Lucene search
K

5967 matches found

BDU FSTEC
BDU FSTEC
added 2019/08/20 12:0 a.m.5 views

The vulnerability of the `defaults` function in the Lodash library allows a attacker to trigger a service failure, execute arbitrary JavaScript code, or increase their privileges.

The vulnerability of the defaults function in the Lodash library is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures, execute arbitrary JavaScript code, or enhance their privileges...

9.8CVSS8.1AI score0.05006EPSS
Exploits2References7Affected Software2
0day.today
0day.today
added 2019/08/12 12:0 a.m.54 views

WebKit - UXSS via XSLT and Nested Document Replacements Exploit

VULNERABILITY DETAILS https://trac.webkit.org/browser/webkit/trunk/Source/WebCore/xml/XSLTProcessor.cppL66 Ref XSLTProcessor::createDocumentFromSourceconst String& sourceString, const String& sourceEncoding, const String& sourceMIMEType, Node sourceNode, Frame frame Ref...

6.1CVSS0.2AI score0.04558EPSS
Exploits2
Exploit DB
Exploit DB
added 2019/08/12 12:0 a.m.102 views

WebKit - UXSS via XSLT and Nested Document Replacements

VULNERABILITY DETAILS https://trac.webkit.org/browser/webkit/trunk/Source/WebCore/xml/XSLTProcessor.cppL66 Ref XSLTProcessor::createDocumentFromSourceconst String& sourceString, const String& sourceEncoding, const String& sourceMIMEType, Node sourceNode, Frame frame Ref...

7.4AI score
Exploits0
NVD
NVD
added 2019/08/08 2:15 a.m.19 views

CVE-2019-14770

In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality. This issue is mitigated by the attacker needing permissions to create...

6.1CVSS6.2AI score0.00793EPSS
Exploits0References1
Prion
Prion
added 2019/08/08 2:15 a.m.12 views

Sql injection

In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality. This issue is mitigated by the attacker needing permissions to create...

4.3CVSS6.3AI score0.00793EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/08/08 1:36 a.m.97 views

CVE-2019-14770

CVE-2019-14770 affects Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3. An attacker who can create administrative menu links (roles with such permissions) can craft menu links in the admin bar to execute JavaScript when an administrator using the search function is logged in. The root ...

6.1CVSS6.2AI score0.00793EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/08 1:36 a.m.20 views

CVE-2019-14770

In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality. This issue is mitigated by the attacker needing permissions to create...

6.3AI score0.00793EPSS
Exploits0References1
CNVD
CNVD
added 2019/08/06 12:0 a.m.2 views

Firefly III Cross-Site Scripting Vulnerability (CNVD-2019-30451)

Firefly III is a free, open source, self-hosted personal finance manager. A stored cross-site scripting vulnerability exists in Firefly III 4.7.17.3. The vulnerability stems from a lack of filtering of data provided by the user in the billname field. An attacker can exploit the vulnerability to...

5.4CVSS6.3AI score0.00762EPSS
Exploits1References1
Prion
Prion
added 2019/08/05 8:15 p.m.14 views

Design/Logic Flaw

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. The JavaScript code is executed during rule-from-bill creation...

3.5CVSS5.2AI score0.00762EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2019/08/02 10:15 p.m.14 views

Cross site scripting

A reflected cross-site scripting vulnerability exists on the customer cart checkout page of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by sending a victim a crafted URL that results in malicious javascript execution in the victim's...

4.3CVSS5.9AI score0.01042EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/08/02 12:0 a.m.3 views

The vulnerability of the Palo Alto Networks MineMeld software lies in the lack of protection for website structures, allowing attackers to execute arbitrary JavaScript code.

The vulnerability of the Palo Alto Networks MineMeld software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...

6.4CVSS5.9AI score0.01068EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2019/08/01 5:15 p.m.15 views

Information disclosure

When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive information disclosure. An attacker can exploit this issue by enticing an unsuspecting user to open a...

5.8CVSS7.6AI score0.01185EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/07/30 9:15 p.m.4 views

CVE-2019-5457

Cross-site scripting XSS vulnerability in min-http-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

5.4CVSS6.3AI score0.00709EPSS
Exploits1References1
OSV
OSV
added 2019/07/30 9:15 p.m.3 views

CVE-2019-5458

Cross-site scripting XSS vulnerability in http-file-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

5.4CVSS6.3AI score0.00709EPSS
Exploits1References1
NVD
NVD
added 2019/07/30 9:15 p.m.26 views

CVE-2019-5458

Cross-site scripting XSS vulnerability in http-file-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

5.4CVSS5.4AI score0.00709EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2019/07/30 12:0 a.m.3 views

PT-2019-17686 · Unknown · Min-Http-Server

Name of the Vulnerable Software and Affected Versions: min-http-server all versions Description: A cross-site scripting XSS issue allows an attacker with access to the server file system to execute arbitrary JavaScript code in a victim's browser. The package fails to sanitize filenames, enabling...

5.4CVSS5.3AI score0.00709EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2019/07/30 12:0 a.m.22 views

Vulnerability of the software complex: Regional electronic budget. An integration platform related to insufficient protection of web page structures, allowing attackers to execute arbitrary JavaScript code in the user’s browser.

Vulnerability of the software complex: Regional electronic budget. The integration platform is associated with insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

8.6CVSS5.8AI score
Exploits0Affected Software1
Veracode
Veracode
added 2019/07/24 7:30 a.m.7 views

Cross-site Scripting (XSS)

stackable.js is vulnerable to Cross-Site Scripting. The library does not sanitize the output properly when constructing the HTML from the existing elements,, allowing an attacker to use a malicious payload to execute arbitrary Javascript code...

7AI score
Exploits0
CNVD
CNVD
added 2019/07/22 12:0 a.m.2 views

Foxit PhantomPDF Denial of Service Vulnerability (CNVD-2019-24197)

PhantomPDF is a multifunctional PDF editor. A denial of service vulnerability exists in Foxit PhantomPDF versions prior to 8.3.11. The vulnerability stems from a failure to properly validate the existence of an object before performing operations on it during JavaScript execution. An attacker cou...

7.5CVSS6.8AI score0.0166EPSS
Exploits0References1
OSV
OSV
added 2019/07/18 5:15 p.m.2 views

UBUNTU-CVE-2019-1010261

Gitea 1.7.0 and earlier is affected by: Cross Site Scripting XSS. The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically...

6.1CVSS6.6AI score0.0084EPSS
Exploits0References3
Rows per page
Query Builder