Lucene search
K

5965 matches found

NVD
NVD
added 2023/03/17 8:15 p.m.20 views

CVE-2023-27592

Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...

5.4CVSS5.6AI score0.00586EPSS
Exploits0References7
Prion
Prion
added 2023/03/17 8:15 p.m.14 views

Design/Logic Flaw

Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...

4.9CVSS5.8AI score0.00586EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/17 7:4 p.m.7 views

CVE-2023-27592 Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler

Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...

4.8CVSS5.9AI score0.00586EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2023/03/17 7:4 p.m.88 views

CVE-2023-27592

Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...

5.4CVSS5.7AI score0.00586EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/03/17 12:0 a.m.6 views

PT-2023-21232 · Miniflux · Miniflux

Name of the Vulnerable Software and Affected Versions: Miniflux versions 2.0.25 through 2.0.42 Description: The issue arises when Miniflux automatically proxies images served over HTTP to prevent mixed content errors. If an outbound request made by the Go HTTP client fails, the html.ServerError i...

5.4CVSS7.6AI score0.00586EPSS
Exploits0References12
CNNVD
CNNVD
added 2023/03/15 12:0 a.m.6 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.2AI score0.0048EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/15 12:0 a.m.6 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.2AI score0.0048EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/15 12:0 a.m.6 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.2AI score0.0048EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/15 12:0 a.m.5 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.2AI score0.0048EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/15 12:0 a.m.13 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS6.2AI score0.0048EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/08 12:0 a.m.4 views

ARRIS DG3450 跨站脚本漏洞

The ARRIS DG3450 is a cable gateway from ARRIS America. The ARRIS DG3450 Cable Gateway suffers from a cross-site scripting vulnerability that stems from the presence of a reflective cross-site scripting vulnerability, which can be exploited by an attacker to execute arbitrary JavaScript code in t...

6.1CVSS6.4AI score0.00754EPSS
Exploits3References5
CNNVD
CNNVD
added 2023/03/03 12:0 a.m.6 views

teler-waf 安全漏洞

teler-waf is a Go HTTP middleware that provides teler IDS functionality to prevent Web-based attacks and improve the security of Go-based Web applications. It is highly configurable and easy to integrate into existing Go applications. A security vulnerability exists in teler-waf versions prior to...

6.5CVSS6.9AI score0.00516EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/03/03 12:0 a.m.29 views

FreeBSD : Grafana -- Stored XSS in geomap panel plugin via attribution (e2a8e2bd-b808-11ed-b695-6c3be5272acd)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e2a8e2bd-b808-11ed-b695-6c3be5272acd advisory. - Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch,...

7.3CVSS7.4AI score0.1546EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/03/02 12:14 a.m.9 views

CVE-2023-26046 teler-waf subject to bypass of common web attack threat rule with HTML entities payload

teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...

6.5CVSS6.4AI score0.00536EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/03/02 12:0 a.m.6 views

PT-2023-20677 · Vega · Vega

Name of the Vulnerable Software and Affected Versions: Vega versions prior to 5.13.1 Description: The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. This can be exploited to escape the Vega expression sandbox in order to execute...

6.5CVSS6.4AI score0.00775EPSS
Exploits1References11
Vulnrichment
Vulnrichment
added 2023/03/01 3:35 p.m.9 views

CVE-2023-0507

Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible due to map attributions weren't properly sanitized and allowed arbitrary JavaScript...

7.3CVSS6.5AI score0.1546EPSS
Exploits0References2
Veracode
Veracode
added 2023/03/01 2:54 a.m.23 views

Cross-site Scripting (XSS)

@braintree/sanitize-url is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the decodeHtmlCharacters function in index.ts does not properly sanitize html encoded colons in the urlSchemeRegex parameter, which allows an attacker to inject and execute malicious JavaScript by...

6.1CVSS5.9AI score0.0056EPSS
Exploits0References4Affected Software2
Vulnrichment
Vulnrichment
added 2023/03/01 12:0 a.m.8 views

CVE-2022-4901

Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim...

3.3CVSS6.1AI score0.00337EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/03/01 12:0 a.m.6 views

Grafana 跨站脚本漏洞

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus. A cross-site scripting vulnerability exists in Grafana version 8.1, which stems from map attributes not...

7.3CVSS7.4AI score0.1546EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/03/01 12:0 a.m.5 views

PT-2023-20449 · Teler-Waf · Teler-Waf

Name of the Vulnerable Software and Affected Versions: teler-waf versions prior to 0.2.0 Description: teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. The issue allows an attacker to execute arbitrary JavaScript code on the victim's...

6.5CVSS6.3AI score0.00516EPSS
Exploits0References13
Rows per page
Query Builder