Lucene search
K

102 matches found

Cvelist
Cvelist
added 2024/05/13 11:26 a.m.22 views

CVE-2024-4822 Cross-site Scripting in School ERP Pro+Responsive by AROX SOLUTION

Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the username and password parameters in '/index.php'. This vulnerability allows an attacker to partially take control of the victim's browser session...

6.5CVSS6.5AI score0.00439EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/13 11:26 a.m.17 views

CVE-2024-4822 Cross-site Scripting in School ERP Pro+Responsive by AROX SOLUTION

Vulnerability in School ERP Pro+Responsive 1.0 that allows XSS via the username and password parameters in '/index.php'. This vulnerability allows an attacker to partially take control of the victim's browser session...

6.5CVSS6.1AI score0.00439EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/13 12:0 a.m.4 views

PT-2024-25758 · Sourcecodester · Sourcecodester Computer Laboratory Management System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Laboratory Management System version 1.0 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Information parameter. This enables...

6.1CVSS5.9AI score0.00472EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/04/15 12:0 a.m.4 views

PT-2024-24176 · Unknown · Cosmetics/Beauty Product Online Store

Name of the Vulnerable Software and Affected Versions: Cosmetics and Beauty Product Online Store version 1.0 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter. This enables attackers ...

9.6CVSS6AI score0.00765EPSS
Exploits1References6
Prion
Prion
added 2024/03/01 12:15 p.m.13 views

Cross site scripting

A Cross-Site Scripting XSS vulnerability has been found in HelpDeskZ affecting version 2.0.2 and earlier. This vulnerability could allow an attacker to send a specially crafted JavaScript payload within the email field and partially take control of an authenticated user's browser session...

4.9CVSS5.9AI score0.00292EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/01 11:23 a.m.12 views

CVE-2024-2078 Cross-Site Scripting vulnerability in HelpDeskZ

A Cross-Site Scripting XSS vulnerability has been found in HelpDeskZ affecting version 2.0.2 and earlier. This vulnerability could allow an attacker to send a specially crafted JavaScript payload within the email field and partially take control of an authenticated user's browser session...

4.6CVSS5.7AI score0.00292EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/12/13 12:30 p.m.7 views

Alkacon OpenCMS XSS via Mercury template

Cross-site scripting XSS vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session...

6.1CVSS6.3AI score0.01767EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/12/13 10:15 a.m.13 views

CVE-2023-6719

An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a specially crafted JavaScript payload to a user, and thus gain full control of their session...

6.3CVSS0.0041EPSS
Exploits0References1
Prion
Prion
added 2023/12/13 10:15 a.m.14 views

Cross site scripting

An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a specially crafted JavaScript payload to a user, and thus gain full control of their session...

5.8CVSS6.4AI score0.0041EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/12/13 10:15 a.m.2 views

PYSEC-2023-294

An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a specially crafted JavaScript payload to a user, and thus gain full control of their session...

6.1CVSS5.8AI score
Exploits0References1
CVE
CVE
added 2023/12/13 9:16 a.m.31 views

CVE-2023-6719

Repox has an XSS vulnerability tracked as CVE-2023-6719. Multiple connected sources describe an issue where a malicious actor can craft and deliver JavaScript payloads to a user, enabling an attacker to compromise interactions with the vulnerable application and potentially gain control of the us...

6.3CVSS6.1AI score0.0041EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/13 9:16 a.m.26 views

CVE-2023-6719 Cross-site Scripting in Repox

An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a specially crafted JavaScript payload to a user, and thus gain full control of their session...

6.3CVSS6.3AI score0.0041EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/11/15 1:57 a.m.1 views

SUSE CVE-2023-46446

An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."...

6.8CVSS9.2AI score0.00867EPSS
Exploits0References3
OSV
OSV
added 2023/11/09 6:35 p.m.4 views

GHSA-C35Q-FFPF-5QPM AsyncSSH Rogue Session Attack

Summary An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation. Details The rogue session attack targets any SSH client connecting to an AsyncSSH server, on which the attacker must have a shell...

8.1CVSS5.8AI score0.00867EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2023/11/09 12:0 a.m.6 views

PT-2023-9801 · Asyncssh +3 · Asyncssh +3

Name of the Vulnerable Software and Affected Versions: AsyncSSH versions 2.14.0 and earlier Description: The issue in AsyncSSH allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, also known as a "Rogue Session Attack." This can lea...

7.1CVSS7AI score0.93305EPSS
Exploits4References51
Positive Technologies
Positive Technologies
added 2023/11/07 12:0 a.m.2 views

PT-2023-30473 · WordPress · Wpsolutions-Hq Wpdbspringclean

Name of the Vulnerable Software and Affected Versions: WPSolutions-HQ WPDBSpringClean plugin versions 1.6 and earlier Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website,...

6.1CVSS6.3AI score0.00412EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/10/24 12:0 a.m.4 views

PT-2023-29823 · Emmanuel Georjon · Eg-Attachments

Name of the Vulnerable Software and Affected Versions: Emmanuel GEORJON EG-Attachments plugin versions = 2.1.3 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them ...

7.1CVSS6.3AI score0.00437EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/09/27 12:0 a.m.4 views

PT-2023-28025 · WordPress · Beplus Sermon'E – Sermons Online

Name of the Vulnerable Software and Affected Versions: Beplus Sermon'e – Sermons Online plugin version 1.0.0 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to...

7.1CVSS6.3AI score0.00351EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/08/18 12:0 a.m.4 views

PT-2023-23616 · Fahad Mahmood · Fahad Mahmood Wp Docs

Name of the Vulnerable Software and Affected Versions: Fahad Mahmood WP Docs plugin versions prior to 1.9.9 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowi...

7.1CVSS6.3AI score0.00379EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/05/10 12:0 a.m.3 views

PT-2023-21142 · WordPress · Maui Marketing Update Image Tag Alt Attribute

Name of the Vulnerable Software and Affected Versions: Maui Marketing Update Image Tag Alt Attribute plugin versions = 2.4.5 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website,...

7.1CVSS6.3AI score0.00382EPSS
Exploits0References3
Rows per page
Query Builder