Lucene search
K

37 matches found

CNNVD
CNNVD
added 2022/11/09 12:0 a.m.5 views

FeehiCMS 跨站脚本漏洞

FeehiCMS is a Php-based CMS website builder for individual developers. feehiCMS version v2.1.1 has a security vulnerability that originates from an id parameter on /web/admin/index.php?r=log/view-layer found to contain a reflective cross-site scripting XSS vulnerability. No detailed vulnerability...

6.1CVSS6AI score0.00406EPSS
Exploits1References2
OSV
OSV
added 2022/03/10 5:42 p.m.5 views

CVE-2021-32005

Cross-site Scripting XSS vulnerability in log view of Secomea SiteManager allows a logged in user to store javascript for later execution. This issue affects: Secomea SiteManager Version 9.6.621421014 and all prior versions...

5.4CVSS5.8AI score0.0057EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/01/12 12:0 a.m.5 views

MartDevelopers Iresturant 跨站脚本漏洞

MartDevelopers Iresturant is an open source lightweight restaurant Erp from MartDevelopers Kenya, designed to integrate social restaurant operations into a single system. A cross-site scripting vulnerability exists in MartDevelopers Iresturant because the product does not effectively filter...

5.4CVSS6.3AI score0.00593EPSS
Exploits0References3
Veracode
Veracode
added 2021/09/30 5:58 a.m.31 views

Log Injection

ZoneMinder is vulnerable to log Injectio. An attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the 'log' view page, as demonstrated by the message=User%20'admin'%20Logged%20in value...

6.5CVSS4.2AI score0.01163EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2021/09/30 5:56 a.m.18 views

Cross-site Scripting (XSS)

zoneminder:edge is vulnerable to cross site scripting XSS. An attacker is able to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value...

6.1CVSS0.8AI score0.00873EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2020/05/13 5:15 p.m.2 views

CVE-2019-2388

In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5...

5.3CVSS6.1AI score0.00999EPSS
Exploits0References1
CNVD
CNVD
added 2019/11/29 12:0 a.m.1 views

FusionPBX Cross-Site Scripting Vulnerability (CNVD-2019-43412)

FusionPBX is an open source enterprise IPPBX interface management system based on FreeSWITHC. A cross-site scripting vulnerability exists in app/fax/faxlogview.php in FusionPBX 4.4.1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via the faxuuid parameter...

6.1CVSS6AI score0.00866EPSS
Exploits1References1
OSV
OSV
added 2019/02/04 7:29 p.m.3 views

DEBIAN-CVE-2019-7351

Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the 'log' view page, as demonstrated by the message=User%20'admin'%20Logged%20in value...

6.5CVSS7.6AI score0.01163EPSS
Exploits1References1
NVD
NVD
added 2019/02/04 7:29 p.m.23 views

CVE-2019-7339

POST - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log log.php because proper filtration is omitted...

6.1CVSS5.9AI score0.00874EPSS
Exploits1References1
OSV
OSV
added 2019/02/04 7:29 p.m.3 views

DEBIAN-CVE-2019-7339

POST - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log log.php because proper filtration is omitted...

6.1CVSS8.2AI score0.00874EPSS
Exploits1References1
OSV
OSV
added 2019/01/15 12:29 a.m.2 views

CVE-2019-6267

The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for WordPress has XSS via a crafted GET request that is mishandled during log viewing at the templates/admin/redirect-log.php URI...

6.1CVSS6.3AI score0.01365EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2015/04/16 1:52 p.m.5 views

dashboard: log file arbitrary file retrieval

It was found that the local log-viewing function of the redhat-access-plugin for OpenStack Dashboard horizon did not sanitize user input. An authenticated user could use this flaw to read an arbitrary file with the permissions of the web server...

4CVSS5.8AI score0.01676EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/09/11 8:16 p.m.6 views

Satellite: Spacewalk contains XSS in log file view

A stored cross-site scripting XSS flaw was found in the way spacewalk-java displayed log files. By sending a specially crafted request to Satellite, a remote attacker could embed HTML content into the log file, allowing them to inject malicious content into the web page that is used to view that...

4.3CVSS5.6AI score0.01759EPSS
Exploits0References4
NVD
NVD
added 2014/04/05 4:1 a.m.21 views

CVE-2014-0337

Cross-site scripting XSS vulnerability in the web interface on Huawei Echo Life HG8247 routers with software before V100R006C00SPC127 allows remote attackers to inject arbitrary web script or HTML via an invalid TELNET connection attempt with a crafted username that is not properly handled during...

4.3CVSS5.6AI score0.00821EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2011/03/16 12:0 a.m.20 views

Fedora 14 : cgit-0.9-1.fc14 (2011-2803)

In addition to closing a DOS vulnerability thanks to Jim Meyering, this upstream feature release adds the following enhancements : - Support for side-by-side diffs - Support for repo content in 'about' view - Improved integration with gitolite/gitweb - Support for git notes in commit/log view -...

5CVSS5.5AI score0.03746EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2011/03/16 12:0 a.m.21 views

Fedora 15 : cgit-0.9-1.fc15 (2011-2790)

In addition to closing a DOS vulnerability thanks to Jim Meyering, this upstream feature release adds the following enhancements : - Support for side-by-side diffs - Support for repo content in 'about' view - Improved integration with gitolite/gitweb - Support for git notes in commit/log view -...

5CVSS5.5AI score0.03746EPSS
Exploits1References4
securityvulns
securityvulns
added 2003/08/10 12:0 a.m.26 views

iPlanet Administration Server directory traversal

Directory traversal during log view with 2f...

3.5AI score
Exploits0References1Affected Software1
Rows per page
Query Builder