Lucene search
K

5968 matches found

OSV
OSV
added 2018/10/09 10:29 p.m.6 views

CVE-2018-7633

Code injection in the /ui/login form Language parameter in Epicentro E7.3.2+ allows attackers to execute JavaScript code by making a user issue a manipulated POST request...

9.8CVSS6AI score0.01343EPSS
Exploits1References1
OSV
OSV
added 2018/10/02 3:29 p.m.3 views

CVE-2018-1558

IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

5.4CVSS5.4AI score0.0066EPSS
Exploits0References2
OSV
OSV
added 2018/09/28 8:29 p.m.4 views

CVE-2018-9078

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does...

8.8CVSS5.9AI score0.01039EPSS
Exploits0References1
OSV
OSV
added 2018/09/24 11:29 p.m.3 views

CVE-2018-10497

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

7.8CVSS6.1AI score0.00322EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/09/24 11:0 p.m.26 views

CVE-2018-10499

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...

7AI score0.00321EPSS
Exploits0References1
exploitpack
exploitpack
added 2018/09/24 12:0 a.m.23 views

MyBB Visual Editor 1.8.18 - Cross-Site Scripting

MyBB Visual Editor 1.8.18 - Cross-Site Scripting Title: MyBB Visual Editor 1.8.18 - Cross-Site Scripting Author: Numan OZDEMIR Vendor Homepage: mybb.com Software Link: https://mybb.com/download/ Version: Up to v1.8.18. Fixed in v1.8.19. PoC Video: https://numanozdemir.com/mybb/xss.mp4 CVE:...

3.5CVSS0.2AI score0.74752EPSS
Exploits5
CNVD
CNVD
added 2018/09/07 12:0 a.m.3 views

BTITeam XBTIT cross-site scripting vulnerability (CNVD-2018-19430)

BTITeam XBTIT is an open source bittorrent tracking system. A cross-site scripting vulnerability exists in BTITeam XBTIT. Attackers can use the 'String.replace' function and 'eval' function to exploit the vulnerability to bypass the includes/crkprotection.php script of the anti-cross-site scripti...

5.3CVSS5.5AI score0.00932EPSS
Exploits1References1
Node.js
Node.js
added 2018/08/30 3:53 a.m.18 views

NoSQL Injection

Overview Versions of loopback-connector-mongodb before 3.6.0 are vulnerable to NoSQL injection. MongoDB Connector for LoopBack fails to properly sanitize a filter passed to query the database by allowing the dangerous $where property to be passed to the MongoDB Driver. The Driver allows the speci...

7.1AI score
Exploits0Affected Software1
CNVD
CNVD
added 2018/08/22 12:0 a.m.2 views

OWASP AntiSamy Cross-Site Scripting Vulnerability (CNVD-2018-16313)

OWASP AntiSamy is a library for HTML and CSS coding from the OWASP Foundation in the United States. A cross-site scripting vulnerability exists in the 'AntiSamy.scan' function in OWASP AntiSamy 1.5.7 and earlier versions, which stems from the program failing to filter HTML/HTML5 elements. A remot...

6.4AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2018/08/21 12:0 a.m.7 views

The vulnerability of the microprogramming software of the 4G LTE Light Industrial M2M Router (NWL-25) arises from the lack of measures taken to protect the website structure. This allows attackers to execute arbitrary JavaScript code in the user’s browser.

The vulnerability of the microprogrammed software of the 4G LTE Light Industrial M2M Router NWL-25 is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

7.5CVSS5.9AI score0.00977EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2018/08/17 11:25 a.m.40 views

Starbucks: Reflected DOM XSS on www.starbucks.co.uk

Summary: www.starbucks.co.uk is vulnerable to reflected DOM XSS due to 2 seemingly unexploitable issues. The first issue is unfixed for over a year now, 252908, the second issue originates in a 3rd party module called prettyPhoto. Description: Visiting the following link results in a JavaScript...

1.5AI score
Exploits0
CNVD
CNVD
added 2018/08/09 12:0 a.m.3 views

Apache TomEE console cross-site scripting vulnerability

Apache TomEE is the United States Apache Apache Software Foundation of a Java EE server . Apache TomEE console tomee-webapp is one of the console program . A cross-site scripting vulnerability exists in Apache TomEE console tomee-webapp. A remote attacker can exploit this vulnerability to execute...

6.1CVSS6.1AI score0.02003EPSS
Exploits0References1
CNVD
CNVD
added 2018/08/08 12:0 a.m.4 views

CloudBees Jenkins Shelve Project Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and a number of timed tasks . Shelve Project Plugin is used in one of the project...

5.4CVSS5.3AI score0.00719EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2018/07/30 3:49 a.m.30 views

CVE-2018-1999007

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in...

5.4CVSS2.1AI score0.00894EPSS
Exploits0References2
Hacker One
Hacker One
added 2018/07/30 3:35 a.m.21 views

Eobot: XSS on link in eobot account page

There is a XSS flaw in the account profile page https://eobot.com/user/userid which can execute javascript when a victim clicks one of the social media links listed in the personal information section of the web page. After some research I found that when a user inputs a twitter link into their...

0.6AI score
Exploits0
NVD
NVD
added 2018/07/23 10:29 p.m.32 views

CVE-2018-8031

The Apache TomEE console tomee-webapp has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web application is typically used to add TomEE features to a Tomcat installation. The TomEE bundles do not ship with this application included. This...

6.1CVSS5.9AI score0.02003EPSS
Exploits0References1
OSV
OSV
added 2018/07/23 10:29 p.m.21 views

CVE-2018-8031

The Apache TomEE console tomee-webapp has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web application is typically used to add TomEE features to a Tomcat installation. The TomEE bundles do not ship with this application included. This...

6.1CVSS5.9AI score
Exploits0References1
CVE
CVE
added 2018/07/23 10:0 p.m.96 views

CVE-2018-8031

CVE-2018-8031 describes a Cross-site Scripting (XSS) vulnerability in the Apache TomEE console (tomee-webapp). The issue could allow arbitrary JavaScript execution when a user visits a malicious URL. TomEE bundles without this application or after setup, the UI can be removed to mitigate exposure...

6.1CVSS5.8AI score0.02003EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/07/23 10:0 p.m.31 views

CVE-2018-8031

The Apache TomEE console tomee-webapp has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web application is typically used to add TomEE features to a Tomcat installation. The TomEE bundles do not ship with this application included. This...

5.9AI score0.02003EPSS
Exploits0References1
Symantec
Symantec
added 2018/07/10 12:0 a.m.44 views

Microsoft Web Customization for ADFS CVE-2018-8326 Cross Site Scripting Vulnerability

Description Microsoft Web Customization for ADFS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...

6.3AI score0.02368EPSS
Exploits0
Rows per page
Query Builder