Lucene search
K

2304 matches found

CNVD
CNVD
added 2020/06/02 12:0 a.m.3 views

Atlassian Fisheye and Crucible Cross-Site Scripting Vulnerabilities (CNVD-2020-31427)

Atlassian Fisheye and Crucible are both products of the Australian company Atlassian, Atlassian Fisheye is a suite of in-depth viewers of source code and Crucible is a suite of code review tools. A cross-site scripting vulnerability exists in Atlassian Fisheye and Crucible versions prior to 4.8.2...

5.4CVSS6.3AI score0.00772EPSS
Exploits0References1
CNVD
CNVD
added 2020/06/02 12:0 a.m.5 views

Atlassian Fisheye and Crucible Cross-Site Scripting Vulnerabilities (CNVD-2020-31421)

Atlassian Fisheye and Crucible are both products of the Australian company Atlassian, Atlassian Fisheye is a suite of in-depth viewers of source code and Crucible is a suite of code review tools. A cross-site scripting vulnerability exists in Atlassian Fisheye and Crucible versions prior to 4.8.1...

5.4CVSS6.4AI score0.00628EPSS
Exploits0References1
CNVD
CNVD
added 2020/05/08 12:0 a.m.3 views

Tecnick.com TCExam Cross-Site Scripting Vulnerability (CNVD-2020-32375)

Tecnick.com TCExam is a Web-based open source e-exam system from Tecnick.com, UK. The system is mainly used for online exams and more. A cross-site scripting vulnerability exists in Tecnick.com TCExam version 14.2.2, which can be exploited by remote attackers to inject malicious JavaScript code b...

5.4CVSS6.4AI score0.00666EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/04/09 1:10 p.m.12 views

CVE-2020-10603

WebAccess/NMS versions prior to 3.0.2 does not properly sanitize user input and may allow an attacker to inject system commands remotely...

8.8AI score0.01221EPSS
Exploits0References1
OSV
OSV
added 2020/03/25 2:15 a.m.3 views

CVE-2020-5552

Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS5.9AI score0.00773EPSS
Exploits0References1
Prion
Prion
added 2020/02/20 6:15 p.m.19 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the 1 link, 2 logo.link, or 3 aboutlink parameter, or a nested URI scheme name for 4 javascript, 5 asfunction, or 6 vbscript...

4.3CVSS6.1AI score0.02579EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2020/01/30 9:15 p.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ViewGit before 0.0.7 allow remote repository users to inject arbitrary web script or HTML via a 1 tag name to the Shortlog table in templates/shortlog.php or branch name to the 2 Shortlog table in templates/shortlog.php or 3 Heads table in...

4.3CVSS5.9AI score0.03955EPSS
Exploits6References4Affected Software1
CNVD
CNVD
added 2020/01/10 12:0 a.m.2 views

Electronic Logbook (ELOG) Cross-Site Scripting Vulnerability (CNVD-2020-14077)

ELOG is a web application written in C by Stefan Ritt that can be used to create personal and frequently used logs. A cross-site scripting vulnerability exists in Electronic Logbook ELOG 3.1.4. A remote attacker can exploit this vulnerability by injecting arbitrary web script or HTML into elogd.c...

6.1CVSS6AI score0.00785EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/01/10 12:0 a.m.5 views

PT-2020-7693 · Unknown · Déjà Vu Crescendo Sales Crm

Name of the Vulnerable Software and Affected Versions: Déjà Vu Crescendo Sales CRM affected versions not specified Description: The issue is related to a remote SQL Injection. No further details are provided about the estimated number of potentially affected devices or real-world incidents...

9.8CVSS9.4AI score0.03015EPSS
Exploits3References4
CNVD
CNVD
added 2019/12/30 12:0 a.m.4 views

Atlassian Fisheye and Crucible Cross-Site Scripting Vulnerabilities (CNVD-2020-04071)

Atlassian Fisheye and Crucible are both products of the Australian company Atlassian, Atlassian Fisheye is a suite of in-depth viewers of source code and Crucible is a suite of code review tools. A cross-site scripting vulnerability exists in the review resources in Atlassian Fisheye and Crucible...

4.8CVSS6.3AI score0.00596EPSS
Exploits0References1
OSV
OSV
added 2019/12/26 4:15 p.m.3 views

CVE-2019-6029

Cross-site scripting vulnerability in Custom Body Class 0.6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS6.5AI score0.00937EPSS
Exploits0References2
OSV
OSV
added 2019/12/26 4:15 p.m.5 views

CVE-2019-6031

Cross-site scripting vulnerability in KINZA for Windows version 5.9.2 and earlier and for Mac version 5.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via RSS reader...

6.1CVSS6.5AI score0.00781EPSS
Exploits0References2
CNVD
CNVD
added 2019/12/21 12:0 a.m.3 views

IBM Cognos Analytics Cross-Site Scripting Vulnerability (NVD-C-2019-212010)

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A cross-site scripting...

5.4CVSS6.4AI score0.00772EPSS
Exploits0References1
OSV
OSV
added 2019/12/17 5:15 a.m.17 views

CVE-2019-19830

core/plugins/medias in SPIP 3.2.x before 3.2.7 allows remote authenticated authors to inject content into the database...

6.5CVSS6.2AI score
Exploits0References5
NVD
NVD
added 2019/11/29 12:15 a.m.12 views

CVE-2019-19387

A cross-site scripting XSS vulnerability in app/fifolist/fifointeractive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter...

6.1CVSS6AI score0.00866EPSS
Exploits1References2
CNVD
CNVD
added 2019/11/29 12:0 a.m.1 views

FusionPBX Cross-Site Scripting Vulnerability (CNVD-2019-43412)

FusionPBX is an open source enterprise IPPBX interface management system based on FreeSWITHC. A cross-site scripting vulnerability exists in app/fax/faxlogview.php in FusionPBX 4.4.1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via the faxuuid parameter...

6.1CVSS6AI score0.00866EPSS
Exploits1References1
OSV
OSV
added 2019/11/21 8:15 p.m.1 views

DEBIAN-CVE-2015-2793

Cross-site scripting XSS vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openididentifier parameter in a verify action to ikiwiki.cgi...

6.1CVSS6.3AI score0.01688EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2019/11/05 10:11 a.m.54 views

Hackers Can Silently Control Your Google Home, Alexa, Siri With Laser Light

A team of cybersecurity researchers has discovered a clever technique to remotely inject inaudible and invisible commands into voice-controlled devices — all just by shining a laser at the targeted device instead of using spoken words. Dubbed 'Light Commands,' the hack relies on a vulnerability i...

7.3AI score
Exploits0
Prion
Prion
added 2019/10/31 8:15 p.m.23 views

Cross site scripting

A cross-site scripting XSS vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version...

4.3CVSS5.6AI score0.02348EPSS
Exploits0References7Affected Software2
Veracode
Veracode
added 2019/10/21 6:5 a.m.23 views

Cross-Site Scripting (XSS)

hexo-admin is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the post-editor. Successful exploitation can result in the theft of session cookies or execution of unauthorized actions on behalf of the user...

6.1CVSS4.5AI score0.01035EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder