Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

225 matches found

Cvelist
Cvelistadded 2023/11/30 1:55 p.m.23 views

CVE-2023-6433 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/suppliersview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

6.3CVSS6.1AI score0.00388EPSS
Exploits0References1
Cvelist
Cvelistadded 2023/11/30 1:55 p.m.23 views

CVE-2023-6432 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to sto...

6.3CVSS6.1AI score0.00388EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2023/11/30 1:54 p.m.13 views

CVE-2023-6431 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/categoriesview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user t...

6.3CVSS6AI score0.00388EPSS
Exploits0References1
Cvelist
Cvelistadded 2023/11/30 1:54 p.m.21 views

CVE-2023-6431 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/categoriesview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user t...

6.3CVSS6.1AI score0.00388EPSS
Exploits0References1
Cvelist
Cvelistadded 2023/11/30 1:54 p.m.25 views

CVE-2023-6430 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /inventory/transactionsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user...

6.3CVSS6.1AI score0.00388EPSS
Exploits0References1
Cvelist
Cvelistadded 2023/11/30 1:54 p.m.28 views

CVE-2023-6429 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/clientsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user ...

6.3CVSS6.1AI score0.00388EPSS
Exploits0References1
Cvelist
Cvelistadded 2023/11/30 1:53 p.m.21 views

CVE-2023-6428 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/itemsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to...

6.3CVSS6.1AI score0.00388EPSS
Exploits0References1
Cvelist
Cvelistadded 2023/11/30 1:52 p.m.26 views

CVE-2023-6427 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Invoicing System 2.6, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /invoicing/app/invoicesview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user...

6.3CVSS6.1AI score0.00388EPSS
Exploits0References1
Cvelist
Cvelistadded 2023/11/30 1:49 p.m.15 views

CVE-2023-6425 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medicalrecordsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacki...

6.3CVSS6.2AI score0.00395EPSS
Exploits0References1
Cvelist
Cvelistadded 2023/11/30 1:49 p.m.24 views

CVE-2023-6424 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/diseasesymptomsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an...

6.3CVSS6.2AI score0.00388EPSS
Exploits0References1
Cvelist
Cvelistadded 2023/11/30 1:48 p.m.26 views

CVE-2023-6422 Cross-site Scripting vulnerability in BigProf products

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/patientsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking use...

6.3CVSS6.2AI score0.00388EPSS
Exploits0References1
NVD
NVDadded 2023/10/30 11:15 p.m.43 views

CVE-2023-45671

Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the / base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both...

4.7CVSS4.6AI score0.01425EPSS
Exploits1References2
Cvelist
Cvelistadded 2023/10/30 10:41 p.m.30 views

CVE-2023-45671 Frigate reflected XSS through `/<camera_name>` API endpoints

Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the / base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both...

4.7CVSS4.8AI score0.01425EPSS
Exploits1References2
Microsoft Secure
Microsoft Secureadded 2023/09/12 5:0 p.m.67 views

Malware distributor Storm-0324 facilitates ransomware access

The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ransomware deployment. Beginnin...

4.1CVSS7.3AI score0.12107EPSS
Exploits0
Prion
Prionadded 2023/03/16 9:15 p.m.14 views

Cross site scripting

Streamlit, software for turning data scripts into web applications, had a cross-site scripting XSS vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit apps were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to ...

5.8CVSS5.8AI score0.00407EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2023/03/16 9:15 p.m.41 views

PYSEC-2023-50

Streamlit, software for turning data scripts into web applications, had a cross-site scripting XSS vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit apps were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to ...

6.1CVSS5.3AI score0.00407EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2023/03/16 8:29 p.m.8 views

CVE-2023-27494 Streamlit Cross-site Scripting vulnerability

Streamlit, software for turning data scripts into web applications, had a cross-site scripting XSS vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit apps were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to ...

5.9CVSS5.9AI score0.00407EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2023/03/16 12:0 a.m.7 views

PT-2023-21169 · Streamlit · Streamlit

Name of the Vulnerable Software and Affected Versions: Streamlit versions 0.63.0 through 0.80.0 Description: The issue is a cross-site scripting XSS vulnerability that affects users of hosted Streamlit apps. An attacker could craft a malicious URL with Javascript payloads to a Streamlit app,...

6.1CVSS5.9AI score0.00407EPSS
Exploits0References9
Vulnrichment
Vulnrichmentadded 2022/11/23 12:0 a.m.5 views

CVE-2022-37429

Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 2 via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters...

5.9AI score0.00473EPSS
Exploits0References4
OSV
OSVadded 2022/07/25 7:15 p.m.3 views

CVE-2022-22999

Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and inject JavaScript payloads into an authenticated user's browser. As a result, it may be possible to ga...

4.8CVSS5.6AI score0.00319EPSS
Exploits0References1
Rows per page
Query Builder