Lucene search
K

5964 matches found

Prion
Prion
added 2023/01/06 3:15 p.m.14 views

Cross site scripting

Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens prior to sha-fb61290. An attacker who discovers an HTTP-based Canarytoken a URL can use this to execute...

5.8CVSS6AI score0.0054EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/06 12:0 a.m.5 views

PT-2023-14793 · Zimbra · Zimbra Collaboration

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS version 9.0 Description: An issue was discovered in Zimbra Collaboration where XSS can occur via one of the attributes in webmail URLs, allowing the execution of arbitrary JavaScript code and leading to information...

6.1CVSS6.2AI score0.0041EPSS
Exploits0References7
Prion
Prion
added 2023/01/01 8:15 a.m.16 views

Cross site scripting

Multiple XSS issues were discovered in Sage Enterprise Intelligence 2021 R1.1 that allow an attacker to execute JavaScript code in the context of users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Notify Users About Modification me...

6CVSS8.6AI score0.00756EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/01/01 8:15 a.m.16 views

Cross site scripting

Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an attacker to execute JavaScript code in the context of other users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Filters and Display model...

4.9CVSS5.3AI score0.00397EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/01/01 12:0 a.m.20 views

Twake 跨站脚本漏洞

Twake is a secure open source collaboration platform open sourced by LINAGORA that improves organizational productivity. Twake suffers from a cross-site scripting vulnerability that originates from the presence of XSS in the integration URL in linagora/twake, which allows javascript to be execute...

5.7CVSS5.2AI score0.40916EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/01/01 12:0 a.m.5 views

Sage Enterprise Intelligence 跨站脚本漏洞

Sage Enterprise Intelligence is a fully integrated business intelligence and data management solution from Sage UK. A security vulnerability exists in Sage Enterprise Intelligence version 2021 R1.1, which stems from the presence of stored XSS that allows an attacker to send a malicious notificati...

9CVSS8.3AI score0.00756EPSS
Exploits1References2
CVE
CVE
added 2023/01/01 12:0 a.m.69 views

CVE-2022-34323

Sage XRT Business Exchange 12.4.302 contains multiple stored XSS flaws. An authenticated user can trigger JavaScript execution in other users’ browsers via: (1) Filters/Display model names rendered as HTML, (2) Alert names in Notifications/alerts, and (3) the File download feature where form fiel...

5.4CVSS5.2AI score0.00397EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/01 12:0 a.m.10 views

CVE-2022-34322

Multiple XSS issues were discovered in Sage Enterprise Intelligence 2021 R1.1 that allow an attacker to execute JavaScript code in the context of users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Notify Users About Modification me...

6.3AI score0.00756EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/01/01 12:0 a.m.7 views

CVE-2022-34323

Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an attacker to execute JavaScript code in the context of other users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Filters and Display model...

5.3AI score0.00397EPSS
Exploits1References1
OSV
OSV
added 2022/12/29 8:15 p.m.4 views

CVE-2022-38209

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could execute arbitrary JavaScript code in the victim’s browser...

6.1CVSS6AI score0.00494EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/12/29 12:0 a.m.5 views

Esri Portal For ArcGIS 跨站脚本漏洞

Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal for ArcGIS versions 10.8.1...

6.1CVSS6.3AI score0.00494EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/12/29 12:0 a.m.4 views

Esri Portal For ArcGIS 跨站脚本漏洞

Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal for ArcGIS versions 10.8.1...

6.1CVSS6.4AI score0.00498EPSS
Exploits0References3
Hacker One
Hacker One
added 2022/12/28 8:6 p.m.33 views

Equifax-vdp: reflected XSS in [www.equifax.com]

A reflected XSS vulnerability was found in the search functionality of Equifax's website. An attacker could execute malicious JavaScript code on a victim's browser by injecting a payload into the "q" parameter of the search query. This could potentially allow the attacker to steal the victim's...

6.3AI score
Exploits0
Vulnrichment
Vulnrichment
added 2022/12/25 12:0 a.m.8 views

CVE-2022-44012

An issue was discovered in /DS/LMAPI/api/SelectionService/InsertQueryWithActiveRelationsReturnId in Simmeth Lieferantenmanager before 5.6. An attacker can execute JavaScript code in the browser of the victim if a site is loaded. The victim's encrypted password can be stolen and most likely be...

7.4AI score0.00509EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2022/12/25 12:0 a.m.7 views

PT-2022-27075 · Unknown · Simmeth Lieferantenmanager

Name of the Vulnerable Software and Affected Versions: Simmeth Lieferantenmanager versions prior to 5.6 Description: An issue was discovered in the "/DS/LM API/api/SelectionService/InsertQueryWithActiveRelationsReturnId" API endpoint. This allows an attacker to execute JavaScript code in the...

5.4CVSS5.6AI score0.00509EPSS
Exploits3References3
OSV
OSV
added 2022/12/22 8:15 p.m.10 views

CVE-2022-3033

If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. I...

8.1CVSS8AI score
Exploits0References3
OSV
OSV
added 2022/12/22 8:15 p.m.3 views

DEBIAN-CVE-2022-26384

If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox 98, Firefox ESR 91.7, and Thunderbird 91....

9.6CVSS7.6AI score0.00931EPSS
Exploits1References1
OSV
OSV
added 2022/12/22 8:15 p.m.10 views

CVE-2022-26384

If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox 98, Firefox ESR 91.7, and Thunderbird 91....

9.6CVSS8.7AI score
Exploits0References4
OSV
OSV
added 2022/12/22 8:15 p.m.4 views

CVE-2022-22755

By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript within the bounds of the same-origin policy even after the tab was closed. This vulnerability affects Firefox 97...

8.8CVSS7.5AI score0.00586EPSS
Exploits0References2
NVD
NVD
added 2022/12/22 8:15 p.m.28 views

CVE-2022-22755

By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript within the bounds of the same-origin policy even after the tab was closed. This vulnerability affects Firefox 97...

8.8CVSS0.00586EPSS
Exploits0References2
Rows per page
Query Builder