Lucene search
K

5964 matches found

OSV
OSV
added 2023/02/14 3:15 p.m.4 views

CVE-2022-4286

A reflected cross-site scripting XSS vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions =3.00 and =C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session...

6.1CVSS6AI score0.00564EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/02/14 2:25 p.m.8 views

CVE-2022-4286 Reflected Cross-Site Scripting Vulnerabilities in Automation Runtime

A reflected cross-site scripting XSS vulnerability exists in System Diagnostics Manager of B&R Automation Runtime versions =3.00 and =C4.93 that enables a remote attacker to execute arbitrary JavaScript in the context of the users browser session...

6.1CVSS6AI score0.00564EPSS
Exploits1References1
OSV
OSV
added 2023/02/09 7:15 p.m.4 views

CVE-2023-21434

Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page...

6.1CVSS5.8AI score0.12885EPSS
Exploits0References1
CVE
CVE
added 2023/02/09 12:0 a.m.77 views

CVE-2023-21434

Samsung Galaxy Store for Android versions prior to 4.5.49.8 is affected by CVE-2023-21434 due to improper input validation. The issue relates to how the app limits domains that can be launched in a WebView, potentially allowing a local attacker to bypass the URL filter and navigate to a domain un...

6.2CVSS6.3AI score0.12885EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/09 12:0 a.m.8 views

CVE-2023-21434

Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page...

6.2CVSS6.3AI score0.12885EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/02/08 12:0 a.m.5 views

The vulnerability of the microprogrammed Ethernet switches Moxa SDS-3008 lies in the insufficient protection of the web page structure, allowing attackers to execute arbitrary JavaScript code.

The vulnerability of the microprogrammed Ethernet switches from Moxa, the SDS-3008 model, is related to insufficient protection of the website structure when processing the Switch Description field in the Switch Information section. Exploiting this vulnerability allows an attacker to execute...

6.5CVSS5.9AI score0.01084EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/02/08 12:0 a.m.5 views

The vulnerability of the microprogrammed Ethernet switches Moxa SDS-3008 lies in the insufficient protection of the web page structure, allowing attackers to execute arbitrary JavaScript code.

The vulnerability of the microprogrammed Ethernet switch software from Moxa, the SDS-3008 model, is related to insufficient protection of the website structure during the processing of the Switch Location field in the Switch Information section. Exploiting this vulnerability allows an attacker to...

7.5CVSS5.9AI score0.01028EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2023/02/07 7:15 p.m.23 views

Design/Logic Flaw

Zulip is an open-source team collaboration tool. In versions of zulip prior to commit 2f6c5a8 but after commit 04cf68b users could upload files with arbitrary Content-Type which would be served from the Zulip hostname with Content-Disposition: inline and no Content-Security-Policy header, allowin...

4.9CVSS4.9AI score0.00515EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/02/07 5:15 p.m.25 views

CVE-2022-41312

A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form fiel...

5.4CVSS4.8AI score0.01084EPSS
Exploits1References3
OSV
OSV
added 2023/02/07 5:15 p.m.6 views

CVE-2022-41313

A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form fiel...

5.4CVSS5.8AI score0.01084EPSS
Exploits1References3
Prion
Prion
added 2023/02/07 5:15 p.m.11 views

Cross site scripting

A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form fiel...

4.9CVSS5.3AI score0.01028EPSS
Exploits1References2Affected Software2
Prion
Prion
added 2023/02/07 5:15 p.m.20 views

Cross site scripting

A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form fiel...

4.9CVSS5.3AI score0.01084EPSS
Exploits1References2Affected Software2
Cvelist
Cvelist
added 2023/02/07 4:52 p.m.33 views

CVE-2022-41313

A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form fiel...

4.3CVSS5.5AI score0.01084EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/02/07 4:52 p.m.8 views

CVE-2022-41311

A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form fiel...

4.3CVSS6.4AI score0.01028EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/02/07 4:52 p.m.15 views

CVE-2022-41312

A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form fiel...

4.3CVSS6.4AI score0.01084EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/02/07 4:52 p.m.11 views

CVE-2022-41313

A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form fiel...

4.3CVSS6.4AI score0.01084EPSS
Exploits1References2
Veracode
Veracode
added 2023/02/07 5:46 a.m.124 views

Cross-Site Scripting (XSS)

github.com/grafana/grafana is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to improper sanitization of user inputs in the originalUrl parameter which allows an attacker to inject and execute arbitrary JavaScript...

6.7CVSS6.8AI score0.00828EPSS
Exploits0References7Affected Software2
Positive Technologies
Positive Technologies
added 2023/02/07 12:0 a.m.5 views

PT-2023-18677 · Zulip · Zulip

Name of the Vulnerable Software and Affected Versions: Zulip versions prior to commit 2f6c5a8 but after commit 04cf68b Description: Zulip is an open-source team collaboration tool. In affected versions, users could upload files with arbitrary Content-Type which would be served from the Zulip...

4.6CVSS4.8AI score0.00515EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/02/07 12:0 a.m.5 views

Zulip 安全漏洞

Zulip is a powerful open source group chat application from Zulip, Inc. for combining the immediacy of real-time chat with the productivity benefits of threaded conversations. A security vulnerability exists in Zulip that stems from the ability to upload a file with an arbitrary Content-Type, whi...

4.6CVSS5.5AI score0.00515EPSS
Exploits0References5
CNVD
CNVD
added 2023/02/06 12:0 a.m.10 views

Moxa SDS-3008 cross-site scripting vulnerability (CNVD-2023-58304)

Moxa SDS-3008 is a series of industrial switches from MOXA China. The Moxa SDS-3008 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to send a specially crafted HTTP request resulting in arbitrary Javascript execution...

5.4CVSS6.3AI score0.01084EPSS
Exploits1References1
Rows per page
Query Builder