Lucene search
K

5966 matches found

OSV
OSV
added 2019/05/22 12:29 a.m.1 views

DEBIAN-CVE-2019-10067

An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the contex...

5.4CVSS5AI score0.01155EPSS
Exploits0References1
exploitpack
exploitpack
added 2019/05/22 12:0 a.m.18 views

Microsoft Internet Explorer 11 - Sandbox Escape

Microsoft Internet Explorer 11 - Sandbox Escape Inject into IE11. Will work on other sandboxes that allow the opening of windows filepickers through a broker. You will gain medium IL javascript execution, at which point you simply retrigger your IE RCE bug. EDB Note Download:...

Exploits0
Exploit DB
Exploit DB
added 2019/05/22 12:0 a.m.75 views

Microsoft Internet Explorer 11 - Sandbox Escape

Inject into IE11. Will work on other sandboxes that allow the opening of windows filepickers through a broker. You will gain medium IL javascript execution, at which point you simply retrigger your IE RCE bug. EDB Note Download:...

7.4AI score
Exploits0
CVE
CVE
added 2019/05/21 11:23 p.m.71 views

CVE-2019-10066

Open Ticket Request System (OTRS) 7.x up to 7.0.6, Community Edition 6.0.x up to 6.0.17, and OTRSAppointmentCalendar 5.0.x up to 5.0.12 are affected by CVE-2019-10066. The issue allows an attacker who is logged in as an OTRS agent with appropriate permissions to craft a calendar appointment that ...

5.4CVSS5.4AI score0.00817EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/05/21 12:0 a.m.6 views

PT-2019-11414 · Otrs +2 · Otrs +2

Name of the Vulnerable Software and Affected Versions: Open Ticket Request System OTRS versions 7.x through 7.0.6 Open Ticket Request System OTRS Community Edition versions 5.0.x through 5.0.35 Open Ticket Request System OTRS Community Edition versions 6.0.x through 6.0.17 Description: An issue w...

9CVSS6AI score0.19901EPSS
Exploits11References98
Symantec
Symantec
added 2019/05/14 12:0 a.m.54 views

Microsoft SharePoint Server CVE-2019-0963 Cross Site Scripting Vulnerability

Description Microsoft SharePoint Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...

6.1AI score0.01585EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/05/13 1:29 p.m.21 views

CVE-2018-12303

Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names...

5.4CVSS5.5AI score0.00649EPSS
Exploits1References1
OSV
OSV
added 2019/05/13 1:29 p.m.4 views

CVE-2018-12297

Cross-site scripting in API error pages in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via URL path names...

6.1CVSS5.8AI score0.00692EPSS
Exploits1References1
Prion
Prion
added 2019/05/13 1:29 p.m.19 views

Cross site scripting

Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute JavaScript via the "hook" URL parameter...

4.3CVSS6.2AI score0.0526EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/05/13 1:29 p.m.16 views

Cross site scripting

Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names...

3.5CVSS5.6AI score0.00649EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/05/13 1:29 p.m.17 views

Cross site scripting

Cross-site scripting in Application Manager in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via multiple application metadata fields: Short Description, Publisher Name, Publisher Contact, or Website URL...

4.3CVSS6.2AI score0.00826EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/05/13 12:39 p.m.28 views

CVE-2018-12303

Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names...

5.6AI score0.00649EPSS
Exploits1References1
CVE
CVE
added 2019/05/13 12:35 p.m.43 views

CVE-2018-12299

CVE-2018-12299 relates to a cross-site scripting (XSS) vulnerability in Seagate NAS OS 4.3.15.1 filebrowser. The issue arises because uploaded file names can trigger JavaScript execution in the browser, enabling an attacker to perform actions in a victim’s session. The available connected documen...

5.4CVSS5.5AI score0.00649EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/05/13 12:33 p.m.49 views

CVE-2018-12297

CVE-2018-12297 affects Seagate NAS OS 4.3.15.1 with XSS in API error pages via URL path names. Root cause cited as insufficient validation of client data by the WEB application; impact is client-side script execution. Exploitation details/works are not provided in the documents; no remediation/ve...

6.1CVSS6.2AI score0.00692EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/05/08 4:29 p.m.17 views

CVE-2019-11818

Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting XSS in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp. This allows an attacker to insert arbitrary JavaScript as user input First Name or Last Name, which will be executed whenever the affected...

6.1CVSS6AI score0.00765EPSS
Exploits1References2
Node.js
Node.js
added 2019/05/07 7:38 p.m.18 views

Cross-Site Scripting

Overview All version of bootbox are vulnerable to Cross-Site Scripting. The package does not sanitize user input in the provided dialog boxes, allowing attackers to inject HTML code and execute arbitrary JavaScript. Recommendation Sanitize user input being passed to bootbox or consider using an...

7.3AI score
Exploits0Affected Software1
Prion
Prion
added 2019/05/06 7:29 p.m.17 views

Cross site scripting

An exploitable cross-site scripting vulnerability exists in the ACEManager pingresult.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the...

4.3CVSS6.2AI score0.05233EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2019/05/06 6:6 p.m.34 views

CVE-2018-4065

An exploitable cross-site scripting vulnerability exists in the ACEManager pingresult.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the...

6.1AI score0.05233EPSS
Exploits3References4
OSV
OSV
added 2019/05/01 9:29 p.m.2 views

UBUNTU-CVE-2018-8035

This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC = 2.2.2 which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code...

6.1CVSS6.5AI score0.04885EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/05/01 12:0 a.m.7 views

PT-2019-11143 · Apache · Apache Uima Ducc

Name of the Vulnerable Software and Affected Versions: Apache UIMA DUCC versions 2.2.2 and earlier Description: The issue arises from insufficient filtering of user-supplied inputs in the javascript code of Apache UIMA DUCC, potentially leading to the unintended execution of user-supplied...

6.1CVSS6.3AI score0.04885EPSS
Exploits0References10
Rows per page
Query Builder