10:15 p.m.2 views

CVE-2023-21515

InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store...

8.8CVSS7.3AI score0.00521EPSS
Exploits0References2
Prion
Prion
added 2023/05/26 10:15 p.m.30 views

Design/Logic Flaw

InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store...

6.8CVSS8.7AI score0.00521EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/26 12:0 a.m.10 views

CVE-2023-21515

InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store...

7.5CVSS7.9AI score0.00521EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/26 12:0 a.m.11 views

CVE-2023-21516

XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store...

7.5CVSS7.8AI score0.00549EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/05/26 12:0 a.m.5 views

PT-2023-24249 · Unknown · Papaya Viewer

Name of the Vulnerable Software and Affected Versions: Papaya Viewer version 1.0.1449 Description: An issue was discovered where user-supplied input in the form of DICOM or NIFTI images can be loaded into the Papaya web application without sanitization. This allows the injection of arbitrary...

6.1CVSS7.4AI score0.00922EPSS
Exploits2References8
NVD
NVD
added 2023/05/25 7:15 a.m.26 views

CVE-2022-46907

A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later...

6.1CVSS6.1AI score0.01162EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/05/25 12:0 a.m.6 views

PT-2023-15104 · Apache · Apache Jspwiki

Name of the Vulnerable Software and Affected Versions: Apache JSPWiki versions prior to 2.12.0 Description: A carefully crafted request on several JSPWiki plugins could trigger an issue that allows the attacker to execute javascript in the victim's browser and get some sensitive information about...

6.1CVSS6AI score0.01162EPSS
Exploits0References16
Vulnrichment
Vulnrichment
added 2023/05/24 12:0 a.m.11 views

CVE-2022-42225

Jumpserver 2.10.0 = version = 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin's permission...

5.7AI score0.00735EPSS
Exploits1References5
Rows per page
Query Builder