Lucene search
K

299 matches found

CVE
CVE
added 2018/11/20 9:0 a.m.52 views

CVE-2018-19367

Portainer

9.8CVSS9.4AI score0.01469EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2018/09/04 12:0 a.m.6 views

Portainer Cross-Site Scripting Vulnerability

Portainer is a lightweight user management interface for managing Docker environments and Docker hosts. A cross-site scripting vulnerability exists in Portainer 1.19.1 and earlier versions, which can be exploited by remote attackers to inject arbitrary JavaScript code and or HTML with the help of...

5.4CVSS5.3AI score0.00794EPSS
Exploits0References1
Veracode
Veracode
added 2018/09/03 5:35 a.m.17 views

Cross-site Scripting (XSS)

github.com/portainer/portainer is vulnerable to cross-site scripting XSS attacks. The library does not use HTTP Secure Headers, allowing a malicious user to inject and execute arbitrary Javascript through the Team Name field...

5.4CVSS5.5AI score0.00794EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/09/01 6:29 p.m.18 views

Cross site scripting

A stored Cross-site scripting XSS vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field...

3.5CVSS5AI score0.00794EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/09/01 6:29 p.m.16 views

CVE-2018-16316

A stored Cross-site scripting XSS vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field...

5.4CVSS5.1AI score0.00794EPSS
Exploits0References1
OSV
OSV
added 2018/09/01 6:29 p.m.8 views

CVE-2018-16316

A stored Cross-site scripting XSS vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field...

5.4CVSS5.2AI score
Exploits0References1
CVE
CVE
added 2018/09/01 6:0 p.m.43 views

CVE-2018-16316

CVE-2018-16316 describes a stored XSS in Portainer up to version 1.19.1, exploitable by remote authenticated users via the Team Name field. The issue stems from unvalidated input stored and rendered in teams management; real-world impact is arbitrary JavaScript/HTML execution for affected users. ...

5.4CVSS5AI score0.00794EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/09/01 6:0 p.m.23 views

CVE-2018-16316

A stored Cross-site scripting XSS vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field...

5.1AI score0.00794EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/08/06 12:0 a.m.51 views

Portainer UI No Authentication Vulnerability (HTTP)

The script checks if the Portainer Dashboard UI has no authentication enabled at the remote web server. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

7.7AI score
Exploits0References1
OpenVAS
OpenVAS
added 2018/08/06 12:0 a.m.125 views

Portainer UI No Administrator Vulnerability

Portainer is prone to an information disclosure and authentication bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

9.8CVSS9.4AI score0.01469EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2018/07/31 12:0 a.m.23 views

Portainer UI Detection (HTTP)

HTTP based detection of Portainer Dashboard/Web UI. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.4AI score
Exploits0References2
Veracode
Veracode
added 2018/06/25 3:56 a.m.10 views

Sever Side Request Forgery (SSRF) Via Unauthorised Access To Docker API

github.com/portainer/portainer is vulnerable to unauthorized access to docker API. The access is granted as the application does not validate the endpoint access requests, allowing unauthorized users to access internal Docker API, consequently allowing an attacker to leverage sever side request...

6.7AI score
Exploits0
CNVD
CNVD
added 2018/06/25 12:0 a.m.3 views

Portainer Access Restriction Bypass and Server-Side Request Forgery Vulnerabilities

Portainer is a lightweight user management interface for managing Docker environments and Docker hosts. A security vulnerability exists in Portainer versions prior to 1.18.0 that stems from the program's support for requests with unvalidated id query parameters. A remote attacker could use this...

9.8CVSS9.5AI score0.02308EPSS
Exploits0References1
Prion
Prion
added 2018/06/22 6:29 p.m.21 views

Server side request forgery (ssrf)

Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks...

7.5CVSS9.5AI score0.02308EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/06/22 6:29 p.m.24 views

CVE-2018-12678

Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks...

9.8CVSS9.6AI score0.02308EPSS
Exploits0References2
OSV
OSV
added 2018/06/22 6:29 p.m.14 views

CVE-2018-12678

Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks...

9.8CVSS9.8AI score
Exploits0References2
Cvelist
Cvelist
added 2018/06/22 6:0 p.m.23 views

CVE-2018-12678

Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks...

9.6AI score0.02308EPSS
Exploits0References2
CVE
CVE
added 2018/06/22 6:0 p.m.50 views

CVE-2018-12678

Portainer prior to 1.18.0 is vulnerable: an unauthenticated request to the websocket /websocket/exec endpoint with an unvalidated id parameter can bypass access restrictions and enable server-side request forgery (SSRF). Public Red Hat/CNVD/OSV/etc. entries corroborate the vulnerability; remediat...

9.8CVSS9.5AI score0.02308EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2018/06/15 2:58 p.m.26 views

Uber: [data-07.uberinternal.com] SSRF in Portainer app lead to access to Internal Docker API without Auth

Vulnerability description not provided...

7.1AI score
Exploits0
Rows per page
Query Builder