Lucene search
K

87 matches found

CNVD
CNVD
added 2022/02/28 12:0 a.m.21 views

Piwigo Cross-Site Scripting Vulnerability (CNVD-2022-71118)

Piwigo is a set of Web-based open source image gallery software. Piwigo version 12.2.0 contains a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied and output data. An attacker could use this vulnerability to steal the webmaster's cookies to...

5.4CVSS2.8AI score0.00622EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/23 12:0 a.m.17 views

mysiteforme cross-site scripting vulnerability

Mysiteforme is a permission management system. mysiteforme suffers from a cross-site scripting vulnerability that stems from the lack of user-supplied data and output data validation filtering in the blog tagging function of the backend blog management. An attacker could exploit the vulnerability...

5.4CVSS3AI score0.00441EPSS
Exploits1References1
CNVD
CNVD
added 2021/12/12 12:0 a.m.12 views

Gryphon Tower Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in Gryphon Tower, a wireless router from Gryphon. The vulnerability stems from a lack of user-supplied data and output data validation filtering in the url parameter of cgi-bin/luci/siteaccess/, which can be exploited to execute client-side JavaScript...

6.1CVSS1.8AI score0.02557EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2021/10/13 12:0 a.m.11 views

The vulnerability of the Moxa MXView network control software lies in its failure to eliminate special elements, allowing a violator to execute arbitrary code.

The vulnerability of the Moxa MXView network control software lies in the lack of measures taken to neutralize special elements in the output data used by the incoming component. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted reques...

10CVSS8.5AI score0.01707EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2021/10/05 12:0 a.m.5 views

WordPress 插件 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in Wordpress Zoho CRM Lead Magnet plugin version 1.7.2.4, which...

5.4CVSS6.4AI score0.01044EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2021/09/20 12:0 a.m.6 views

The vulnerability of the SSH server on the Cisco IOS XR operating system allows a hacker to read and rewrite any files they choose.

The vulnerability of the SSH server on the Cisco IOS XR operating system is related to insufficient cleaning of special elements in the output data used by the incoming component. Exploiting this vulnerability allows a remote attacker to read and rewrite any files as desired...

8.5CVSS7.5AI score0.01581EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/09/09 12:0 a.m.6 views

PT-2021-4505 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.8.1 Description: The issue is related to the wp die function in WordPress, which can leak output data under certain conditions, including sensitive information like nonces. This leaked data can be used to perform...

7.6CVSS5.7AI score0.02207EPSS
Exploits0References21
BDU FSTEC
BDU FSTEC
added 2021/09/02 12:0 a.m.6 views

The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center’s date center is related to deficiencies in the process of eliminating special elements from the output data used by the incoming component. This allows a perpetrator to execute arbitrary code.

The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center are related to deficiencies in the process of eliminating special elements from the output data used by the incoming component. Exploiting this vulnerability allows a malicious actor to execute arbitrar...

10CVSS8AI score0.99999EPSS
Exploits45References8Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/07/20 12:0 a.m.5 views

The vulnerability of the HTTP request programming language Python method, related to the lack of mechanisms for encoding or shielding output data, allows attackers to gain access to confidential information and compromise its integrity.

The vulnerability of the HTTP request programming language Python method is related to the lack of mechanisms for encoding or encrypting output data. Exploiting this vulnerability allows an attacker to gain access to confidential data and compromise its integrity...

7.2CVSS6.8AI score0.0642EPSS
Exploits1References14Affected Software6
CNNVD
CNNVD
added 2021/07/07 12:0 a.m.5 views

IOBit Advanced SystemCare 安全漏洞

Iobit IOBit Advanced SystemCare is a system management utility program from the British company IOBit Iobit. The program is mainly used for scanning, repairing and optimizing the system, among other things. A security vulnerability exists in IOBit Advanced SystemCare Ultimate, which stems from th...

6.5CVSS6.3AI score0.0034EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2021/06/25 12:0 a.m.5 views

The vulnerability of the Dovecot mail server arises from incorrect neutralization of special elements in the output data used by the incoming component, allowing attackers to expose user credentials.

The vulnerability of the Dovecot mail server is related to incorrect neutralization of special elements in the output data used by the incoming component. Exploiting this vulnerability can allow a remote attacker to expose user credentials...

