Lucene search
K

5964 matches found

CNVD
CNVD
added 2023/02/06 12:0 a.m.11 views

Moxa SDS-3008 Cross-Site Scripting Vulnerability

Moxa SDS-3008 is a series of industrial switches from MOXA China. The Moxa SDS-3008 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to send a specially crafted HTTP request resulting in arbitrary Javascript execution...

5.4CVSS6.3AI score0.01084EPSS
Exploits1References1
OSV
OSV
added 2023/02/03 7:31 p.m.31 views

CVE-2023-23937 Missing file upload type validation in pimcore/pimcore

Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid...

8.2CVSS6.1AI score0.00476EPSS
Exploits0References4
OSV
OSV
added 2023/02/03 11:4 a.m.7 views

OESA-2023-1057 batik security update

Batik is an inline templating engine for CoffeeScript, inspired by CoffeeKup, that lets you write your template directly as a CoffeeScript function. Security Fixes: A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache...

7.5CVSS9.1AI score0.0232EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/02 12:0 a.m.7 views

MOXA SDS-3008 跨站脚本漏洞

Moxa SDS-3008 is a series of industrial switches from MOXA China. The Moxa SDS-3008 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to send a specially crafted HTTP request resulting in arbitrary Javascript execution...

5.4CVSS6.4AI score0.01028EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/02/02 12:0 a.m.5 views

MOXA SDS-3008 跨站脚本漏洞

Moxa SDS-3008 is a series of industrial switches from MOXA China. The Moxa SDS-3008 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to send a specially crafted HTTP request resulting in arbitrary Javascript execution...

5.4CVSS6.4AI score0.01084EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/02/02 12:0 a.m.5 views

MOXA SDS-3008 跨站脚本漏洞

Moxa SDS-3008 is a series of industrial switches from MOXA China. The Moxa SDS-3008 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to send a specially crafted HTTP request resulting in arbitrary Javascript execution...

5.4CVSS6.4AI score0.01084EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.4 views

ProjectSend 跨站脚本漏洞

ProjectSend formerly cFTP is a set of self-hosted applications based on PHP and MySQL.A cross-site scripting vulnerability exists in versions prior to ProjectSend r1606, which could be exploited by attackers to execute arbitrary javascript in the administrator account...

7.2CVSS6.5AI score0.00682EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/01/27 12:0 a.m.4 views

Grafana 跨站脚本漏洞

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus and so on. Grafana has a cross-site scripting vulnerability that stems from SVG files not properly clean...

7.3CVSS7.1AI score0.00779EPSS
Exploits0References8
OSV
OSV
added 2023/01/26 9:18 p.m.3 views

CVE-2023-23949

An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser...

5.4CVSS6.1AI score
Exploits0References1
NVD
NVD
added 2023/01/20 6:15 p.m.20 views

CVE-2023-22910

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision- fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs...

5.4CVSS5.3AI score0.00516EPSS
Exploits1References1
OSV
OSV
added 2023/01/20 6:15 p.m.25 views

CVE-2023-22910

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision- fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs...

5.4CVSS5.3AI score
Exploits0References1
Prion
Prion
added 2023/01/20 6:15 p.m.32 views

Code injection

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision- fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs...

4.9CVSS5.3AI score0.00516EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/01/20 12:0 a.m.26 views

CVE-2023-22910

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision- fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs...

5.6AI score0.00516EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/01/20 12:0 a.m.5 views

PT-2023-18770 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.9 MediaWiki versions 1.36.x through 1.38.x before 1.38.5 MediaWiki versions 1.39.x before 1.39.1 Description: An issue was discovered in MediaWiki that allows JavaScript execution by staff/admin users who do n...

9.8CVSS5.8AI score0.22699EPSS
Exploits27References101
Vulnrichment
Vulnrichment
added 2023/01/20 12:0 a.m.12 views

CVE-2023-22910

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision- fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs...

5.5AI score0.00516EPSS
Exploits1References1
NVD
NVD
added 2023/01/12 4:15 a.m.20 views

CVE-2022-3573

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute...

5.4CVSS5.5AI score0.00585EPSS
Exploits0References3
Prion
Prion
added 2023/01/12 4:15 a.m.24 views

Input validation

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute...

4.9CVSS5.8AI score0.00585EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2023/01/12 12:0 a.m.4 views

PT-2023-13448 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.4 through 15.5.7 GitLab CE/EE versions 15.6 through 15.6.4 GitLab CE/EE versions 15.7 through 15.7.2 Description: The issue arises from inadequate filtering of query parameters on the wiki changes page, allowing an...

5.4CVSS9.7AI score0.00585EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2023/01/11 12:0 a.m.27 views

FreeBSD : Gitlab -- Multiple Vulnerabilities (3a023570-91ab-11ed-8950-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 3a023570-91ab-11ed-8950-001b217b3468 advisory. - Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7...

8.5CVSS6.5AI score0.00974EPSS
Exploits0References12
Huntr
Huntr
added 2023/01/10 11:35 a.m.10 views

XSS via markdown syntax

Description Hi,Maintainer,thanks for reading.I am glad to report a secure problem to you. I found that your forum allows users to use markdown syntax to post articles and comments, but there is no corresponding protection means, which is unsafe. Any user can post dangerous content, like the...

2.1AI score
Exploits0
Rows per page
Query Builder