Lucene search
K

5967 matches found

Vulnrichment
Vulnrichment
added 2023/05/08 12:0 a.m.10 views

CVE-2023-2582

A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting XSS in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly JavaScript library parsing the URL fragment allows access to the proto or...

6.1AI score0.00597EPSS
Exploits1References1
OSV
OSV
added 2023/05/03 3:15 p.m.3 views

CVE-2023-27378

Multiple reflected cross-site scripting XSS vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not...

6.1CVSS6.3AI score0.00387EPSS
Exploits0References1
Prion
Prion
added 2023/05/03 3:15 p.m.26 views

Cross site scripting

Multiple reflected cross-site scripting XSS vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not...

5.8CVSS6AI score0.00387EPSS
Exploits0References1Affected Software19
Vulnrichment
Vulnrichment
added 2023/05/03 2:33 p.m.10 views

CVE-2023-27378 BIG-IP TMUI XSS vulnerability

Multiple reflected cross-site scripting XSS vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not...

7.5CVSS7.1AI score0.00387EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/03 12:10 p.m.8 views

CVE-2023-1384

The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3...

4.3CVSS6.5AI score0.0038EPSS
Exploits0References1
NVD
NVD
added 2023/04/28 7:15 p.m.7 views

CVE-2023-30454

An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be...

6.1CVSS6AI score0.00535EPSS
Exploits1References2
Prion
Prion
added 2023/04/28 7:15 p.m.17 views

Cross site scripting

An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be...

5.8CVSS5.9AI score0.00535EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/04/27 9:15 p.m.235 views

CVE-2023-29489

An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31...

6.1CVSS6.5AI score0.65533EPSS
In wildExploits7References4
OSV
OSV
added 2023/04/25 7:15 a.m.2 views

DEBIAN-CVE-2023-22665

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...

5.4CVSS7.3AI score0.01324EPSS
Exploits0References1
OSV
OSV
added 2023/04/25 7:15 a.m.6 views

CVE-2023-22665

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...

5.4CVSS7.2AI score
Exploits0References2
CNNVD
CNNVD
added 2023/04/25 12:0 a.m.5 views

Apache Jena 安全漏洞

Apache Jena is the United States Apache Apache Foundation of a Java Semantic Web framework. Used to build semantic Web and linked data applications. A cross-site scripting vulnerability exists in Apache Jena. The vulnerability stems from insufficient checking of user queries when calling custom...

5.4CVSS6.6AI score0.01324EPSS
Exploits0References5
CVE
CVE
added 2023/04/18 9:25 p.m.55 views

CVE-2023-30538

CVE-2023-30538 affects the Discourse open source platform. The issue results from improper sanitization of SVG files, allowing an attacker to execute arbitrary JavaScript in users’ browsers when uploading a crafted SVG. The vulnerability is mitigated in the latest stable and tests-passed Discours...

5.4CVSS5.5AI score0.00364EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/04/18 9:25 p.m.20 views

CVE-2023-30538 Stored Cross-site Scripting via improper sanitization of svg files in Discourse

Discourse is an open source platform for community discussion. Due to the improper sanitization of SVG files, an attacker can execute arbitrary JavaScript on the users’ browsers by uploading a crafted SVG file. This issue is patched in the latest stable and tests-passed versions of Discourse. Use...

5.4CVSS5.6AI score0.00364EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/04/18 12:0 a.m.5 views

Discourse 跨站脚本漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. A cross-site scripting vulnerability exists in Discourse that could allow an attacker to upload an SVG file to execute arbitrary JavaScript code on a user's browser. Affected...

5.4CVSS5.9AI score0.00364EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/18 12:0 a.m.8 views

PT-2023-22765 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable and tests-passed versions Description: The issue arises from the improper sanitization of SVG files, allowing an attacker to execute arbitrary JavaScript on users' browsers by uploading a crafted...

5.4CVSS5.8AI score0.00364EPSS
Exploits0References7
NVD
NVD
added 2023/04/16 12:15 a.m.24 views

CVE-2018-17883

An issue was discovered in Open Ticket Request System OTRS 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS...

6.1CVSS6.2AI score0.00443EPSS
Exploits0References2
OSV
OSV
added 2023/04/16 12:15 a.m.17 views

CVE-2018-17883

An issue was discovered in Open Ticket Request System OTRS 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS...

6.1CVSS6.4AI score
Exploits0References2
OSV
OSV
added 2023/04/16 12:15 a.m.3 views

DEBIAN-CVE-2018-17883

An issue was discovered in Open Ticket Request System OTRS 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS...

6.1CVSS6.4AI score0.00443EPSS
Exploits0References1
Prion
Prion
added 2023/04/16 12:15 a.m.21 views

Design/Logic Flaw

An issue was discovered in Open Ticket Request System OTRS 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS...

5.8CVSS6.2AI score0.00443EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/04/16 12:15 a.m.3 views

UBUNTU-CVE-2018-17883

An issue was discovered in Open Ticket Request System OTRS 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS...

6.1CVSS6AI score0.00443EPSS
Exploits0References4
Rows per page
Query Builder