Lucene search
K

5964 matches found

CNNVD
CNNVD
added 2022/12/14 12:0 a.m.5 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. A cross-site scripting vulnerabilit...

5.4CVSS6.1AI score0.00708EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/12/13 12:0 a.m.5 views

PT-2022-6053 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.14 and earlier Description: The issue exists due to inadequate protection of the web page structure. An attacker, acting remotely, can exploit this to execute arbitrary code using a specially crafted link...

5.5CVSS5.5AI score0.0048EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2022/12/13 12:0 a.m.6 views

CVE-2022-43996

The csafprovider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories JSON format to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web browser, these advisories a...

5.5AI score0.00454EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/12/08 11:30 p.m.31 views

Cross-site scripting vulnerability in TinyMCE alerts

Impact A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which presents these dialogs when certain...

6.1CVSS0.1AI score0.00939EPSS
Exploits0References8Affected Software2
UbuntuCve
UbuntuCve
added 2022/12/08 10:15 p.m.23 views

CVE-2022-23494

tinymce is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which...

6.1CVSS6.6AI score0.00939EPSS
Exploits0References7
Cvelist
Cvelist
added 2022/12/08 9:29 p.m.32 views

CVE-2022-23494 Cross-site scripting vulnerability in TinyMCE alerts

tinymce is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which...

5.4CVSS6.4AI score0.00939EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2022/12/08 9:29 p.m.22 views

CVE-2022-23494

Removed by vendor...

6.1CVSS6.2AI score0.00939EPSS
Exploits0
OSV
OSV
added 2022/12/08 4:15 p.m.2 views

CVE-2022-38754

A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM Operations Bridge Manager user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is on...

5.4CVSS5.7AI score0.00623EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/12/07 12:0 a.m.7 views

CVE-2022-43668

Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a file with the affected product...

6.3AI score0.00357EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/12/07 12:0 a.m.6 views

PT-2022-26996 · Typora · Typora

Name of the Vulnerable Software and Affected Versions: Typora versions prior to 1.4.4 Description: The issue is related to the improper neutralization of JavaScript code. When a file is opened with the affected product, it may result in the execution of JavaScript code contained in the file...

6.1CVSS7.4AI score0.00357EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/12/05 12:0 a.m.6 views

PT-2022-7126 · Samsung · Galaxy Store

Name of the Vulnerable Software and Affected Versions: Galaxy Store versions prior to 4.5.49.8 Description: The issue exists due to inadequate protection of the web page structure, allowing an attacker to execute a JavaScript script when a web page is loaded. This is caused by an improper input...

7.8CVSS6.4AI score0.12885EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2022/11/23 4:56 p.m.34 views

CVE-2022-31777

A stored cross-site scripting XSS flaw was found in Apache Spark. This issue allows an attacker to execute arbitrary JavaScript in the web browser of a user, including a malicious payload into the logs which are returned in logs rendered in the UI...

5.4CVSS2.7AI score0.01473EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/11/20 12:0 a.m.10 views

CVE-2022-4068 Improperly Controlled Modification of Dynamically-Determined Object Attributes in librenms/librenms

A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary...

7.6CVSS5.6AI score0.33968EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/11/16 2:15 p.m.4 views

CVE-2022-4022

The SVG Support plugin for WordPress defaults to insecure settings in version 2.5 and 2.5.1. SVG files containing malicious javascript are not sanitized. While version 2.5 adds the ability to sanitize image as they are uploaded, the plugin defaults to disable sanitization and does not restrict SV...

6.4CVSS5.8AI score0.00413EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/15 12:0 a.m.9 views

CVE-2022-40846

In Tenda AC1200 Router model W15Ev2 V15.11.0.101576, a Stored Cross Site Scripting XSS vulnerability exists allowing an attacker to execute JavaScript code via the applications stored hostname...

5.8AI score0.00558EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.5 views

Tenda AC1200 跨站脚本漏洞

The Tenda AC1200 is a wireless router from Tenda China. A security vulnerability exists in the Tenda AC1200 version 15.11.0.10, which stems from a stored cross-site scripting issue. The vulnerability allows an attacker to execute JavaScript code by leveraging the filter tabs specifically the URL...

5.4CVSS5.7AI score0.00546EPSS
Exploits1References3
Huntr
Huntr
added 2022/11/04 12:45 a.m.27 views

XSS and CSP bypass in app.diagrams.net

Description The application reflects an input from the url without sanitizing it. With a csp bypass from apis.google.com its possible to execute javascript code. Proof of Concept...

5.8CVSS0.4AI score0.00624EPSS
Exploits1
OSV
OSV
added 2022/11/01 4:15 p.m.1 views

PYSEC-2022-42976

A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...

5.4CVSS6.7AI score0.01473EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/01 12:0 a.m.4 views

Fortinet FortiManager和FortiAnalyzer 跨站脚本漏洞

Fortinet FortiManager and Fortinet FortiAnalyzer are both products from Fortinet, Inc. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can be grouped into different management domains...

8CVSS5.6AI score0.00684EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/11/01 12:0 a.m.4 views

CVE-2022-31777 Apache Spark XSS vulnerability in log viewer UI Javascript

A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI...

5.4AI score0.01473EPSS
Exploits0References2
Rows per page
Query Builder