Lucene search
K

178 matches found

Github Security Blog
Github Security Blog
added 2025/01/16 5:32 p.m.20 views

LibreNMS Misc Section Stored Cross-site Scripting vulnerability

StoredXSS-LibreNMS-MiscSection Description: Stored XSS on the parameter: ajaxform.php - param: state Request: http POST /ajaxform.php HTTP/1.1 Host: X-Requested-With: XMLHttpRequest X-CSRF-TOKEN: Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Cookie:...

5.4CVSS4.7AI score0.30854EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/01/16 5:18 p.m.22 views

LibreNMS Display Name 2 Stored Cross-site Scripting vulnerability

StoredXSS-LibreNMS-Display Name 2 Description: XSS on the parameters Replace $DEVICEID with your specific $DEVICEID value:/device/$DEVICEID/edit - param: display of Librenms versions 24.11.0 https://github.com/librenms/librenms allows remote attackers to inject malicious scripts. When a user view...

5.4CVSS4.8AI score0.00372EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/01/13 11:33 p.m.17 views

CVE-2025-23031 Cross-Site Scripting (XSS) Stored endpoint 'adicionar_alergia.php' parameter 'nome' in WeGIA

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionaralergia.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in...

6.4CVSS5.3AI score0.00273EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/12/10 12:0 a.m.16 views

Adobe Connect <= 11.4.7 Multiple Vulnerabilities (APSB24-99)

The version of Adobe Connect installed on the remote host is prior to 11.4.9. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb24-99 advisory. - Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that coul...

9.3CVSS8.9AI score0.00893EPSS
Exploits0References21
Snyk
Snyk
added 2024/10/29 2:2 p.m.3 views

Cross-site Scripting (XSS)

Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Cross-site Scripting XSS via the sanitizesvg function. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into a...

9CVSS5.3AI score0.00595EPSS
Exploits1References2
Veracode
Veracode
added 2024/09/10 4:48 a.m.7 views

Cross Site Scripting(XSS)

craftcms/cms is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to insufficient input sanitization in the breadcrumb list and title fields, allowing user-provided input to be stored without proper validation or encoding, which then executes malicious scripts when displayed...

5.5CVSS6.3AI score0.00334EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/06/13 8:15 a.m.6 views

CVE-2024-26088

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS5.8AI score0.00717EPSS
Exploits0References1
NVD
NVD
added 2024/05/06 7:15 a.m.25 views

CVE-2024-23188

Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to trigger. Attackers could perform malicious API requests or extract information from the users...

6.5CVSS6.4AI score0.00526EPSS
Exploits0References3
OSV
OSV
added 2024/03/18 6:15 p.m.3 views

CVE-2024-26052

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

5.4CVSS5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/15 12:0 a.m.3 views

PT-2023-30407 · Unknown · Nukium Nkmgls

Name of the Vulnerable Software and Affected Versions: Nukium nkmgls versions prior to 3.0.2 Description: The issue is related to Cross Site Scripting XSS and can be exploited via the displayAjaxSavePhoneMobile function in the NkmGlsCheckoutModuleFrontController. This allows for potential malicio...

5.4CVSS5.2AI score0.00419EPSS
Exploits1References3
Prion
Prion
added 2023/07/13 10:15 a.m.17 views

Cross site scripting

Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts...

5.8CVSS6AI score0.00566EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2023/03/12 12:36 a.m.5 views

Drugs.com: Stored Xss On "https://www.question.com/"

The vulnerability was a stored cross-site scripting XSS issue on the "https://www.question.com/" website. The vulnerability was discovered in the "ask" page, where a malicious script was injected directly into the web application. The impact of the vulnerability was that the malicious script coul...

5.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/08/30 12:0 a.m.3 views

PT-2022-23601 · Unknown · Picuploader

Name of the Vulnerable Software and Affected Versions: PicUploader version 2.6.3 Description: A cross-site scripting XSS issue was found in the /master/index.php component of PicUploader. This allows for potential malicious script execution. Recommendations: For PicUploader version 2.6.3, conside...

6.1CVSS6AI score0.00381EPSS
Exploits1References4
Veracode
Veracode
added 2022/04/12 7:7 a.m.42 views

Cross-site Scripting (XSS)

privatebin is vulnerable to cross-site scripting. No sanitization in handling Attachment before sending for preview in SVG in AttachmentViewer allows malicious script execution in instance context...

8.2CVSS1.9AI score0.01271EPSS
Exploits1References3Affected Software1
Huntr
Huntr
added 2021/12/31 5:42 a.m.4 views

Cross-site Scripting (XSS) - Stored in erudika/scoold

Description The Schold is a Q&A/knowledge base platform written in Java. When writing a Q&A, you can use the markdown editor. So I tried to exploit the syntax to try an XSS attack. It seemed to validate javascript: on the backend. So I couldn't use it. However, according to RFC3986, the scheme ca...

6.4AI score
Exploits0
OSV
OSV
added 2021/06/28 2:15 p.m.4 views

CVE-2021-21084

AEM's Cloud Service offering, as well as versions 6.5.7.0 and below, 6.4.8.3 and below and 6.3.3.8 and below are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be...

6.1CVSS5.8AI score0.01816EPSS
Exploits0References1
Hacker One
Hacker One
added 2021/05/03 7:6 p.m.18 views

MTN Group: Cross-Site Request Forgery (CSRF) to xss

hello dear support i have found csrf to xss on https://dailydeals.mtn.co.za/index.cfm?GO=DEALS URL:https://dailydeals.mtn.co.za/index.cfm?GO=DEALS URL encoded POST input CFID was set to fbe8c86c-c0b2-4421-8ca2-dcfc14763d6e" HTTP request ============ POST /index.cfm?GO=DEALS HTTP/1.1 Host:...

0.2AI score
Exploits0
CNVD
CNVD
added 2021/03/22 12:0 a.m.7 views

Zen Cart Cross-Site Scripting Vulnerability (CNVD-2021-22861)

Zen Cart is open source, free mall system for building professional online stores. A reflective cross-site scripting vulnerability exists in Zen Cart 1.5.6d. An attacker can execute malicious script via the includes/templates/templatedefault/common/tplmainpage.php or...

6.1CVSS6.2AI score0.00844EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2019/08/26 3:39 p.m.16 views

Security Bulletin: IBM Cloud Automation Manager is affected by a insecure Content-Security-Policy header vulnerability CVE-2019-4133

Summary IBM Cloud Automation Manager could allow a malicious user on the client side with access to client computer to run a custom script. Vulnerability Details CVEID: CVE-2019-4133 DESCRIPTION: IBM Cloud Automation Manager could allow a malicious user on the client side with access to client...

5.2CVSS1.3AI score0.0032EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2018/12/20 5:0 p.m.3 views

CVE-2018-1000874

PHP cebe markdown parser version 1.2.0 and earlier contains a Cross Site Scripting XSS vulnerability in all distributed parsers allowing a malicious crafted script to be executed that can result in the lose of user data and sensitive user information. This attack can be exploited by crafting a...

6.1AI score0.00799EPSS
Exploits1References2
Rows per page
Query Builder