Lucene search
K

5967 matches found

Node.js
Node.js
added 2019/06/17 9:49 p.m.21 views

Cross-Site Scripting

Overview Versions of diagram-js-direct-editing prior to 1.4.3 are vulnerable to Cross-Site Scripting. The package fails to sanitize input from the clipboard, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 1.4.3 or later. References -...

7.3AI score
Exploits0Affected Software1
CNVD
CNVD
added 2019/06/11 12:0 a.m.1 views

Cloud Classroom online school system suffers from override access, xss vulnerability

Cloud Classroom is the online education system of Beijing Yuxin Technology Co. Cloud Classroom online school system suffers from an override access, xss vulnerability, which can be exploited by attackers to modify other user profiles and execute js code on the browser...

7.4AI score
Exploits0
OSV
OSV
added 2019/06/05 4:29 p.m.4 views

CVE-2019-9673

Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI...

8.8CVSS7.5AI score0.03983EPSS
Exploits1References3
NVD
NVD
added 2019/06/05 4:29 p.m.13 views

CVE-2019-9673

Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI...

8.8CVSS8.5AI score0.03983EPSS
Exploits1References3
Prion
Prion
added 2019/06/05 4:29 p.m.14 views

Design/Logic Flaw

Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI...

6.8CVSS8.4AI score0.03983EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/06/05 3:40 p.m.25 views

CVE-2019-9673

Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI...

8.5AI score0.03983EPSS
Exploits1References3
CVE
CVE
added 2019/06/05 3:40 p.m.58 views

CVE-2019-9673

Freenet 1483 is affected by a MIME-type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI. The root cause is improper MIME-type handling, enabling code execution without user interaction. NVD lists CVSS v2 base score 6.8 (Network, Medium complexity) and CVSS v3 base scor...

8.8CVSS8.4AI score0.03983EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2019/06/04 7:36 p.m.15 views

GHSA-M734-R4G6-34F9 NoSQL Injection in loopback-connector-mongodb

Versions of loopback-connector-mongodb before 3.6.0 are vulnerable to NoSQL injection. MongoDB Connector for LoopBack fails to properly sanitize a filter passed to query the database by allowing the dangerous $where property to be passed to the MongoDB Driver. The Driver allows the special $where...

7.3AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2019/06/04 7:36 p.m.27 views

NoSQL Injection in loopback-connector-mongodb

Versions of loopback-connector-mongodb before 3.6.0 are vulnerable to NoSQL injection. MongoDB Connector for LoopBack fails to properly sanitize a filter passed to query the database by allowing the dangerous $where property to be passed to the MongoDB Driver. The Driver allows the special $where...

1.9AI score
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/05/31 12:0 a.m.19 views

The vulnerability of the web interface of the Cisco Registered Envelope Service allows a perpetrator to execute arbitrary JavaScript code and gain unauthorized access to the protected information.

The vulnerability of the Cisco Registered Envelope Service RES web interface lies in the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code and gain unauthorized access to protected informati...

5.4CVSS6.3AI score0.00893EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/05/31 12:0 a.m.4 views

Vulnerability of the software complex: Regional electronic budget. An integration platform related to insufficient protection of web page structures, allowing attackers to execute arbitrary JavaScript code in the user’s browser.

Vulnerability of the software complex: Regional electronic budget. The integration platform is associated with insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

7.5CVSS5.8AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/05/31 12:0 a.m.3 views

The vulnerability of the Enterprise Resource Management System “Galaktika ERP” relates to insufficient protection of the website structure, allowing attackers to execute arbitrary JavaScript code in the browser of the connected client.

The vulnerability of the component that allows sending messages to connected users in the enterprise resource management system Galaktika ERP is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript...

5.4CVSS5.8AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/05/31 12:0 a.m.3 views

The vulnerability in the web interface of the Cisco Firepower Management Center’s management tool allows a perpetrator to execute arbitrary JavaScript code or gain unauthorized access to protected information.

The vulnerability of the Cisco Firepower Management Center’s web interface management interface relates to the lack of protective measures for the web page structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code or gain unauthorized access to protect...

4.8CVSS6AI score0.0087EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2019/05/23 6:29 p.m.4 views

CVE-2017-11560

An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the applicatio...

5.4CVSS5.8AI score0.01388EPSS
Exploits1References3
0day.today
0day.today
added 2019/05/23 12:0 a.m.76 views

Microsoft Internet Explorer 11 - Sandbox Escape Exploit

Exploit for windows platform in category local exploits Inject into IE11. Will work on other sandboxes that allow the opening of windows filepickers through a broker. You will gain medium IL javascript execution, at which point you simply retrigger your IE RCE bug. EDB Note Download:...

7.2AI score
Exploits0
UbuntuCve
UbuntuCve
added 2019/05/22 12:29 a.m.28 views

CVE-2019-10067

An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the contex...

5.4CVSS6.5AI score0.01155EPSS
Exploits0References2
Prion
Prion
added 2019/05/22 12:29 a.m.18 views

Design/Logic Flaw

An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the contex...

3.5CVSS5.4AI score0.01155EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2019/05/22 12:29 a.m.16 views

Design/Logic Flaw

An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment ...

3.5CVSS5.4AI score0.00817EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/05/22 12:29 a.m.1 views

DEBIAN-CVE-2019-10067

An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the contex...

5.4CVSS5AI score0.01155EPSS
Exploits0References1
OSV
OSV
added 2019/05/22 12:29 a.m.17 views

CVE-2019-10066

An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment ...

5.4CVSS6.8AI score
Exploits0References1
Rows per page
Query Builder