Lucene search
K

5964 matches found

NVD
NVD
added 2018/11/15 6:29 a.m.17 views

CVE-2018-19289

An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...

6.1CVSS6.3AI score0.01228EPSS
Exploits1References1
OSV
OSV
added 2018/11/15 6:29 a.m.14 views

CVE-2018-19289

An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...

6.1CVSS6.3AI score
Exploits0References1
Cvelist
Cvelist
added 2018/11/15 6:0 a.m.22 views

CVE-2018-19289

An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...

6.2AI score0.01228EPSS
Exploits1References1
CVE
CVE
added 2018/11/15 6:0 a.m.55 views

CVE-2018-19289

Valine v1.3.3 is affected by CVE-2018-19289: HTML injection can be triggered via an EMBED element in conjunction with a .pdf file, enabling JavaScript execution. Connected sources (GHSA/OSV) corroborate HTML injection in Valine and mention the embed policy bypass. No remediation/version patch det...

6.1CVSS6.2AI score0.01228EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2018/11/13 8:29 p.m.21 views

Information disclosure

It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. This can include reading and writing of information and calling device specific JavaScript APIs in the application. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues a...

6.4CVSS7.5AI score0.01178EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/11/13 8:29 p.m.4 views

CVE-2018-2485

It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. This can include reading and writing of information and calling device specific JavaScript APIs in the application. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues a...

7.7CVSS5.9AI score0.01178EPSS
Exploits0References3
CVE
CVE
added 2018/11/13 8:0 p.m.43 views

CVE-2018-2485

The CVE-2018-2485 entry relates to SAP Fiori Client where a malicious app can cause the SAP Fiori app to execute JavaScript, enabling reading/writing information and invoking device JS APIs. Connected documents indicate SAP Fiori Client version 1.11.5 in Google Play addresses these issues, and us...

7.7CVSS7.5AI score0.01178EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/11/13 8:0 p.m.26 views

CVE-2018-2485

It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. This can include reading and writing of information and calling device specific JavaScript APIs in the application. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues a...

7.6AI score0.01178EPSS
Exploits0References3
CVE
CVE
added 2018/11/06 7:0 p.m.57 views

CVE-2018-16474

CVE-2018-16474 concerns the Node.js module tianma-static . Concrete details show that all versions up to 1.0.4 are vulnerable to a stored XSS if an attacker can control the name of a file served by the module. Affected condition: filenames unsanitized, enabling arbitrary JavaScript execution when...

6.1CVSS6.3AI score0.00765EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2018/10/27 12:0 a.m.18 views

fat_free_crm gem XSS vulnerability via query parameter

FatFreeCRM version =0.15.0 =0.16.0 =0.17.0 =0.17.2, ==0.18.0 contains a Cross Site Scripting XSS vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appear to be exploitable via Content with Javascript payload will be executed on e...

6.1CVSS4.6AI score0.01687EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2018/10/23 12:0 a.m.2 views

F5 BIG-IP Cross-Site Scripting Vulnerability (CNVD-2019-01909)

F5 BIG-IP is an all-in-one network device from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A cross-site scripting vulnerability exists in the Configuration utility page in F5 BIG-IP versions 13.0.0-13.1.1.1 and...

6.1CVSS6.2AI score0.00932EPSS
Exploits0References1
CNVD
CNVD
added 2018/10/23 12:0 a.m.3 views

Advantech WebAccess Cross-Site Scripting Vulnerability (CNVD-2018-21798)

Advantech WebAccess is a set of HMI/SCADA software from Advantech based on browser architecture. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment. A cross-site scripting vulnerability exists in Advantech...

6.1CVSS6AI score0.0088EPSS
Exploits1References1
CNVD
CNVD
added 2018/10/11 12:0 a.m.4 views

ADB Epicentro Code Injection Vulnerability

ADB Epicentro is a set of firmware used in ADB gateway and router devices from ADB Switzerland. A code injection vulnerability exists in the 'form Language' parameter of the /ui/login page in ADB Epicentro version E7.3.2+, which can be exploited to execute JavaScript code by tricking a user into...

9.8CVSS9.6AI score0.01343EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2018/10/10 5:27 p.m.20 views

Cross-Site Scripting in public

Versions of public prior to 0.1.4 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation Upgrade to version 0.1.4 or later...

6.1CVSS4.7AI score0.00759EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2018/10/10 5:27 p.m.12 views

GHSA-8P5P-FF7X-HW7Q Cross-Site Scripting in public

Versions of public prior to 0.1.4 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation Upgrade to version 0.1.4 or later...

6.1CVSS6.1AI score0.00759EPSS
Exploits1References5
NVD
NVD
added 2018/10/09 10:29 p.m.19 views

CVE-2018-7633

Code injection in the /ui/login form Language parameter in Epicentro E7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request...

9.8CVSS9.7AI score0.01343EPSS
Exploits1References1
OSV
OSV
added 2018/10/09 10:29 p.m.6 views

CVE-2018-7633

Code injection in the /ui/login form Language parameter in Epicentro E7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request...

9.8CVSS6AI score0.01343EPSS
Exploits1References1
OSV
OSV
added 2018/10/02 3:29 p.m.3 views

CVE-2018-1558

IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

5.4CVSS5.4AI score0.0066EPSS
Exploits0References2
OSV
OSV
added 2018/09/28 8:29 p.m.4 views

CVE-2018-9078

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does...

8.8CVSS5.9AI score0.01039EPSS
Exploits0References1
OSV
OSV
added 2018/09/24 11:29 p.m.3 views

CVE-2018-10497

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

7.8CVSS6.1AI score0.00322EPSS
Exploits0References1
Rows per page
Query Builder