Lucene search
+L

276 matches found

Cvelist
Cvelist
added 2021/10/25 2:37 p.m.13 views

CVE-2020-20908

Akaunting v1.3.17 was discovered to contain a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field...

5.4AI score0.00596EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/10/25 12:0 a.m.6 views

Akaunting 跨站脚本漏洞

Akaunting, an application from Akaunting, Inc. provides all the tools needed to manage funds online.Akaunting version 1.3.17 contains a cross-site scripting vulnerability that stems from a lack of checksum filtering of user-supplied and output data in the company name input field. An attacker cou...

5.4CVSS5.5AI score0.00596EPSS
Exploits1References2
OSV
OSV
added 2021/09/02 6:15 p.m.5 views

CVE-2020-18048

An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field...

9.8CVSS6AI score0.01781EPSS
Exploits1References2
OSV
OSV
added 2021/08/02 6:15 a.m.3 views

CVE-2021-3351

OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device Name to the web server's Add New Device page...

5.4CVSS6.1AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/08/02 6:15 a.m.4 views

CVE-2021-3351

OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device Name to the web server's Add New Device page...

5.4CVSS6AI score0.0052EPSS
Exploits1References2
CNVD
CNVD
added 2021/07/26 12:0 a.m.17 views

NCH Axon PBX Cross-Site Scripting Vulnerability (CNVD-2021-55888)

NCH Axon PBX is a set of virtual telephone switch software used in commercial environments. The software is primarily used to manage telephone call centers and implements the functionality of a telephone switch in software.A cross-site scripting vulnerability exists in NCH Axon PBX, which stems...

5.4CVSS3.5AI score0.00589EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/07/25 12:0 a.m.7 views

NCH Axon PBX 跨站脚本漏洞

NCH Axon PBX is a set of virtual telephone switch software used in commercial environments. The software is primarily used to manage telephone call centers and implements the functionality of a telephone switch in software.A cross-site scripting vulnerability exists in NCH Axon PBX, which stems...

5.4CVSS5.3AI score0.00589EPSS
Exploits1References3
OSV
OSV
added 2020/12/16 5:15 p.m.5 views

CVE-2019-14478

AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting XSS vulnerability in the NetCrunch web client. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScrip...

5.4CVSS6.2AI score0.00569EPSS
Exploits1References2
CNNVD
CNNVD
added 2020/12/16 12:0 a.m.11 views

AdRem NetCrunch Cross-Site Scripting Vulnerability

Adrem Netcrunch is a device monitoring software from the American company Adrem. The software monitors Windows, Linux, Mac OS X, BSD, NetWare, and SNMP devices based on SNMP sources, Windows event logs, and Syslog servers. A cross-site scripting vulnerability exists in AdRem NetCrunch 10.6.0.4587...

5.4CVSS6.1AI score0.00569EPSS
Exploits1References3
OSV
OSV
added 2020/11/05 3:15 p.m.4 views

CVE-2020-15951

Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. An attacker could leverage this to redirect application users to a phishing website in an attempt to steal...

6.1CVSS6.5AI score0.00957EPSS
Exploits1References3
OSV
OSV
added 2020/03/04 7:15 p.m.3 views

CVE-2020-9371

Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabcappointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML...

4.8CVSS6.6AI score0.03591EPSS
Exploits5References5
Snyk
Snyk
added 2020/01/08 11:33 a.m.3 views

Command Injection

Overview devcert-sanscache is a package that can be used to generate trusted local SSL/TLS certificates for local SSL development. Affected versions of this package are vulnerable to Command Injection. The variable commonName controlled by user input is used as part of the exec function without a...

9.8CVSS6.7AI score0.03453EPSS
Exploits0References2
PyPA
PyPA
added 2019/12/26 11:15 p.m.7 views

PYSEC-2019-112

In Archery before 1.3, inserting an XSS payload into a project name either by creating a new project or editing an existing one will result in stored XSS on the vulnerability-scan scheduling page...

5.4CVSS6.2AI score0.00761EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2019/10/08 8:15 p.m.5 views

CVE-2019-0375

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in reflected Cross-Site Scripting...

5.4CVSS5.9AI score0.00733EPSS
Exploits0References2
Veracode
Veracode
added 2019/07/25 5:48 a.m.13 views

Cross-site Scripting (XSS)

http-file-server is vulnerable to cross-site scripting XSS attack. It is possible because it does not handle the file name input from the user, allowing a malicious user to inject arbitrary script though it...

5.4CVSS5.1AI score0.00709EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2019/02/26 12:0 a.m.3 views

Buffer Overflow Vulnerability in iSmartViewPro Software

iSmartViewPro is a network surveillance software to monitor your home or store in real time. Users can add, edit or delete devices, watch videos in real time, control the PTZ by sliding or pressing buttons, set video parameters, capture pictures, playback videos, set alarms, etc. It can be used t...

8AI score
Exploits0
NVD
NVD
added 2018/12/23 2:29 a.m.25 views

CVE-2018-20368

The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback...

5.4CVSS5.4AI score0.00705EPSS
Exploits4References1
OSV
OSV
added 2018/10/17 2:29 a.m.4 views

CVE-2018-3953

Devices in the Linksys ESeries line of routers Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04 are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the 'Router Name' input...

7.2CVSS5.9AI score0.13335EPSS
Exploits1References1
OSV
OSV
added 2018/10/17 2:29 a.m.3 views

CVE-2018-3954

Devices in the Linksys ESeries line of routers Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04 are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAMData entered into the 'Router Name' input fiel...

7.2CVSS5.9AI score0.03377EPSS
Exploits1References1
CNVD
CNVD
added 2018/09/26 12:0 a.m.6 views

Article Factory Manager SQL Injection Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A SQL injection vulnerability exists in the Article Factory Manager component of Joomla! The vulnerability is caused by inserting SQL commands into the query string of a web form...

9.8CVSS9.7AI score0.0328EPSS
Exploits5References1
Rows per page
Query Builder