Lucene search
K

5967 matches found

Positive Technologies
Positive Technologies
added 2019/05/01 12:0 a.m.7 views

PT-2019-11143 · Apache · Apache Uima Ducc

Name of the Vulnerable Software and Affected Versions: Apache UIMA DUCC versions 2.2.2 and earlier Description: The issue arises from insufficient filtering of user-supplied inputs in the javascript code of Apache UIMA DUCC, potentially leading to the unintended execution of user-supplied...

6.1CVSS6.3AI score0.04885EPSS
Exploits0References10
Hacker One
Hacker One
added 2019/04/22 12:51 p.m.24 views

ZEIT: Reflected DOM-Based XSS On Due Lack Filter On Parameter ?next

Summary: Hello I found that the parameter next lacks filtering, allowing the attacker to exploit this vulnerability to redirect users to a malicious site + The Attacker Can Exploit this bug to redirect the user to Malcious Site + The attacker can execute JavaScript code in the user browser Becaus...

Exploits0
Node.js
Node.js
added 2019/04/17 7:11 p.m.23 views

Arbitrary JavaScript Execution

Overview Versions of typed-function prior to 0.10.6 are vulnerable to Arbitrary JavaScript Execution. Function names are not properly sanitized and may allow an attacker to execute arbitrary code. Recommendation Upgrade to version 0.10.6 or later. References - GitHub Commit - Snyk Report - GitHub...

6.8CVSS5.4AI score0.01884EPSS
Exploits0Affected Software1
OSV
OSV
added 2019/04/12 8:42 p.m.2 views

GHSA-8P7V-2JVJ-V54R Apache Airflow vulnerable to Stored XSS

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

5.3CVSS6.5AI score0.02767EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2019/04/12 12:0 a.m.4 views

The vulnerability of Google Chrome browser, related to improper input data validation, allows a malicious actor to execute arbitrary JavaScript code.

The vulnerability of Google Chrome is related to errors in event handling by Apple. Exploiting this vulnerability can allow an attacker to execute JavaScript code...

7.8CVSS7.6AI score0.00336EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2019/04/08 3:18 p.m.14 views

GHSA-GM29-35C7-8CFW Cross-Site Scripting in buttle

All versions of buttle are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available. Consider using a...

6.1CVSS6AI score0.01172EPSS
Exploits0References6
NVD
NVD
added 2019/04/06 8:29 p.m.8 views

CVE-2019-10905

Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script already running on the affected page executes the contents of any element with a specific class. This occurs because spaces are permitted in code bloc...

8.1CVSS8AI score0.01469EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2019/04/04 12:0 a.m.3 views

The vulnerability of the Expedition Migration tool, which exists due to the lack of measures taken to protect the website structure, allows a hacker to execute arbitrary JavaScript or HTML code.

The vulnerability of the Network Configuration Transfer tool exists because no measures have been taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript or HTML code remotely...

4.8CVSS6AI score0.01083EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2019/04/01 9:30 p.m.4 views

CVE-2019-5514

VMware VMware Fusion 11.x before 11.0.3 contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware...

8.8CVSS7.4AI score0.03484EPSS
Exploits0References3
Carbon Black Blog
Carbon Black Blog
added 2019/04/01 3:23 p.m.137 views

CB TAU Threat Intelligence Notification – Recent Emotet Campaign Leverages Phishing, PDFs & Droppers Impersonating Legitimate Applications

This past week, CB ThreatSight analysts were investigating suspicious events in an environment. This customer had installed the CB Defense sensor on a subset of systems in monitor only mode for evaluation. While investigating suspicious events, a CB ThreatSight analyst uncovered a new Emotet...

0.7AI score
Exploits0
CNVD
CNVD
added 2019/04/01 12:0 a.m.2 views

Apache JSPWiki Cross-Site Scripting Vulnerability

Apache JSPWiki is the U.S. Apache Apache Software Foundation of a Java-based , Servlet and JSP to build an open source WikiWiki engine . A security vulnerability exists in Apache JSPWiki versions 2.9.0 through 2.11.0.M2. The vulnerability can be exploited by an attacker to execute JavaScript code...

6.1CVSS7.2AI score0.0515EPSS
Exploits0References1
OSV
OSV
added 2019/03/30 3:29 a.m.12 views

CVE-2019-10646

Wolf CMS v0.8.3.1 is affected by cross site scripting XSS in the module Add Snippet /?/admin/snippet/add. This allows an attacker to insert arbitrary JavaScript as user input, which will be executed whenever the affected snippet is loaded...

6.1CVSS5.9AI score
Exploits0References1
Cvelist
Cvelist
added 2019/03/29 2:6 p.m.28 views

CVE-2019-9919

An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when the message is opened, aka XSS...

5.4CVSS5.5AI score0.00678EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/03/29 12:0 a.m.7 views

PT-2019-19935 · Joomla · Harmis Je Messenger

Name of the Vulnerable Software and Affected Versions: Harmis JE Messenger component version 1.2.2 Description: An issue was discovered in the Harmis JE Messenger component for Joomla!. It is possible to craft messages in a way that JavaScript gets executed on the side of the receiving user when...

5.4CVSS5.5AI score0.00678EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2019/03/28 9:29 p.m.21 views

CVE-2019-0224

In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser...

6.1CVSS6.5AI score0.0515EPSS
Exploits0References1
CVE
CVE
added 2019/03/28 9:0 p.m.86 views

CVE-2019-0224

CVE-2019-0224 affects Apache JSPWiki versions 2.9.0 to 2.11.0.M2. The vulnerability allows a crafted URL to execute JavaScript in the user’s own browser session. The provided sources describe the impact as client-side (no server/database writes and no cross-user script execution stated). The exac...

6.1CVSS6.2AI score0.0515EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2019/03/26 11:29 p.m.5 views

CVE-2019-1571

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings...

4.8CVSS5.9AI score0.01083EPSS
Exploits1References3
CNVD
CNVD
added 2019/03/25 12:0 a.m.2 views

WordPress Donation Plugin and Fundraising Platform Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed in PHP by the WordPress Software Foundation, which supports personal blog sites on servers running PHP and MySQL.WordPress Donation Plugin and Fundraising Platform is a plugin.... A cross-site scripting vulnerability exists in the WordPress Donation Plug...

6.1CVSS6.3AI score0.0142EPSS
Exploits1References1
CNVD
CNVD
added 2019/03/25 12:0 a.m.3 views

WordPress font-organizer plugin cross-site scripting vulnerability

WordPress is a blogging platform developed in PHP by the WordPress Software Foundation, which supports personal blog sites on servers running PHP and MySQL.WordPress Donation Plugin and Fundraising Platform is a plugin.... A cross-site scripting vulnerability exists in the WordPress font-organize...

6.1CVSS6.3AI score0.0142EPSS
Exploits1References1
CNVD
CNVD
added 2019/03/25 12:0 a.m.3 views

PHP League CommonMark library cross-site scripting vulnerability

PHP League CommonMark library is a PHP-based Markdown parser from the Extraordinary Packages consortium. A cross-site scripting vulnerability exists in PHP League CommonMark library versions prior to 0.18.3, which stems from the program failing to properly escape double-encoded HTML entities. A...

6.1CVSS6.5AI score0.0105EPSS
Exploits1References1
Rows per page
Query Builder