Lucene search
K

7657 matches found

Tenable Nessus
Tenable Nessus
added 2017/03/31 12:0 a.m.16 views

Cross-Site Scripting (XSS) in HTML tag

Client-side scripts are used extensively by modern web applications. They perform from simple functions such as the formatting of text up to full manipulation of client-side data and Operating System interaction. Cross Site Scripting XSS allows clients to inject scripts into a request and have th...

5.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/03/31 12:0 a.m.30 views

Cross-Site Scripting (XSS) in event tag of HTML element

Client-side scripts are used extensively by modern web applications. They perform from simple functions such as the formatting of text up to full manipulation of client-side data and Operating System interaction. Cross Site Scripting XSS allows clients to inject scripts into a request and have th...

5.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/03/31 12:0 a.m.16 views

Cross-Site Scripting (XSS) in attribute context

Client-side scripts are used extensively by modern web applications. They perform from simple functions such as the formatting of text up to full manipulation of client-side data and Operating System interaction. Cross Site Scripting XSS allows clients to inject scripts into a request and have th...

5.7AI score
Exploits0References2
Ivan 'd0znpp' Novikov
Ivan 'd0znpp' Novikov
added 2017/03/29 12:40 a.m.13 views

Google’s lessons in security: bring together security engineering and incident response

Last week during Google Next conference, we have heard an interesting talk where a google security PM, Andy Chang, explained what Google has learned from preventing, detecting and responding to cyber attacks over the years. Not surprisingly, Google is paying a lot of attention to securing the...

7.3AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2017/03/29 12:40 a.m.20 views

Google’s lessons in security: bring together security engineering and incident response

Last week during Google Next conference, we have heard an interesting talk where a google security PM, Andy Chang, explained what Google has learned from preventing, detecting and responding to cyber attacks over the years. Not surprisingly, Google is paying a lot of attention to securing the...

7.3AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2017/03/29 12:0 a.m.44 views

Arachni v1.5-0.5.11 - Persistent Cross Site Vulnerability

Document Title: =============== Arachni v1.5-0.5.11 - Persistent Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2046 Release Date: ============= 2017-03-29 Vulnerability Laboratory ID VL-ID: ====================================...

7.1AI score
Exploits0
NVD
NVD
added 2017/03/28 2:59 a.m.11 views

CVE-2016-9454

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages...

5.4CVSS5.3AI score0.01102EPSS
Exploits0References3
NVD
NVD
added 2017/03/28 2:59 a.m.13 views

CVE-2016-9130

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The website name wasn't properly escaped when displayed in the campaign-zone.php script...

5.4CVSS5.3AI score0.00873EPSS
Exploits0References2
Prion
Prion
added 2017/03/28 2:59 a.m.9 views

Cross site scripting

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages...

3.5CVSS6.2AI score0.01102EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2017/03/28 2:59 a.m.11 views

CVE-2016-9126

Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit the vulnerability to...

5.4CVSS5.2AI score0.01446EPSS
Exploits0References3
Prion
Prion
added 2017/03/28 2:59 a.m.10 views

Cross site scripting

Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit the vulnerability to...

3.5CVSS5.9AI score0.01446EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2017/03/28 2:59 a.m.13 views

Cross site scripting

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The website name wasn't properly escaped when displayed in the campaign-zone.php script...

3.5CVSS6.2AI score0.00873EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/03/28 2:59 a.m.12 views

CVE-2016-9454

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages...

5.4CVSS6AI score
Exploits0References3
OSV
OSV
added 2017/03/28 2:59 a.m.15 views

CVE-2016-9130

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The website name wasn't properly escaped when displayed in the campaign-zone.php script...

5.4CVSS6AI score
Exploits0References2
Cvelist
Cvelist
added 2017/03/28 2:46 a.m.17 views

CVE-2016-9454

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The banner image URL for external banners wasn't properly escaped when displayed in most of the banner related pages...

5.7AI score0.01102EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/03/28 2:46 a.m.22 views

CVE-2016-9130

Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted non-admin account. The website name wasn't properly escaped when displayed in the campaign-zone.php script...

5.7AI score0.00873EPSS
Exploits0References2
CVE
CVE
added 2017/03/28 2:46 a.m.46 views

CVE-2016-9126

Affected software: Revive Adserver prior to 3.2.3. Issue: persistent XSS in the audit trail widget on login due to inadequate escaping of usernames; an authenticated user who can create other users could leverage this to access the administrator account. Impact (per sources): CVSS metrics show ba...

5.4CVSS5.4AI score0.01446EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2017/03/28 2:46 a.m.48 views

CVE-2016-9130

CVE-2016-9130 concerns Revive Adserver prior to 3.2.3, which is vulnerable to a Persistent XSS via the user interface due to improper escaping of the website name in campaign-zone.php. The underlying issue is a failure to escape displayed data, allowing a trusted (non-admin) attacker to inject sc...

5.4CVSS5.5AI score0.00873EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/03/28 2:46 a.m.21 views

CVE-2016-9126

Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An authenticated user with enough privileges to create other users could exploit the vulnerability to...

5.6AI score0.01446EPSS
Exploits0References3
CVE
CVE
added 2017/03/28 2:46 a.m.39 views

CVE-2016-9454

CVE-2016-9454 affects Revive Adserver prior to version 3.2.3, where the banner image URL for external banners could be improperly escaped in most banner-related pages, enabling a persistent XSS via the Revive Adserver user interface. The vulnerability requires a trusted, non-admin account and is ...

5.4CVSS5.6AI score0.01102EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder