Lucene search
K

361 matches found

NVD
NVD
added 2018/04/24 12:29 p.m.25 views

CVE-2018-5228

The /browse/raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the handling of response headers...

6.1CVSS6AI score0.01212EPSS
Exploits0References3
Prion
Prion
added 2018/04/24 12:29 p.m.24 views

Cross site scripting

The /browse/raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the handling of response headers...

4.3CVSS5.9AI score0.01212EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2018/04/24 12:0 p.m.25 views

CVE-2018-5228

The /browse/raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the handling of response headers...

6AI score0.01212EPSS
Exploits0References3
Atlassian
Atlassian
added 2018/04/23 3:35 a.m.32 views

XSS through header injection in the /browse/~raw resource - CVE-2018-5228

The /browse/raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the handling of response headers...

6.1CVSS4.4AI score0.01212EPSS
Exploits0
Atlassian
Atlassian
added 2018/04/23 3:35 a.m.576 views

XSS through header injection in the /browse/~raw resource - CVE-2018-5228

The /browse/raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the handling of response headers...

6.1CVSS4.4AI score0.01212EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2018/03/22 5:48 a.m.548 views

XSS through header injection in the /browse/~raw resource - CVE-2018-5228

The /browse/raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the handling of response headers...

6.1CVSS4.4AI score0.01212EPSS
Exploits0Affected Software1
OSV
OSV
added 2018/01/24 10:29 p.m.36 views

CVE-2018-1000007

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is...

9.8CVSS9.7AI score0.08031EPSS
Exploits0References14
Kitploit
Kitploit
added 2017/08/24 9:59 p.m.43 views

Knockpy - Enumerate Subdomain Scanner

Knockpy is a python tool designed to enumerate subdomains on a target domain through a wordlist. It is designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Now knockpy supports queries to VirusTotal subdomains, you can setting the...

7.2AI score
Exploits0References2
OSV
OSV
added 2017/06/12 4:29 p.m.12 views

CVE-2017-7667

Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin...

7.5CVSS6.8AI score0.01431EPSS
Exploits0References2
Veracode
Veracode
added 2017/06/12 2:31 a.m.19 views

Cross-site Scripting (XSS)

nifi-jetty is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary JavaScript because the library does have the sufficient response headers to only allow framing from the same origin...

7.5CVSS6.1AI score0.01431EPSS
Exploits0References2Affected Software2
CNVD
CNVD
added 2017/05/18 12:0 a.m.4 views

McAfee Network Data Loss Prevention Information Disclosure Vulnerability (CNVD-2017-07548)

McAfee Network Data Loss Prevention is a data leakage protection solution. McAfee Network Data Loss Prevention NDLP has a Web server information leakage vulnerability in the server implementation, which can be exploited by remote attackers to exploit other vulnerabilities via the HTTP response...

5.3CVSS6.9AI score0.01049EPSS
Exploits0References1
Hacker One
Hacker One
added 2017/04/26 9:57 a.m.25 views

Weblate: HttpOnly Flag not set

A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this application then the cookie will be accessible and can be transmitted to another site. HTTP/1.1 200 OK Server: nginx Date: Wed, 26 Apr 2017 08:27:17...

0.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/03/31 12:0 a.m.9 views

Backup Directory

A common practice when administering web applications is to create a copy/backup of a particular directory prior to making any modification. Another common practice is to add an extension or change the name of the original directory to signify that it is a backup examples include .bak, .orig,...

7.2AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/03/31 12:0 a.m.20 views

Common Files Detection

Scanner has detected common sensitive files on the remote web server. Web applications are often made up of multiple files and directories. It is possible that over time some files may become unreferenced unused by the web application and forgotten about by the administrator or developer. Because...

7.2AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2017/03/31 12:0 a.m.9 views

Backup File

A common practice when administering web applications is to create a copy/backup of a particular file or directory prior to making any modification to the file. Another common practice is to add an extension or change the name of the original file to signify that it is a backup examples include...

7.2AI score
Exploits0References2
Hacker One
Hacker One
added 2016/09/14 11:26 p.m.54 views

Shopify: Stored XSS in https://productreviews.shopifyapps.com/proxy/v4/reviews/product

Hi , I have found a stored XSS issue in https://productreviews.shopifyapps.com Details: Going to https://productreviews.shopifyapps.com/proxy/v4/reviews/product?productid=8254331011&version=v4&shop=zh5403-attacker.myshopify.com&=cache&callback=test will show you the details of a product with the ...

5.9AI score
Exploits0
CNVD
CNVD
added 2016/09/13 12:0 a.m.34 views

Red Hat JBoss Enterprise Application Platform HTTP Header Injection Vulnerability

Red Hat JBoss Enterprise Application Platform EAP is the United States Red Hat Red Hat company's set of open source, J2EE-based middleware platform. The platform is mainly used to build, deploy and host Java applications and services. An HTTP header injection vulnerability exists in Red Hat JBoss...

6.1CVSS7.4AI score0.0256EPSS
Exploits0References1
appercut
appercut
added 2016/08/15 12:0 a.m.564 views

Silver Stripe CMS: source code security analysis report

Several vulnerabilities were discovered in SilverStripe Limited 'Silver Stripe CMS' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Incorrect Newlin...

1.9AI score
Exploits0References1Affected Software1
appercut
appercut
added 2016/07/11 12:0 a.m.683 views

Moodle: source code security analysis report

Several vulnerabilities were discovered in Moodle 'Moodle' software: File System Path Manipulation Incorrect User Input Filtration when Using the unserialize Function Incorrect Newline Symbol Filtration in HTTP-response Headers Using Insufficiently Random Generators in Cryptography HttpOnly Cooki...

0.5AI score
Exploits0References1Affected Software1
appercut
appercut
added 2016/06/16 12:0 a.m.541 views

WooCommerce plugin for WordPress: source code security analysis report

Several vulnerabilities were discovered in WooThemes 'WooCommerce plugin for WordPress' software: File System Path Manipulation Using Global Variables Incorrect Newline Symbol Filtration in HTTP-response Headers Hardcoded Credentials...

1.6AI score
Exploits0References1Affected Software1
Rows per page
Query Builder