Lucene search
K

5964 matches found

Veracode
Veracode
added 2018/01/05 8:28 a.m.16 views

Cross-site Scripting (XSS)

Apache Deltaspike is vulnerable to cross-site scripting XSS. The application does not properly escape the windowId variable, allowing a malicious user to inject and execute arbitrary Javascript. The impact is limited because the size of the variable is cut off after 10 characters...

6.1CVSS6.2AI score0.04471EPSS
Exploits1References7Affected Software2
CNVD
CNVD
added 2018/01/05 12:0 a.m.2 views

LavaLite Cross-Site Scripting Vulnerability

LavaLite is an open source lightweight CMS content management system. A cross-site scripting vulnerability exists in the log creation page in LavaLite version 5.2.4. A remote attacker can exploit this vulnerability to cause a denial of service and execute JavaScrpt code...

5.4CVSS6.5AI score0.00734EPSS
Exploits0References1
CNVD
CNVD
added 2018/01/04 12:0 a.m.3 views

BookStack Cross-Site Scripting Vulnerability

BookStack is a set of open source using PHP and Laravel to build wiki documentation platform. A cross-site scripting vulnerability exists in BookStack version 0.18.4. A remote attacker can exploit this vulnerability to cause a denial of service and execute JavaScript code...

5.4CVSS6.5AI score0.00755EPSS
Exploits1References1
Prion
Prion
added 2018/01/03 6:29 p.m.22 views

Information disclosure

When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'camefrom' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafte...

5.8CVSS6.1AI score0.0068EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/01/03 6:29 p.m.36 views

CVE-2017-1000482

A member of the Plone 2.5-5.1rc1 site could set javascript in the homepage property of his profile, and have this executed when a visitor click the home page link on the author page...

5.4CVSS5.6AI score0.00559EPSS
Exploits0References1
PyPA
PyPA
added 2018/01/03 6:29 p.m.6 views

PYSEC-2018-71

A member of the Plone 2.5-5.1rc1 site could set javascript in the homepage property of his profile, and have this executed when a visitor click the home page link on the author page...

5.4CVSS6.8AI score0.00559EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/01/03 6:29 p.m.24 views

CVE-2017-1000482

A member of the Plone 2.5-5.1rc1 site could set javascript in the homepage property of his profile, and have this executed when a visitor click the home page link on the author page...

5.4CVSS5.7AI score
Exploits0References1
OSV
OSV
added 2018/01/03 6:29 p.m.33 views

PYSEC-2018-71

A member of the Plone 2.5-5.1rc1 site could set javascript in the homepage property of his profile, and have this executed when a visitor click the home page link on the author page...

5.4CVSS1.2AI score0.00559EPSS
Exploits0References2
CVE
CVE
added 2018/01/03 6:0 p.m.48 views

CVE-2017-1000478

ELabftw 1.7.8 is vulnerable to a stored cross-site scripting (XSS) flaw in the experiment infos component. The issue arises from unsanitized input stored and executed in the browser, enabling arbitrary JavaScript execution and denial of service. No remediation or patch details are provided in the...

5.4CVSS5.5AI score0.00771EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/01/03 12:0 a.m.2 views

Invoice Ninja Cross-Site Scripting Vulnerability

Invoice Ninja is an open source financial system. The system is able to provide invoicing, collection and other functions. A cross-site scripting vulnerability exists in the invoice creation page in Invoice Ninja version 3.8.1. A remote attacker can exploit this vulnerability to cause a denial of...

5.4CVSS6.4AI score0.0079EPSS
Exploits1References1
CNVD
CNVD
added 2018/01/03 12:0 a.m.4 views

Leafpub Cross-Site Scripting Vulnerability

Leafpub is an open source PHP and MySQL based code publishing tool . A cross-site scripting vulnerability exists in Leafpub version 1.2.0-beta6. A remote attacker can exploit this vulnerability to cause a denial of service and execute JavaScript code...

5.4CVSS6.6AI score0.00719EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2018/01/02 9:20 a.m.28 views

CVE-2017-7846

It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View - Feed article - Website" or in the standard format of "View - Feed article - default format". This vulnerability affects Thunderbird 52.5.2...

8.8CVSS3.9AI score0.02008EPSS
Exploits1References2
OSV
OSV
added 2017/12/31 12:10 a.m.10 views

MGASA-2017-0477 Updated thunderbird packages fix security vulnerabilities

Multiple vulnerabilities have been fixed in thunderbird. JavaScript Execution via RSS in mailbox:// origin CVE-2017-7846. Local path string can be leaked from RSS feed CVE-2017-7847. RSS Feed vulnerable to new line Injection CVE-2017-7848. Mailsploit From address with encoded null character is cu...

8.8CVSS7AI score0.02184EPSS
Exploits1References3
Mageia
Mageia
added 2017/12/31 12:10 a.m.70 views

Updated thunderbird packages fix security vulnerabilities

Multiple vulnerabilities have been fixed in thunderbird. JavaScript Execution via RSS in mailbox:// origin CVE-2017-7846. Local path string can be leaked from RSS feed CVE-2017-7847. RSS Feed vulnerable to new line Injection CVE-2017-7848. Mailsploit From address with encoded null character is cu...

8.8CVSS7AI score0.02184EPSS
Exploits1References2
OSV
OSV
added 2017/12/29 12:0 a.m.4 views

UBUNTU-CVE-2017-7846

It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View - Feed article - Website" or in the standard format of "View - Feed article - default format". This vulnerability affects Thunderbird 52.5.2...

8.8CVSS7.3AI score0.02008EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2017/12/28 12:0 a.m.29 views

Debian DLA-1223-1 : thunderbird security update

Multiple security issues have been found in the Mozilla Thunderbird mail client including information leaks, unintended JavaScript execution and sender address spoofing. For Debian 7 'Wheezy', these problems have been fixed in version 1:52.5.2-1deb7u1. We recommend that you upgrade your thunderbi...

8.8CVSS6.9AI score0.02008EPSS
Exploits1References6
Debian
Debian
added 2017/12/27 5:5 p.m.27 views

[SECURITY] [DLA 1223-1] thunderbird security update

Package : thunderbird Version : 1:52.5.2-1deb7u1 CVE ID : CVE-2017-7829 CVE-2017-7846 CVE-2017-7847 CVE-2017-7848 Multiple security issues have been found in the Mozilla Thunderbird mail client including information leaks, unintended JavaScript execution and sender address spoofing. For Debian 7...

8.8CVSS6.8AI score0.02008EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2017/12/26 12:0 a.m.35 views

openSUSE Security Update : Mozilla Thunderbird (openSUSE-2017-1419)

This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities : - CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin bsc1074043 - CVE-2017-7847: Local path string can be leaked from RSS feed bsc1074044 - CVE-2017-7848: RSS Feed vulnerable to new line...

8.8CVSS7AI score0.02008EPSS
Exploits1References8
OpenVAS
OpenVAS
added 2017/12/26 12:0 a.m.33 views

Mozilla Thunderbird Security Advisories (MFSA2017-30, MFSA2017-30) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

9.3CVSS6.7AI score0.03215EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2017/12/26 12:0 a.m.74 views

Mozilla Thunderbird Security Advisories (MFSA2017-30, MFSA2017-30) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

8.8CVSS6.6AI score0.02008EPSS
Exploits1References2
Rows per page
Query Builder