Lucene search
K

5964 matches found

BDU FSTEC
BDU FSTEC
added 2018/02/21 12:0 a.m.5 views

The vulnerability in the Kaspersky Security Center 10 web console allows a malicious individual to gain access to the software’s functions and execute arbitrary JavaScript code on the client side.

The vulnerability in Kaspersky Security Center 10 exists due to the lack of measures taken to protect the web page structure. Exploiting this vulnerability can allow a malicious actor to gain access to software functions and execute arbitrary JavaScript code on the client side using a specially...

6.4CVSS5.9AI score
Exploits0References3
Prion
Prion
added 2018/02/20 3:29 p.m.17 views

Cross site scripting

Reflected XSS in Kubik-Rubik SIGE aka Simple Image Gallery Extended before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/pluginsige/print.php link with a crafted img, name, or caption parameter...

4.3CVSS6AI score0.02227EPSS
Exploits5References2Affected Software1
NVD
NVD
added 2018/02/20 3:29 p.m.26 views

CVE-2017-16356

Reflected XSS in Kubik-Rubik SIGE aka Simple Image Gallery Extended before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/pluginsige/print.php link with a crafted img, name, or caption parameter...

6.1CVSS6.1AI score0.02227EPSS
Exploits5References2
Cvelist
Cvelist
added 2018/02/20 3:0 p.m.29 views

CVE-2017-16356

Reflected XSS in Kubik-Rubik SIGE aka Simple Image Gallery Extended before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/pluginsige/print.php link with a crafted img, name, or caption parameter...

6AI score0.02227EPSS
Exploits5References2
Packet Storm
Packet Storm
added 2018/02/16 12:0 a.m.52 views

F-Secure Radar Cross Site Scripting

F-Secure Radar Persistent Cross-Site Scripting Vulnerability CVE-2018-6189 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6189 Summary The application can suggest metadata tags for assets, and in doing so it can execute JavaScript entered previously by a malicious user. Vendor Description...

6.6AI score0.00949EPSS
Exploits1
OSV
OSV
added 2018/02/09 11:29 p.m.2 views

UBUNTU-CVE-2017-1000509

Dolibarr version 6.0.2 contains a Cross Site Scripting XSS vulnerability in Product details that can result in execution of javascript code...

5.4CVSS6.2AI score0.00921EPSS
Exploits1References3
CVE
CVE
added 2018/02/09 11:0 p.m.54 views

CVE-2017-1000507

Canvs Canvas 3.4.2 is affected by a Cross Site Scripting (XSS) vulnerability in User’s details. The provided connected documents identify the issue but do not specify root cause details, affected subcomponents beyond the User’s details, exploit status, or a confirmed patch version. Potential impa...

5.4CVSS5.5AI score0.00785EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/02/09 5:29 p.m.3 views

CVE-2018-1401

IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138437...

6.1CVSS5.4AI score0.01098EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2018/02/01 12:0 a.m.7 views

The vulnerability of the CDVInAppBrowser class in Cordova In-App-Browser extensions allows a hacker to elevate their privileges and execute arbitrary JavaScript code.

The vulnerability of the CDVInAppBrowser extension in Cordova In-App-Browsers is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code and enhance their privileges through specially crafted URIs...

9.8CVSS5.9AI score0.08128EPSS
Exploits1References9Affected Software2
NVD
NVD
added 2018/01/26 8:29 p.m.13 views

CVE-2017-14522

In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that enables only a logged in administrator to write execute JavaScript anywhere on their website...

6.1CVSS6.5AI score0.0122EPSS
Exploits2References1
OSV
OSV
added 2018/01/26 8:29 p.m.12 views

CVE-2017-14522

In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that enables only a logged in administrator to write execute JavaScript anywhere on their website...

6.1CVSS6.5AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2018/01/26 12:0 a.m.7 views

PT-2018-5678 · Wondercms · Wondercms

Name of the Vulnerable Software and Affected Versions: WonderCMS version 2.3.1 Description: The application's input fields accept arbitrary user input, resulting in the execution of malicious JavaScript. It is noted that the vendor disputes this issue, stating it is a feature that enables only a...

6.1CVSS7.3AI score0.0122EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2018/01/26 12:0 a.m.8 views

PT-2018-5948 · Ibm · Ibm Doors Web Access

Name of the Vulnerable Software and Affected Versions: IBM Doors Web Access versions 9.5 through 9.6 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session...

5.4CVSS6.4AI score0.0096EPSS
Exploits0References5
CNVD
CNVD
added 2018/01/23 12:0 a.m.2 views

WordPress Soundy Audio Playlist Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports personal blog sites on PHP and MySQL servers.Soundy Audio Playlist plugin is an audio playlist component used in ... A cross-site scripting vulnerability exists in WordPress Soun...

6.1CVSS6.5AI score0.00795EPSS
Exploits1References1
OSV
OSV
added 2018/01/19 7:29 p.m.1 views

UBUNTU-CVE-2017-12098

An exploitable cross site scripting XSS vulnerability exists in the add filter functionality of the railsadmin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish ...

6.1CVSS5.6AI score0.01279EPSS
Exploits3References5
Prion
Prion
added 2018/01/19 7:29 p.m.21 views

Cross site scripting

An exploitable cross site scripting XSS vulnerability exists in the add filter functionality of the railsadmin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish ...

4.3CVSS5.9AI score0.01279EPSS
Exploits3References2Affected Software1
CNVD
CNVD
added 2018/01/11 12:0 a.m.3 views

Sulu-standard cross-site scripting vulnerability

Sulu-standard is an open source CMS Content Management System based on the Symfony PHP framework of the standard version . A cross-site scripting vulnerability exists in the page used to create pages in Sulu-standard version 1.6.6. A remote attacker could exploit this vulnerability to cause a...

5.4CVSS6.5AI score0.00758EPSS
Exploits0References1
Prion
Prion
added 2018/01/09 10:29 p.m.16 views

Cross site scripting

Sulu-standard version 1.6.6 is vulnerable to stored cross-site scripting vulnerability, within the page creation page, which can result in disruption of service and execution of javascript code...

3.5CVSS5.4AI score0.00758EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2018/01/09 5:50 a.m.27 views

CVE-2017-1000482

A member of the Plone 2.5-5.1rc1 site could set javascript in the homepage property of his profile, and have this executed when a visitor click the home page link on the author page...

5.4CVSS1.2AI score0.00559EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/01/08 4:49 a.m.4 views

Mozilla: JavaScript Execution via RSS in mailbox:// origin

It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View - Feed article - Website" or in the standard format of "View - Feed article - default format". This vulnerability affects Thunderbird 52.5.2...

8.8CVSS7.5AI score0.02008EPSS
Exploits0References5
Rows per page
Query Builder