Lucene search
K

533 matches found

Cvelist
Cvelist
added 2024/07/01 4:57 p.m.41 views

CVE-2024-36997 Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a...

8.1CVSS0.00547EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/01 4:54 p.m.29 views

CVE-2024-36993 Persistent Cross-site Scripting (XSS) in Web Bulletin

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in...

5.4CVSS0.00373EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/07/01 4:30 p.m.34 views

CVE-2024-36992 Persistent Cross-site Scripting (XSS) in Dashboard Elements

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthoriz...

5.4CVSS0.00304EPSS
Exploits0References1
OSV
OSV
added 2024/06/13 1:46 p.m.25 views

CVE-2024-37308 WordPress Cooked Plugin - Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability

The Cooked Pro recipe plugin for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the recipesettingsposttitle parameter in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with...

5.4CVSS5.5AI score0.00426EPSS
Exploits1References4
Exploit DB
Exploit DB
added 2024/05/31 12:0 a.m.241 views

iMLog < 1.307 - Persistent Cross Site Scripting (XSS)

Exploit Title: iMLog "User Maintenance" 3. Click on "Search" and then select your UserID. 4. Change the "Last Name" input to 5. Click on "Save" 6. Refresh the page, XSS will be triggered...

7.4AI score
Exploits0
OSV
OSV
added 2024/05/24 1:15 p.m.4 views

CVE-2023-49575

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, in Sync Breeze Enterprise Server 10.4.18 version, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setupsmtp in smtpserver, smtpuser, smtppassword an...

6.1CVSS5.8AI score0.00254EPSS
Exploits0References1
OSV
OSV
added 2024/05/24 1:15 p.m.6 views

CVE-2023-49572

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setupodbc in odbcdatasource, odbcuser and odbcpassword parameters. This vulnerability could allow an...

6.1CVSS5.8AI score0.00254EPSS
Exploits0References1
0day.today
0day.today
added 2024/04/15 12:0 a.m.257 views

Savsoft Quiz v6.0 Enterprise - Stored XSS Vulnerability

Exploit Title: Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site Scripting Exploit Author: Eren Sen Vendor: SAVSOFT QUIZ Vendor Homepage: https://savsoftquiz.com Software Link: https://savsoftquiz.com/web/index.php/online-demo/ Version: 6.0 CVE-ID: N/A Tested on: Kali Linux / Windows 10...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/04/13 12:0 a.m.331 views

Savsoft Quiz v6.0 Enterprise - Stored XSS

Exploit Title: Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site Scripting Date: 2024-01-03 Exploit Author: Eren Sen Vendor: SAVSOFT QUIZ Vendor Homepage: https://savsoftquiz.com Software Link: https://savsoftquiz.com/web/index.php/online-demo/ Version: 6.0 CVE-ID: N/A Tested on: Kali Linux /...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/20 12:0 a.m.262 views

Savsoft Quiz 6.0 Enterprise Cross Site Scripting

Exploit Title: Savsoft Quiz v6.0 Enterprise - Persistent Cross-Site Scripting Date: 2024-01-03 Exploit Author: Eren Sen Vendor: SAVSOFT QUIZ Vendor Homepage: https://savsoftquiz.com Software Link: https://savsoftquiz.com/web/index.php/online-demo/ Version: 6.0 CVE-ID: N/A Tested on: Kali Linux /...

7.4AI score
Exploits0
UbuntuCve
UbuntuCve
added 2023/12/04 12:0 a.m.18 views

CVE-2022-45592

1 Server Side Request Forgery SSRF, 2 persistant Cross site scripting XSS, and 3 File upload vulnerability...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/09/07 12:0 a.m.14 views

PT-2023-5296 · Unknown · Mod3Gp-Sy-120K

Name of the Vulnerable Software and Affected Versions: MOD3GP-SY-120K affected versions not specified Description: The web application of MOD3GP-SY-120K contains a persistent cross-site scripting XSS issue. This allows an authenticated remote attacker to inject an XSS payload into the MAIL RCV...

7.5CVSS5.4AI score0.00354EPSS
Exploits0References8
OSV
OSV
added 2023/09/03 3:15 p.m.6 views

CVE-2023-39370

StarTrinity Softswitch version 2023-02-16 - Persistent XSS CWE-79...

5.4CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2023/08/03 10:15 p.m.23 views

CVE-2023-37499

A Persistent Cross-site Scripting XSS vulnerability can be carried out in a certain field of the Unica Platform. An attacker could hijack a user's session and perform other attacks...

8.1CVSS7.5AI score0.00331EPSS
Exploits0References1
OSV
OSV
added 2023/08/03 10:15 p.m.4 views

CVE-2023-37500

A Persistent Cross-site Scripting XSS vulnerability can be carried out on certain pages of Unica Platform. An attacker could hijack a user's session and perform other attacks...

6.1CVSS5.8AI score0.00331EPSS
Exploits0References1
Prion
Prion
added 2023/08/03 10:15 p.m.19 views

Cross site scripting

A Persistent Cross-site Scripting XSS vulnerability can be carried out on certain pages of Unica Platform. An attacker could hijack a user's session and perform other attacks...

5.8CVSS6AI score0.00331EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/03 10:1 p.m.14 views

CVE-2023-37501 A Persistent Cross-site Scripting (XSS) vulnerability affects HCL Unica Campaign

A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign. An attacker could hijack a user's session and perform other attacks...

8.1CVSS6.1AI score0.00331EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/08/03 9:38 p.m.25 views

CVE-2023-37499 A Persistent Cross-site Scripting (XSS) vulnerability affects HCL Unica Platform

A Persistent Cross-site Scripting XSS vulnerability can be carried out in a certain field of the Unica Platform. An attacker could hijack a user's session and perform other attacks...

8.1CVSS7.5AI score0.00331EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2023/07/17 12:0 a.m.274 views

WinterCMS 1.2.2 Cross Site Scripting

Exploit Title: WinterCMS alertdocument.cookie; //P...

4.8CVSS7.1AI score0.027EPSS
Exploits4
Cvelist
Cvelist
added 2023/06/01 4:34 p.m.47 views

CVE-2023-32711 Persistent Cross-Site Scripting (XSS) through a URL Validation Bypass within a Dashboard View

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework CVE-2019-8331 and build a stored cross-site scripting XSS payload...

5.4CVSS6AI score0.0035EPSS
Exploits0References2
Rows per page
Query Builder