Lucene search
+L

47 matches found

OSV
OSV
added 2024/04/17 9:15 p.m.4 views

CVE-2024-32345

A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language section...

7.2CVSS5.9AI score0.00456EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/04/17 12:0 a.m.13 views

CVE-2024-32344

A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section...

5.8AI score0.00528EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/04/17 12:0 a.m.5 views

CMSimple 安全漏洞

CMSimple is a free content management system. A security vulnerability exists in CMSimple v5.15, which stems from a cross-site scripting XSS vulnerability in the Settings menu. An attacker can exploit this vulnerability to execute arbitrary web script or HTML code by injecting a payload into the...

6.8CVSS5.8AI score0.00528EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/04/17 12:0 a.m.7 views

PT-2024-24523 · Cmsimple · Cmsimple

Name of the Vulnerable Software and Affected Versions: CMSimple version 5.15 Description: A cross-site scripting XSS vulnerability in the Settings menu allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section...

6.8CVSS6AI score0.00528EPSS
Exploits1References7
CNNVD
CNNVD
added 2024/04/17 12:0 a.m.6 views

CMSimple 安全漏洞

CMSimple is a free content management system. A security vulnerability exists in CMSimple v5.15, which stems from a cross-site scripting XSS vulnerability in the Settings menu. An attacker can exploit this vulnerability to execute arbitrary web script or HTML code by injecting a payload into the...

7.2CVSS5.8AI score0.00456EPSS
Exploits1References2
CVE
CVE
added 2024/04/17 12:0 a.m.54 views

CVE-2024-32344

CMSimple v5.15 is affected by an XSS in the Settings menu, via crafted input in the Language section Edit parameter. The vulnerability arises from insufficient filtering/escaping of user-supplied data in that parameter, enabling arbitrary script/HTML execution. In-the-wild details are not provide...

6.8CVSS5.8AI score0.00528EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/17 12:0 a.m.6 views

PT-2024-24524 · Cmsimple · Cmsimple

Name of the Vulnerable Software and Affected Versions: CMSimple version 5.15 Description: A cross-site scripting XSS vulnerability in the Settings menu allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language...

7.2CVSS6AI score0.00456EPSS
Exploits1References7
CNNVD
CNNVD
added 2024/04/17 12:0 a.m.4 views

WonderCMS 安全漏洞

WonderCMS is an open source PHP-based content management system CMS. A cross-site scripting vulnerability exists in WonderCMS v3.4.3, which stems from the lack of effective filtering and escaping of user-supplied data in the MENU parameter of the Settings section, and can be exploited by an...

4.6CVSS6.2AI score0.00454EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/17 12:0 a.m.15 views

CVE-2024-32345

A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Configuration parameter under the Language section...

5.8AI score0.00456EPSS
Exploits1References1
CVE
CVE
added 2024/04/17 12:0 a.m.64 views

CVE-2024-32345

CMSimple v5.15 is affected by a cross-site scripting (XSS) vulnerability in the Settings menu, specifically via the Configuration parameter under Language. The underlying issue is insufficient filtering/escaping of user-supplied data in that parameter, enabling attackers to inject arbitrary web s...

7.2CVSS5.8AI score0.00456EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2023/10/20 10:15 p.m.32 views

CVE-2023-43356

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component...

5.4CVSS5.6AI score0.00461EPSS
Exploits1References1
OSV
OSV
added 2023/10/20 10:15 p.m.7 views

CVE-2023-43356

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component...

5.4CVSS6.1AI score0.00461EPSS
Exploits1References1
Prion
Prion
added 2023/10/20 10:15 p.m.23 views

Cross site scripting

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component...

4.9CVSS5.6AI score0.00461EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/20 12:0 a.m.8 views

PT-2023-28801 · Unknown · Cms Made Simple

Name of the Vulnerable Software and Affected Versions: CMSmadesimple version 2.2.18 Description: A Cross Site Scripting issue allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component. This enables the attacker t...

5.4CVSS5.6AI score0.00461EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/10/20 12:0 a.m.32 views

CVE-2023-43356

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component...

6.4AI score0.00461EPSS
Exploits1References1
Kaspersky
Kaspersky
added 2023/10/20 12:0 a.m.30 views

KLA61540 OSI vulnerability in Microsoft Browser

An information disclosure vulnerability was found in Microsoft Browser. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2023-36409 Related products Microsoft-Edge CVE list CVE-2023-36409 high KB list Solution Install necessary updates from t...

6.5CVSS6.4AI score0.00906EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2022/09/28 10:15 p.m.43 views

CVE-2022-39264

nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply th...

8.6CVSS6.8AI score0.00641EPSS
Exploits0References4
Prion
Prion
added 2022/09/28 10:15 p.m.23 views

Cross site request forgery (csrf)

nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply th...

2.6CVSS5.5AI score0.00641EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2022/09/28 12:0 a.m.18 views

CVE-2022-39264 nheko vulnerable to secret poisoning using MITM on secret requests by the homeserver

nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply th...

8.6CVSS7AI score0.00641EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2022/09/28 12:0 a.m.72 views

CVE-2022-39264

nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply th...

8.6CVSS6AI score0.00641EPSS
Exploits0
Rows per page
Query Builder