Lucene search
K

5963 matches found

ATTACKERKB
ATTACKERKB
added 2022/10/11 11:15 a.m.5 views

CVE-2022-40181

A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...

8.3CVSS7.5AI score0.00845EPSS
Exploits0References2
OSV
OSV
added 2022/10/11 11:15 a.m.5 views

CVE-2022-40181

A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...

8.3CVSS6AI score0.00845EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/10/11 12:0 a.m.6 views

PT-2022-25262 · Siemens · Desigo Pxm40-1 +9

Name of the Vulnerable Software and Affected Versions: Desigo PXM30-1 versions prior to V02.20.126.11-41 Desigo PXM30.E versions prior to V02.20.126.11-41 Desigo PXM40-1 versions prior to V02.20.126.11-41 Desigo PXM40.E versions prior to V02.20.126.11-41 Desigo PXM50-1 versions prior to...

8.3CVSS8.1AI score0.00845EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/10/10 12:0 a.m.6 views

PT-2022-6442 · Nokia · Netact

Name of the Vulnerable Software and Affected Versions: Nokia NetAct versions prior to 22 FP2211 Description: The issue is related to the lack of input validation when creating a working set in the NetAct system, allowing an attacker to inject a client-side template payload. This can lead to the...

8.8CVSS7.2AI score0.0059EPSS
Exploits0References6
OSV
OSV
added 2022/09/28 5:15 p.m.5 views

CVE-2021-41434

A stored Cross-Site Scripting XSS vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php...

5.4CVSS6AI score0.00513EPSS
Exploits2References2
NVD
NVD
added 2022/09/28 5:15 p.m.13 views

CVE-2021-41434

A stored Cross-Site Scripting XSS vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php...

5.4CVSS0.00513EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2022/09/28 4:39 p.m.8 views

CVE-2021-41434

A stored Cross-Site Scripting XSS vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php...

5.5AI score0.00513EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2022/09/26 3:57 p.m.4 views

Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a Thunderbird user replying to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute and the content attribute specifying an URL. Thunderbird started a...

8.1CVSS7.6AI score0.00768EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/09/26 3:37 p.m.2 views

Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a Thunderbird user replying to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute and the content attribute specifying an URL. Thunderbird started a...

8.1CVSS7.6AI score0.00768EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/09/26 2:54 p.m.2 views

Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a Thunderbird user replying to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute and the content attribute specifying an URL. Thunderbird started a...

8.1CVSS7.6AI score0.00768EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 11:13 p.m.20 views

Security Bulletin: Ensure that DataPower services running in production environments are not configured to blindly echo requests. (CVE-2013-0499)

Abstract DataPower services like XML Firewall, Multi Protocol Gateway, Web Service Proxy and Web Token Service when configured to blindly echo requests could result in potential security vulnerability in production environments. Content VULNERABILITY DETAILS: DESCRIPTION: For the purposes of...

4.3CVSS6.1AI score0.01208EPSS
Exploits2Affected Software1
CNNVD
CNNVD
added 2022/09/23 12:0 a.m.4 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. A cross-site scripting vulnerabilit...

5.4CVSS6.2AI score0.007EPSS
Exploits0References3
OSV
OSV
added 2022/09/16 6:15 p.m.3 views

CVE-2022-30681

Adobe Experience Manager versions 6.5.13.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's...

5.4CVSS5.7AI score0.00533EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/09/16 5:45 p.m.25 views

CVE-2022-30680 AEM Reflected XSS Arbitrary code execution

Adobe Experience Manager versions 6.5.13.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's...

5.4CVSS5.9AI score0.00533EPSS
Exploits0References1
NVD
NVD
added 2022/09/08 9:15 p.m.37 views

CVE-2022-36097

XWiki Platform Attachment UI provides a macro to easily upload and select attachments for XWiki Platform, a generic wiki platform. Starting with version 14.0-rc-1 and prior to 14.4-rc-1, it's possible to store JavaScript in an attachment name, which will be executed by anyone trying to move the...

8.9CVSS0.57388EPSS
Exploits1References4
NVD
NVD
added 2022/09/08 9:15 p.m.28 views

CVE-2022-36096

The XWiki Platform Index UI is an Index of all pages, attachments, orphans and deleted pages and attachments for XWiki Platform, a generic wiki platform. Prior to versions 13.10.6 and 14.3, it's possible to store JavaScript which will be executed by anyone viewing the deleted attachments index wi...

9CVSS0.5947EPSS
Exploits0References3
Prion
Prion
added 2022/09/08 9:15 p.m.19 views

Code injection

XWiki Platform Mentions UI is a user interface for mentioning users in wiki content for XWiki Platform, a generic wiki platform. Starting in version 12.5-rc-1 and prior to versions 13.10.6 and 14.4, it's possible to store Javascript or groovy scripts in a mention, macro anchor, or reference field...

6CVSS9AI score0.71043EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2022/09/08 9:15 p.m.21 views

Code injection

XWiki Platform Attachment UI provides a macro to easily upload and select attachments for XWiki Platform, a generic wiki platform. Starting with version 14.0-rc-1 and prior to 14.4-rc-1, it's possible to store JavaScript in an attachment name, which will be executed by anyone trying to move the...

5.8CVSS6.2AI score0.57388EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/09/08 8:35 p.m.30 views

CVE-2022-36097 XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form

XWiki Platform Attachment UI provides a macro to easily upload and select attachments for XWiki Platform, a generic wiki platform. Starting with version 14.0-rc-1 and prior to 14.4-rc-1, it's possible to store JavaScript in an attachment name, which will be executed by anyone trying to move the...

8.9CVSS6.4AI score0.57388EPSS
Exploits1References6
OSV
OSV
added 2022/09/08 8:30 p.m.20 views

CVE-2022-36096 XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list

The XWiki Platform Index UI is an Index of all pages, attachments, orphans and deleted pages and attachments for XWiki Platform, a generic wiki platform. Prior to versions 13.10.6 and 14.3, it's possible to store JavaScript which will be executed by anyone viewing the deleted attachments index wi...

8.9CVSS8.5AI score0.5947EPSS
Exploits0References5
Rows per page
Query Builder