Lucene search
K

5965 matches found

RedHat Linux
RedHat Linux
added 2019/02/12 2:46 a.m.3 views

chromium-browser: Insufficient policy enforcement

Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events...

7.8CVSS7.4AI score0.00336EPSS
Exploits0References5
Prion
Prion
added 2019/02/06 4:29 p.m.24 views

Cross site scripting

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...

3.5CVSS4.9AI score0.0088EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2019/02/04 7:29 p.m.25 views

CVE-2019-7341

Reflected - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitorLinkedMonitors' parameter value in the view monitor monitor.php because proper filtration is omitted...

6.1CVSS5.9AI score0.00873EPSS
Exploits1References1
OSV
OSV
added 2019/02/04 7:29 p.m.23 views

CVE-2019-7343

Reflected - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitorMethod' parameter value in the view monitor monitor.php because proper filtration is omitted...

6.1CVSS5.9AI score
Exploits0References1
Prion
Prion
added 2019/01/29 6:29 p.m.21 views

Cross site scripting

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8...

3.5CVSS4.9AI score0.0061EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2019/01/18 12:0 a.m.3 views

MailEnable cross-site scripting vulnerability (CNVD-2019-27601)

MailEnable is a suite of POP3 and SMTP mail servers from MailEnable Australia. A cross-site scripting vulnerability exists in MailEnable versions prior to 8.60. An attacker can exploit this vulnerability to execute JavaScript code by sending an email...

6.1CVSS6.5AI score0.01274EPSS
Exploits1References1
Hacker One
Hacker One
added 2019/01/12 11:1 a.m.33 views

Pornhub: XSS reflected on [https://www.youporn.com]

The researcher managed to obtain arbitrary javascript execution through reflected XSS on the Youtube World's RSS feed...

1.3AI score
Exploits0
Prion
Prion
added 2018/12/31 2:29 p.m.16 views

Remote code execution

Apache NetBeans incubating 9.0 NetBeans Proxy Auto-Configuration PAC interpretation is vulnerable for remote command execution RCE. Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects, that can be used to circumvent...

7.5CVSS9.7AI score0.07755EPSS
Exploits0References2Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/12/29 8:39 p.m.39 views

XSS vulnerability with unsafe link protocols

An XSS vulnerability CVE-2018-20583 has been identified in the following versions of this library: 0.15.6 0.15.7 0.16.0 0.17.0 0.17.1 0.17.2 0.17.3 0.17.4 0.17.5 0.18.0 It allows unsafe URLs to be added to links. The issue has been fixed in version 0.18.1. All users should upgrade to version 0.18...

6.1CVSS6AI score0.01597EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2018/12/27 12:0 a.m.2 views

MetInfo Cross-Site Scripting Vulnerability (CNVD-2019-03299)

MetInfo is a content management system CMS developed using PHP and Mysql by China Mito Information Technology Ltd. A cross-site scripting vulnerability exists in MetInfo versions 6.x to 6.1.3, which can be exploited by remote attackers to execute JavaScript code by sending the 'urlarray' paramete...

6.1CVSS6.6AI score0.00665EPSS
Exploits1References1
CNVD
CNVD
added 2018/12/24 12:0 a.m.2 views

LimeSurvey cross-site scripting vulnerability (CNVD-2018-26471)

LimeSurvey formerly known as PHPSurveyor is a set of open source online survey program developed by the LimeSurvey team, which supports survey program development, questionnaire distribution and data collection. A cross-site scripting vulnerability exists in LimeSurvey. A remote attacker can...

6.1CVSS6.5AI score0.01114EPSS
Exploits0References1
Veeam
Veeam
added 2018/12/24 12:0 a.m.12 views

Veeam Explorer for Microsoft Exchange Javascript Execution Vulnerability

Challenge The vulnerability allows execution of arbitrary code in emails containing inline Javascript. NOTE: This has been corrected in Veeam Backup for MIcrosoft Office 365 version 3 and Veeam Backup & Replication version U4a. Cause The affected component is Veeam Explorer for Microsoft Exchange...

7.1AI score
Exploits0
OSV
OSV
added 2018/12/21 11:29 p.m.16 views

CVE-2018-20322

LimeSurvey version 3.15.5 contains a Cross-site scripting XSS vulnerability in Survey Resource zip upload, resulting in Javascript code execution against LimeSurvey administrators. Fixed in version 3.15.6...

6.1CVSS6.4AI score
Exploits0References2
CVE
CVE
added 2018/12/21 10:0 p.m.46 views

CVE-2018-20322

LimeSurvey 3.15.5 contains a cross-site scripting (XSS) vulnerability in the Survey Resource ZIP upload, allowing potentially executable JavaScript against LimeSurvey administrators. The issue is caused by insufficient input sanitization during ZIP upload of survey resources. The vulnerability is...

6.1CVSS6.3AI score0.01114EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/12/21 12:0 a.m.25 views

Foxit PhantomPDF < 7.3.13 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 7.3.13. It is, therefore, affected by multiple vulnerabilities: - Unauthorized javascript execution when disabled. - Arbitrary Write supporting remote code...

5.9AI score
Exploits0References1
OSV
OSV
added 2018/12/20 10:1 p.m.12 views

GHSA-J5RJ-G695-342R Fat Free CRM vulnerable to Cross-site Scripting

FatFreeCRM version =0.15.0 =0.16.0 =0.17.0 =0.17.2, and ==0.18.0 contains a Cross Site Scripting XSS vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appears to be exploitable via Content with Javascript payload will be executed...

6.1CVSS6.1AI score0.01687EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2018/12/20 10:1 p.m.37 views

Fat Free CRM vulnerable to Cross-site Scripting

FatFreeCRM version =0.15.0 =0.16.0 =0.17.0 =0.17.2, and ==0.18.0 contains a Cross Site Scripting XSS vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appears to be exploitable via Content with Javascript payload will be executed...

6.1CVSS6AI score0.01687EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2018/12/20 5:29 p.m.13 views

CVE-2018-1000868

WeBid version up to current version 1.2.2 contains a Cross Site Scripting XSS vulnerability in userlogin.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must clic...

6.1CVSS6.3AI score0.0163EPSS
Exploits1References3
Prion
Prion
added 2018/12/20 5:29 p.m.13 views

Cross site scripting

WeBid version up to current version 1.2.2 contains a Cross Site Scripting XSS vulnerability in userlogin.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must clic...

4.3CVSS6.3AI score0.0163EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2018/12/20 5:29 p.m.16 views

CVE-2018-1000868

WeBid version up to current version 1.2.2 contains a Cross Site Scripting XSS vulnerability in userlogin.php, register.php that can result in Javascript execution in the user's browser, injection of malicious markup into the page. This attack appear to be exploitable via The victim user must clic...

6.1CVSS6.3AI score
Exploits0References3
Rows per page
Query Builder