Lucene search
K

61 matches found

nvd
nvd
added 2024/05/14 3:42 p.m.14 views

CVE-2024-3792

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/DeviceReplication, execution range field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session dat...

4.8CVSS5AI score0.0047EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/04/15 2:14 p.m.10 views

CVE-2024-3795 Cross-site Scripting vulnerability in WBSAirback

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/BackupTemplate, name / description fields. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...

4.8CVSS5.8AI score0.0038EPSS
Exploits0References1
cvelist
cvelist
added 2024/04/15 2:13 p.m.15 views

CVE-2024-3794 Cross-site Scripting vulnerability in WBSAirback

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/AdvancedSystem, description field, all parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...

4.8CVSS5.1AI score0.0038EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/04/15 2:13 p.m.15 views

CVE-2024-3791 Cross-site Scripting vulnerability in WBSAirback

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/SystemConfiguration, name / free memory limit fields , type / password parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim an...

4.8CVSS6AI score0.0038EPSS
Exploits0References1
cvelist
cvelist
added 2024/04/15 2:13 p.m.12 views

CVE-2024-3791 Cross-site Scripting vulnerability in WBSAirback

Vulnerability in WBSAirback 21.02.04, which consists of a stored Cross-Site Scripting XSS through /admin/SystemConfiguration, name / free memory limit fields , type / password parameters. Exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim an...

4.8CVSS5.3AI score0.0038EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/04/15 12:0 a.m.5 views

PT-2024-27822 · Unknown · Wbsairback

Name of the Vulnerable Software and Affected Versions: WBSAirback version 21.02.04 Description: The issue is a stored Cross-Site Scripting XSS vulnerability. It occurs through the /admin/SystemConfiguration endpoint, specifically in the name and free memory limit fields, and the type and password...

4.8CVSS4.9AI score0.0038EPSS
Exploits0References4
osv
osv
added 2024/03/21 2:15 p.m.4 views

CVE-2024-29878

Cross-Site Scripting XSS vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/sitepreference/add, 'description' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...

6.1CVSS5.8AI score0.00489EPSS
Exploits0References1
cve
cve
added 2024/03/21 1:51 p.m.68 views

CVE-2024-29878

Vulnerability: CVE-2024-29878 affects Sentrifugo 3.2. The XSS is in the description parameter of /sentrifugo/index.php/sitepreference/add. An attacker can craft a URL to execute arbitrary script in the victim’s browser and steal session data. Root cause: insufficient input validation/escaping for...

7.1CVSS6.3AI score0.00489EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2024/03/21 1:50 p.m.11 views

CVE-2024-29877 Cross-Site Scripting (XSS) vulnerability in Sentrifugo

Cross-Site Scripting XSS vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/expenses/expensecategories/edit, 'expensecategoryname' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data...

7.1CVSS6.2AI score0.00502EPSS
Exploits0References1
hackerone
hackerone
added 2023/11/02 4:52 p.m.60 views

Node.js: HTTP Request Smuggling via Content Length Obfuscation

The team identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers could lead to HTTP request smuggling. Specifically, if a space was placed before a content-length header, it was not interpreted correctly, enabling attackers to smuggle in ...

6.5CVSS6.2AI score0.01155EPSS
Exploits0
osv
osv
added 2023/02/13 6:15 p.m.5 views

CVE-2023-23553

Control By Web X-400 devices are vulnerable to a cross-site scripting attack, which could result in private and session information being transferred to the attacker...

6.1CVSS5.7AI score0.00392EPSS
Exploits0References1
attackerkb
attackerkb
added 2022/07/12 9:15 p.m.2 views

CVE-2022-35227

A vulnerability in SAP NW EP WPC - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site XSS scripting attack. A successful exploit could allow the attacker to execute arbitrary script code which could lead to...

6.1CVSS6.1AI score0.00675EPSS
Exploits0References3Affected Software1
osv
osv
added 2022/07/12 9:15 p.m.3 views

CVE-2022-35227

A vulnerability in SAP NW EP WPC - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site XSS scripting attack. A successful exploit could allow the attacker to execute arbitrary script code which could lead to...

6.1CVSS6.1AI score0.00675EPSS
Exploits0References2
cnnvd
cnnvd
added 2021/06/08 12:0 a.m.6 views

SAP NetWeaver AS ABAP Business Server 跨站脚本漏洞

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A cross-site scripting vulnerability exists in SAP NetWeaver AS for ABAP, which can be exploited by an attacker ...

6.1CVSS5.3AI score0.00585EPSS
Exploits0References3
cnvd
cnvd
added 2020/10/21 12:0 a.m.5 views

SAP NetWeaver Application Server Java Cross-Site Scripting Vulnerability

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used to develop and run Java EE applications. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server Java versions 7.10,...

6.1CVSS6.1AI score0.00905EPSS
Exploits0References1
osv
osv
added 2020/10/15 2:15 a.m.4 views

CVE-2020-6319

SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. On successful exploitation an attacker can steal...

6.1CVSS6.6AI score0.00905EPSS
Exploits0References2
osv
osv
added 2020/09/09 1:15 p.m.7 views

CVE-2020-6283

SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting XSS vulnerability. With a successful attack, the attacker can steal...

6.1CVSS5.9AI score0.00675EPSS
Exploits0References2
osv
osv
added 2018/09/21 4:29 p.m.6 views

CVE-2018-14688

An issue was discovered in Subsonic 6.1.1. The radio settings are affected by three stored cross-site scripting vulnerabilities in the namex, streamUrlx, homepageUrlx parameters where x is an integer to internetRadioSettings.view that could be used to steal session information of a victim...

6.1CVSS5.7AI score
Exploits0References1
attackerkb
attackerkb
added 2017/11/15 3:29 a.m.7 views

CVE-2017-11879

ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability"...

8.8CVSS5.5AI score0.09398EPSS
Exploits0References4Affected Software1
openvas
openvas
added 2009/03/06 12:0 a.m.23 views

RedHat Update for thunderbird RHSA-2008:0105-01

Check for the Version of thunderbird OpenVAS Vulnerability Test RedHat Update for thunderbird RHSA-2008:0105-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

9.3CVSS0.1AI score0.08633EPSS
Exploits3References2
Rows per page
Query Builder