Lucene search
+L

45 matches found

OSV
OSV
added 2021/04/08 11:15 a.m.5 views

CVE-2021-3012

A cross-site scripting XSS vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror in the URL field of the Parameters tab...

5.4CVSS6.2AI score0.00662EPSS
Exploits1References1
OSV
OSV
added 2020/04/22 6:15 p.m.7 views

CVE-2018-18405

jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry...

6.1CVSS5.5AI score
Exploits0References4
Prion
Prion
added 2020/04/22 6:15 p.m.24 views

Design/Logic Flaw

DISPUTED jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry...

4.3CVSS6AI score0.0162EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2020/04/22 5:56 p.m.23 views

CVE-2018-18405

jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry...

5.7AI score0.0162EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2020/04/22 12:0 a.m.10 views

PT-2020-8631 · Jquery · Jquery

Name of the Vulnerable Software and Affected Versions: jQuery version 2.2.2 Description: The issue allows for cross-site scripting XSS attacks via a crafted onerror attribute of an IMG element. Recommendations: For jQuery version 2.2.2, consider disabling the use of the onerror attribute in IMG...

6.1CVSS8.5AI score0.0162EPSS
Exploits0References9
OSV
OSV
added 2020/02/17 5:15 p.m.7 views

CVE-2019-12954

SolarWinds Network Performance Monitor Orion Platform 2018, NPM 12.3, NetPath 1.1.3 allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT...

5.4CVSS6.1AI score0.01363EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/02/17 4:42 p.m.29 views

CVE-2019-12954

SolarWinds Network Performance Monitor Orion Platform 2018, NPM 12.3, NetPath 1.1.3 allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT...

5.2AI score0.01363EPSS
Exploits1References1
NVD
NVD
added 2019/07/18 4:15 p.m.28 views

CVE-2019-13948

SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element...

5.4CVSS5.2AI score0.00702EPSS
Exploits1References2
OSV
OSV
added 2018/11/21 10:21 p.m.6 views

GHSA-WG85-P6J7-GP3W SimpleMDE XSS Vulnerability

SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with and characters, which is mishandled during construction of an A element...

6.1CVSS5.9AI score0.00788EPSS
Exploits1References4
CVE
CVE
added 2018/11/07 3:0 p.m.48 views

CVE-2018-19057

CVE-2018-19057 affects SimpleMDE 1.11.2. The vulnerability is a cross-site scripting (XSS) issue triggered by an onerror attribute on a crafted IMG element, or by certain input containing [ and ( characters, which is mishandled during the construction of an A element. The issue is described acros...

6.1CVSS5.9AI score0.00788EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/10/23 12:0 a.m.4 views

TeaKKi Cross-Site Scripting Vulnerability

TeaKKi is a team document collaboration software. The software features document synchronization, category management and rights management. A cross-site scripting vulnerability exists in TeaKKi version 2.7. The vulnerability can be exploited by remote attackers to inject arbitrary web script or...

6.1CVSS5.9AI score0.00826EPSS
Exploits1References1
NVD
NVD
added 2018/10/20 9:29 p.m.12 views

CVE-2018-18540

TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL...

6.1CVSS6AI score0.00826EPSS
Exploits1References1
OSV
OSV
added 2018/10/20 9:29 p.m.5 views

CVE-2018-18540

TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL...

6.1CVSS5.8AI score0.00826EPSS
Exploits1References1
Prion
Prion
added 2018/10/20 9:29 p.m.13 views

Cross site scripting

TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL...

4.3CVSS5.9AI score0.00826EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/07/05 10:29 p.m.30 views

CVE-2018-13339

Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035...

6.1CVSS5.5AI score0.00937EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2018/07/03 12:29 p.m.13 views

CVE-2018-13065

ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured...

6.1CVSS6.3AI score0.01353EPSS
Exploits3References2
Prion
Prion
added 2018/07/03 12:29 p.m.22 views

Code injection

DISPUTED ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured...

4.3CVSS5.9AI score0.01353EPSS
Exploits3References3Affected Software1
CVE
CVE
added 2018/07/03 11:0 a.m.52 views

CVE-2018-13065

CVE-2018-13065 affects ModSecurity 3.0.0 with a Cross-Site Scripting issue: XSS via an IMG onError attribute. The core detail across connected sources is that an attacker could inject script through an onError on an IMG tag; some sources note a third party disputes applicability without a Core Ru...

6.1CVSS5.9AI score0.01353EPSS
Exploits3References3Affected Software1
Exploit DB
Exploit DB
added 2018/07/03 12:0 a.m.67 views

ModSecurity 3.0.0 - Cross-Site Scripting

ModSecurity 3.0.0 - Cross-Site Scripting. CVE-2018-13065. Webapps exploit for Linux platform. Tags: Cross-Site Scripting XSS Exploit Title: ModSecurity 3.0.0 - Cross-Site Scripting Date: 2018-07-02 Vendor Homepage: https://www.modsecurity.org Software: ModSecurity Category: Web Application Firewa...

6.1CVSS6AI score0.01353EPSS
Exploits3
Atlassian
Atlassian
added 2013/08/09 4:40 a.m.25 views

Reflected XSS in 'where' param of doSearchSite

Olivier Beg reported quote noformathttps://confluence.atlassian.com/dosearchsite.action?queryString=%22%3E&startIndex=0&lastModified=LASTWEEK&where=confall%22%3E%3Cimg%20src=x%20onerror=alert1%3Enoformat I asume he is DOM based because he works in google chrome. quote This results in code:html co...

1.4AI score
Exploits0
Rows per page
Query Builder