Lucene search
K

5963 matches found

OSV
OSV
added 2017/08/21 7:29 a.m.17 views

CVE-2017-12979

DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution...

6.1CVSS5.9AI score
Exploits0References1
Cvelist
Cvelist
added 2017/08/21 7:0 a.m.28 views

CVE-2017-12979

DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution...

6.4AI score0.01372EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/08/21 7:0 a.m.27 views

CVE-2017-12980

DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as...

6.3AI score0.01372EPSS
Exploits1References1
CVE
CVE
added 2017/08/21 7:0 a.m.59 views

CVE-2017-12979

DokuWiki (until 2017-02-19c) is affected by CVE-2017-12979 due to stored XSS in /inc/parser/xhtml.php when rendering a malicious language name inside a code element. Exploitation requires an attacker to create or edit a wiki page to trigger JavaScript execution. The issue is a server-side renderi...

6.1CVSS6.4AI score0.01372EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2017/08/21 7:0 a.m.18 views

CVE-2017-12979

DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution...

6.1CVSS6.4AI score0.01372EPSS
Exploits1
Debian CVE
Debian CVE
added 2017/08/21 7:0 a.m.20 views

CVE-2017-12980

DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as...

6.1CVSS6.3AI score0.01372EPSS
Exploits1
CNVD
CNVD
added 2017/08/11 12:0 a.m.4 views

IBM InfoSphere Streams Cross-Site Scripting Vulnerability

IBM InfoSphere Streams is a suite of data analytics platforms from IBM in the United States. The platform enables user-developed applications to quickly access, analyze and correlate information from multiple real-time sources. A cross-site scripting vulnerability exists in IBM InfoSphere Streams...

5.4CVSS6.5AI score0.00931EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/01 12:0 a.m.2 views

Wordpress Vospari Forms plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . wordpress Vospari Forms is one of the registration form plugin . form submission is one of the form submission...

6.1CVSS5.9AI score0.02145EPSS
Exploits1References1
OSV
OSV
added 2017/07/31 11:29 p.m.4 views

CVE-2017-11727

services/systemio/actionprocessor/Contact.rails in ConnectWise Manage 2017.5 allows arbitrary client-side JavaScript code execution involving a ContactCommon field on victims who click on a crafted link, aka XSS...

6.1CVSS6.2AI score0.01064EPSS
Exploits1References1
CNVD
CNVD
added 2017/07/28 12:0 a.m.4 views

Roundcube Webmail Cross-Site Scripting Vulnerability (CNVD-2017-18573)

RoundCube Webmail is a browser-based IMAP client mail client that supports address book management, message searching, spell checking and more. A cross-site scripting vulnerability exists in Roundcube Webmail version 1.1.5. A remote attacker can exploit this vulnerability to execute JavaScript...

6.5AI score
Exploits0References1
OSV
OSV
added 2017/07/17 1:18 p.m.4 views

CVE-2017-1000033

Wordpress Plugin Vospari Forms version 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user...

6.1CVSS5.7AI score0.02145EPSS
Exploits1References2
NVD
NVD
added 2017/07/17 1:18 p.m.18 views

CVE-2017-1000033

Wordpress Plugin Vospari Forms version 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user...

6.1CVSS6.3AI score0.02145EPSS
Exploits1References2
OSV
OSV
added 2017/07/17 1:18 p.m.4 views

CVE-2017-1000038

WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site...

6.1CVSS5.7AI score0.0106EPSS
Exploits1References1
Prion
Prion
added 2017/07/17 1:18 p.m.16 views

Cross site scripting

Wordpress Plugin Vospari Forms version 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user...

4.3CVSS6.3AI score0.02145EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2017/07/13 8:0 p.m.24 views

CVE-2017-1000033

Wordpress Plugin Vospari Forms version 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user...

6.3AI score0.02145EPSS
Exploits1References2
Symantec
Symantec
added 2017/07/11 12:0 a.m.38 views

Microsoft SharePoint Server CVE-2017-8569 Remote Privilege Escalation Vulnerability

Description Microsoft SharePoint Server is prone to a remote privilege-escalation vulnerability because it fails to properly sanitize user-supplied input. An attackers may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Microso...

6.5CVSS0.2AI score0.05377EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/06/27 12:0 a.m.3 views

A vulnerability in the web console of the Antivirus Casper 8.0 anti-virus software allows for the transfer of JavaScript code executed by the client browser.

The vulnerability of the Antivirus Kaspersky 8.0 web console for Linux File Servers relates to the execution of scripts across sites. Exploiting this vulnerability allows a malicious actor to inject JavaScript code through a specially crafted GET request, with the JavaScript code specified in the...

4.3CVSS5.8AI score
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2017/06/25 3:46 p.m.23 views

Mail.ru: XSS bypass Script execute,Read any file,execute any javascript code--UXSS

Mail attachment XSS bypass vulnerability--UXSS Vulnerability impact: Mail.Ru Mail for iOS MyMail for iOS explain: Mail app supports HTML attachments, however,Cannot execute javascript. for example alert/xss/ These statements can not be executed in the html attachments...LOL However, the addition ...

6.3AI score
Exploits0
CNVD
CNVD
added 2017/06/22 12:0 a.m.6 views

Rapid7 Metasploit Editions Cross-Site Scripting Vulnerability

Rapid7 Metasploit is an open source security vulnerability detection tool from Rapid7, Inc. Metasploit Express, Community and Pro are different versions. A cross-site request forgery vulnerability exists in Rapid7 Metasploit Express, Community, and Pro, which stems from the program failing to...

3.5CVSS6.8AI score0.00716EPSS
Exploits1References1
Hacker One
Hacker One
added 2017/06/19 3:6 p.m.30 views

Gratipay: CSP Policy Bypass and javascript execution Still Not Fixed

Summary Content Security Policy CSP is a computer security standard introduced to prevent cross-site scripting XSS, clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context. CSP provides a standard method for website owners to...

0.2AI score
Exploits0
Rows per page
Query Builder