Lucene search
+L

100 matches found

OSV
OSV
added 2024/06/08 1:15 p.m.2 views

CVE-2024-35739

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in RadiusTheme The Post Grid allows Stored XSS.This issue affects The Post Grid: from n/a through 7.7.1...

5.4CVSS5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/06/08 12:0 a.m.6 views

PT-2024-26650 · Unknown · Propertyhive

Name of the Vulnerable Software and Affected Versions: PropertyHive versions n/a through 2.0.13 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Stored XSS. This means that an attacker can inject...

6.5CVSS6.2AI score0.00261EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/05/03 12:0 a.m.3 views

PT-2024-24907 · Unknown · Lorna Timbah (Webgrrrl) Accessibility Widget

Name of the Vulnerable Software and Affected Versions: Lorna Timbah webgrrrl Accessibility Widget versions n/a through 2.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks...

6.5CVSS5.6AI score0.00319EPSS
Exploits0References4
OSV
OSV
added 2024/04/26 8:15 a.m.4 views

CVE-2024-33639

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through 2.1.1...

4.8CVSS5.8AI score0.00359EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/17 12:0 a.m.5 views

WonderCMS 安全漏洞

WonderCMS is an open source PHP-based content management system CMS. A cross-site scripting vulnerability exists in WonderCMS v3.4.3, which stems from the lack of effective filtering and escaping of user-supplied data on the Home page, and can be exploited by an attacker to steal the victim's...

5.4CVSS6.4AI score0.00386EPSS
Exploits1References2
OSV
OSV
added 2024/03/19 4:15 p.m.2 views

CVE-2024-29099

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Evergreen Content Poster allows Reflected XSS.This issue affects Evergreen Content Poster: from n/a through 1.4.1...

6.1CVSS7.3AI score0.00398EPSS
Exploits0References1
OSV
OSV
added 2024/01/13 12:15 a.m.5 views

CVE-2024-22137

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.This issue affects Constant Contact Forms by MailMunch: from n/a through 2.0.11...

5.4CVSS5.8AI score0.00317EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/29 12:0 a.m.6 views

PT-2023-31845 · Unknown · Aleksandar Urošević Stock Ticker

Name of the Vulnerable Software and Affected Versions: Aleksandar Urošević Stock Ticker versions 3.23.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...

6.5CVSS6.4AI score0.00328EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/11/15 3:35 a.m.22 views

CVE-2023-5985

A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability exists that could cause compromise of a user’s browser when an attacker with admin privileges has modified system values...

4.8CVSS5.3AI score0.00399EPSS
Exploits0References1
NVD
NVD
added 2022/10/18 6:15 a.m.18 views

CVE-2022-39057

RAVA certificate validation system has insufficient filtering for special parameter of the web page input field. A remote attacker with administrator privilege can exploit this vulnerability to perform arbitrary system command and disrupt service...

7.2CVSS0.00686EPSS
Exploits0References1
Prion
Prion
added 2022/10/18 6:15 a.m.17 views

Command injection

RAVA certificate validation system has insufficient filtering for special parameter of the web page input field. A remote attacker with administrator privilege can exploit this vulnerability to perform arbitrary system command and disrupt service...

5.8CVSS7.2AI score0.00686EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/10/18 5:40 a.m.26 views

CVE-2022-39057 Changing Information Technology Inc. RAVA certificate validation system - Command Injection

RAVA certificate validation system has insufficient filtering for special parameter of the web page input field. A remote attacker with administrator privilege can exploit this vulnerability to perform arbitrary system command and disrupt service...

7.2CVSS7.4AI score0.00686EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.5 views

Online Car Wash Booking System SQL注入漏洞

Online Car Wash Booking System is an online car wash booking system by Carlo Montero, a personal developer. Online Car Wash Booking System v1.0 is vulnerable to SQL injection, which originates from /ocwbs/admin/services/ manageprice.php?id=The page lacks validation for external input SQL...

9.8CVSS5.9AI score0.01081EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2021/12/28 9:15 a.m.6 views

CVE-2021-4179

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

6.6CVSS6.3AI score0.0046EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2021/12/08 12:15 p.m.3 views

CVE-2021-41029

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWLM version 8.6.1 and below allows attacker to store malicious javascript code in the device and trigger it via crafted HTTP requests...

6.4CVSS6.1AI score0.00515EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/04/17 12:0 a.m.5 views

PT-2019-1993 · Cisco · Cisco Umbrella

Name of the Vulnerable Software and Affected Versions: Cisco Umbrella affected versions not specified Description: A vulnerability in Cisco Umbrella could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user in a network protected by Umbrella. The...

6.4CVSS6.2AI score0.01211EPSS
Exploits0References4
CNVD
CNVD
added 2018/10/19 12:0 a.m.5 views

DESTOON B2B Cross-Site Scripting Vulnerability

DESTOON B2B is a PHP and MySQL based on open source B2B e-commerce website management system . A cross-site scripting vulnerability exists in the admin\setting.inc.php page in DESTOON B2B version 7.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via the...

4.8CVSS4.8AI score0.00578EPSS
Exploits1References1
OSV
OSV
added 2018/04/03 6:29 a.m.4 views

CVE-2018-4149

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "SafariViewController" component. It allows remote attackers to spoof the user interface via a crafted web site that leverages input into a partially loaded page...

8.8CVSS7.2AI score0.01611EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/12/01 7:17 a.m.7 views

Multiple vulnerabilities in multiple Buffalo broadband routers

Overview BBR-4HG and BBR-4MG provided by BUFFALO INC. are wireless LAN routers. BBR-4HG and BBR-4MG contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2017-10896 Improper Input Validation CWE-20 - CVE-2017-10897 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions,...

6.1CVSS6.5AI score0.00713EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2005/11/23 12:0 a.m.7 views

PT-2005-4523 · Php · Php-Post

Name of the Vulnerable Software and Affected Versions: PHP-Post PHPp version 1.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting XSS attacks. This can be achieved through the subject in a post or by manipulating th...

4.3CVSS6.1AI score0.0412EPSS
Exploits1References11
Rows per page
Query Builder