Lucene search
K

102 matches found

Positive Technologies
Positive Technologies
added 2023/05/04 12:0 a.m.5 views

PT-2023-22538 · Total.Js · Total.Js

Name of the Vulnerable Software and Affected Versions: TotalJS messenger version b6cf1c9 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field. This enables attackers to...

5.4CVSS5.5AI score0.00667EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/03/23 12:0 a.m.3 views

PT-2023-15191 · Blockonomics · Blockonomics Wordpress Bitcoin Payments

Name of the Vulnerable Software and Affected Versions: Blockonomics WordPress Bitcoin Payments – Blockonomics plugin versions = 3.5.7 Description: The issue is a Reflected Cross-Site Scripting XSS vulnerability. This means an attacker can inject malicious scripts into a website, potentially...

7.1CVSS6AI score0.0046EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/03/20 12:0 a.m.3 views

PT-2023-15415 · Unknown · Mickael Austoni Map Multi Marker

Name of the Vulnerable Software and Affected Versions: Mickael Austoni Map Multi Marker plugin versions = 3.2.1 Description: The issue is a Reflected Cross-Site Scripting XSS vulnerability. This means an attacker can inject malicious scripts into a website, potentially allowing them to steal user...

7.1CVSS6.1AI score0.00406EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/12/04 12:0 a.m.4 views

PT-2022-25644 · WordPress · 2Kb Amazon Affiliates Store Plugin

Name of the Vulnerable Software and Affected Versions: 2kb Amazon Affiliates Store plugin versions =2.1.5 Description: The issue is a Reflected Cross-Site Scripting XSS vulnerability. This means an attacker can inject malicious scripts into a website, potentially stealing user data or taking...

6.1CVSS6AI score0.00392EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/11/10 4:2 p.m.22 views

Read the Docs vulnerable to Cross-Site Scripting (XSS)

Impact This vulnerability allowed a malicious user to serve arbitrary HTML files from the main application domain readthedocs.org/readthedocs.com by exploiting a vulnerability in the code that serves downloadable content from a project. Exploiting this would have required the attacker to get a...

0.3AI score
Exploits0References3Affected Software1
NVD
NVD
added 2022/10/17 2:15 p.m.25 views

CVE-2022-41542

devhub 0.102.0 was discovered to contain a broken session control...

5.4CVSS0.00613EPSS
Exploits0References4
OSV
OSV
added 2022/10/17 2:15 p.m.20 views

CVE-2022-41542

devhub 0.102.0 was discovered to contain a broken session control...

5.4CVSS7.3AI score0.00613EPSS
Exploits0References4
Prion
Prion
added 2022/10/17 2:15 p.m.22 views

Design/Logic Flaw

devhub 0.102.0 was discovered to contain a broken session control...

5.5CVSS5.6AI score0.00613EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/17 12:0 a.m.5 views

CVE-2022-41542

devhub 0.102.0 was discovered to contain a broken session control...

7.5AI score0.00613EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/10/17 12:0 a.m.28 views

CVE-2022-41542

devhub 0.102.0 was discovered to contain a broken session control...

5.8AI score0.00613EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/10/17 12:0 a.m.3 views

DevHub 代码问题漏洞

DevHub is a GitHub notification and activity on the desktop from DevHub, Inc. A security vulnerability exists in DevHub version 0.102.0 that stems from a corrupt session control...

5.4CVSS5.7AI score0.00613EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/10/17 12:0 a.m.6 views

PT-2022-25927 · Devhub · Devhub

Name of the Vulnerable Software and Affected Versions: devhub version 0.102.0 Description: The issue is related to broken session control in the software. Recommendations: For devhub version 0.102.0, at the moment, there is no information about a newer version that contains a fix for this...

5.4CVSS5.2AI score0.00613EPSS
Exploits0References9
CVE
CVE
added 2022/10/17 12:0 a.m.57 views

CVE-2022-41542

CVE-2022-41542 affects devhub, specifically version 0.102.0, due to a broken session control. The CVE entry lists a Network attack vector with low privileges required and no user interaction, and a base score of 5.4 (Medium). Public references confirm the issue is tied to devhub 0.102.0 and descr...

5.4CVSS5.5AI score0.00613EPSS
Exploits0References4Affected Software1
FreeBSD
FreeBSD
added 2022/04/19 12:0 a.m.21 views

rainloop -- cross-site-scripting (XSS) vulnerability

Simon Scannell reports: The code vulnerability can be easily exploited by an attacker by sending a malicious email to a victim that uses RainLoop as a mail client. When the email is viewed by the victim, the attacker gains full control over the session of the victim and can steal any of their...

5.4CVSS0.9AI score0.01015EPSS
Exploits1References2
CNVD
CNVD
added 2021/06/18 12:0 a.m.7 views

TrendNet TW100-S4W1CA Cross-Site Request Forgery Vulnerability

The TrendNet TW100-S4W1CA is a four-port broadband router. A cross-site request forgery vulnerability exists in the TrendNet TW100-S4W1CA version 2.3.32. The vulnerability stems from a lack of proper session control. An attacker could exploit the vulnerability to make unauthorized changes to the...

8.8CVSS6.6AI score0.00379EPSS
Exploits0References1
Prion
Prion
added 2021/06/17 10:15 p.m.12 views

Design/Logic Flaw

In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page. If an authenticated user were to interact with a malicious web page it could allow for a complete takeover of the route...

6.8CVSS8.4AI score0.00379EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/06/17 9:49 p.m.68 views

CVE-2021-32424

The CVE-2021-32424 entry concerns TrendNet TW100-S4W1CA router, version 2.3.32. The vulnerability is a CSRF-style flaw arising from insufficient session controls, allowing an attacker to induce unauthorized router changes through a specially crafted web page. If an authenticated user visits a mal...

8.8CVSS8.3AI score0.00379EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/06/17 12:0 a.m.2 views

TrendNet TW100-S4W1CA 跨站请求伪造漏洞

The TrendNet TW100-S4W1CA is a four-port broadband router. A cross-site request forgery vulnerability exists in the TrendNet TW100-S4W1CA version 2.3.32. The vulnerability stems from a lack of proper session control. An attacker could exploit the vulnerability to make unauthorized changes to the...

8.8CVSS5.5AI score0.00379EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2021/03/17 1:4 p.m.42 views

CVE-2019-3867

A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user's container repository. Mitigation Toggle FEATUREPERMANENTSESSIONS to False in quay.conf...

4.4CVSS2.2AI score0.00295EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2020/07/13 12:0 a.m.232 views

User Registration And Login And User Management System 2.1 SQL Injection

Exploit Title: User Registration & Login and User Management System With admin panel - Authentication Bypass Date: 2020-07-04 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...

7.4AI score
Exploits0
Rows per page
Query Builder