Lucene search
K

5967 matches found

Positive Technologies
Positive Technologies
added 2023/05/22 12:0 a.m.5 views

PT-2023-23961 · Kiwi Tcms · Kiwi Tcms

Name of the Vulnerable Software and Affected Versions: Kiwi TCMS versions prior to 12.3 Description: The issue arises from insufficient upload validation checks in Kiwi TCMS, allowing an attacker to upload potentially dangerous files. These files can be combined to circumvent the existing...

8.1CVSS6.2AI score0.00431EPSS
Exploits0References8
NVD
NVD
added 2023/05/21 8:15 p.m.12 views

CVE-2021-46888

An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting XSS vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function...

5.4CVSS5.2AI score0.00759EPSS
Exploits1References4
OSV
OSV
added 2023/05/21 8:15 p.m.13 views

CVE-2021-46888

An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting XSS vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function...

5.4CVSS5.7AI score
Exploits0References4
Prion
Prion
added 2023/05/21 8:15 p.m.12 views

Cross site scripting

An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting XSS vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function...

4.9CVSS5.3AI score0.00759EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2023/05/21 12:0 a.m.2 views

hledger 跨站脚本漏洞

hledger is HLEDGER open source a powerful, fast and intuitive plain text accounting tool with CLI, TUI and Web interfaces. A security vulnerability exists in hledger versions prior to 1.23 that stems from a problem in toBloodhoundJson that allows an attacker to execute JavaScript by encoding...

5.4CVSS5.8AI score0.00759EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/05/21 12:0 a.m.6 views

CVE-2021-46888

An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting XSS vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function...

5.2AI score0.00759EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/05/18 9:26 p.m.7 views

CVE-2023-28081

A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute untrusted...

7.8AI score0.00891EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/12 12:0 a.m.4 views

Beekeeper Studio 操作系统命令注入漏洞

Beekeeper Studio is a cross-platform, open source SQL editor and database manager from Beekeeper Studio, Inc. It is available for Linux, Mac and Windows. A security vulnerability exists in Beekeeper Studio versions prior to 3.9.9, which stems from the software contains a code injection that can b...

8.8CVSS8.3AI score0.01388EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/05/10 12:0 a.m.3 views

PT-2023-20597 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: pimcore/pimcore versions prior to 10.5.21 Description: The issue allows for the execution of JavaScript code on victim browsers, potentially leading to cookie theft and account takeover. Recommendations: For versions prior to 10.5.21, update ...

5.7CVSS5.4AI score0.00576EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2023/05/09 8:45 p.m.11 views

CVE-2023-25831 BUG-000154236 There is a reflected cross-site scripting (XSS) vulnerability in Portal for ArcGIS.

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser...

6.1CVSS6.2AI score0.0054EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/05/09 5:46 p.m.20 views

XWiki Platform vulnerable to RXSS via editor parameter - importinline template

Impact It's possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment. To reproduce: add an attachment to a page for example, your user profile add...

9CVSS6.6AI score0.71143EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2023/05/09 4:15 p.m.23 views

Code injection

XWiki Platform is a generic wiki platform. Starting in versions 2.2-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, it's possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment. This has...

6CVSS9AI score0.71143EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/09 3:42 p.m.12 views

CVE-2023-32071 XWiki Platform vulnerable to RXSS via editor parameter - importinline template

XWiki Platform is a generic wiki platform. Starting in versions 2.2-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, it's possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment. This has...

9CVSS9.2AI score0.71143EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/05/09 3:28 p.m.11 views

CVE-2023-32066 Time Tracker has Stored XSS vulnerability in Week View plugin

Time Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such script could then ...

5.4CVSS5.2AI score0.00369EPSS
Exploits0References2
OSV
OSV
added 2023/05/09 3:28 p.m.22 views

CVE-2023-32066 Time Tracker has Stored XSS vulnerability in Week View plugin

Time Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such script could then ...

5.4CVSS5.2AI score0.00369EPSS
Exploits0References4
Veracode
Veracode
added 2023/05/09 12:49 p.m.16 views

Cross-Site Scripting (XSS)

wwbn/avideo, is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of user-input sanitization in script.js which allows an attacker to inject and execute arbitrary JavaScript into the browser...

8CVSS6AI score0.00712EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2023/05/09 12:0 a.m.5 views

XWiki Platform 跨站脚本漏洞

XWiki Platform is a suite of Wiki platforms for creating web collaboration applications from the XWiki Foundation in France. A security vulnerability exists in XWiki Platform versions 2.2-milestone-1, prior to 14.4.8, prior to 14.10.4, and prior to 15.0-rc-1, which originates from the ability to...

9CVSS8.3AI score0.71143EPSS
Exploits0References6
NVD
NVD
added 2023/05/08 9:15 p.m.24 views

CVE-2023-2582

A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting XSS in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly JavaScript library parsing the URL fragment allows access to the proto or...

6.1CVSS6.1AI score0.00597EPSS
Exploits1References1
Prion
Prion
added 2023/05/08 9:15 p.m.19 views

Cross site scripting

A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting XSS in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly JavaScript library parsing the URL fragment allows access to the proto or...

5.8CVSS6AI score0.00597EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/05/08 12:0 a.m.18 views

CVE-2023-2582

A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting XSS in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly JavaScript library parsing the URL fragment allows access to the proto or...

6.2AI score0.00597EPSS
Exploits1References1
Rows per page
Query Builder