4.2CVSS6.8AI score0.02837EPSS
Exploits0References9Affected Software13
BDU FSTEC
BDU FSTEC
added 2021/06/15 12:0 a.m.6 views

The vulnerability of the IBM DB2 database management system lies in the insufficient cleaning of special elements in the output data used by the incoming component, which allows a hacker to trigger a service failure.

The vulnerability of the IBM DB2 database management system is related to insufficient cleaning of special elements in the output data used by the incoming component. Exploiting this vulnerability can allow a malicious actor to cause service interruptions using specially created commands...

6.5CVSS6.9AI score0.01395EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/04/13 12:0 a.m.7 views

The vulnerability of Mutt and NeoMutt email clients stems from deficiencies in the process of neutralizing special characters in the output data used by the incoming component. This allows attackers to gain unauthorized access to protected information.

The vulnerability of Mutt and NeoMutt email clients is related to deficiencies in the process of neutralizing special elements in the output data used by the incoming component. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected...

5.9CVSS6.5AI score0.02288EPSS
Exploits0References11Affected Software6
Hacker One
Hacker One
added 2021/04/07 9:32 a.m.11 views

U.S. Dept Of Defense: Reflected XSS on https://██████

Description: Reflected XSS on https://███████ POC: https://███/████=https://████████████/%3C/script%3E%3Cscript%3Ealertorigin%3C/script%3E&██████ References ███████ Impact Unauthenticated Reflected XSS System Hosts ████████ Affected Products and Versions CVE Numbers Steps to Reproduce Step 1: Go ...

0.9AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/03/30 12:0 a.m.4 views

The vulnerability of the DhcpClient method in the Bluetooth Blueman manager arises from incorrect neutralization of special elements in the output data. This allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the DhcpClient method in the Bluetooth Blueman manager is related to incorrect elimination of special elements in the output data. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and cause service failures...

7CVSS7AI score0.04539EPSS
Exploits4References5Affected Software3
BDU FSTEC
BDU FSTEC
added 2021/03/30 12:0 a.m.7 views

The vulnerability of the WASSP discriver of the Wireshark network traffic analyzer allows a hacker to cause a service failure.

The vulnerability of the WASSP discriminator in the Wireshark network traffic analyzer is related to incorrect neutralization of special elements in the output data. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

7.5CVSS7.2AI score0.03242EPSS
Exploits1References9Affected Software5
BDU FSTEC
BDU FSTEC
added 2021/03/30 12:0 a.m.5 views

The vulnerability of the software package that implements the Squid caching proxy server’s function relates to incorrect elimination of certain elements in the output data. This allows a hacker to compromise the integrity of the data.

The vulnerability of the software package that implements the Squid caching proxy server lies in the improper elimination of certain elements in the output data. Exploiting this vulnerability allows a remote attacker to compromise the integrity of the data...

6.1CVSS6.7AI score0.055EPSS
Exploits0References12Affected Software6
BDU FSTEC
BDU FSTEC
added 2021/03/15 12:0 a.m.4 views

The vulnerability of the jqMix method implementation in the dojox library (NPM package) allows an attacker to compromise data integrity.

The vulnerability of the jqMix method implementation in the dojox library NPM package is related to incorrect elimination of special elements in the output data. Exploiting this vulnerability can allow an attacker to compromise the integrity of the data...

5.3CVSS6.6AI score0.01976EPSS
Exploits1References6Affected Software3
BDU FSTEC
BDU FSTEC
added 2021/02/02 12:0 a.m.4 views

The vulnerability of the Adobe Download Manager’s download manager, related to incorrect elimination of special elements in the output data used by the incoming component, allows a hacker to execute arbitrary code.

The vulnerability of the Adobe Download Manager’s download manager is related to the incorrect elimination of certain elements in the output data used by the incoming component. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code remotely...

9.3CVSS7.9AI score0.04847EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/01/13 12:0 a.m.6 views

The vulnerability in the implementation of the Strict Transport Security (HSTS) mechanism of the Mozilla Firefox browser allows a perpetrator to compromise the integrity of data.

The vulnerability of the Strict Transport Security HSTS mechanism implemented by Mozilla Firefox is related to incorrect elimination of special elements in the output data used by the incoming component. Exploiting this vulnerability can allow a remote attacker to compromise the integrity of the...

5.3CVSS6.9AI score0.01784EPSS
Exploits1References9Affected Software3
Rows per page
Query Builder