Lucene search
K

237 matches found

OSV
OSV
added 2019/10/24 6:15 p.m.2 views

DEBIAN-CVE-2019-12095

Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload...

8.8CVSS7.8AI score0.01115EPSS
Exploits6References1
NVD
NVD
added 2019/03/27 6:29 p.m.16 views

CVE-2018-19644

Reflected cross site script issue in Micro Focus Solutions Business Manager SBM formerly Serena Business Manager SBM versions prior to 11.5...

6.1CVSS5.3AI score0.00512EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/03/27 5:7 p.m.17 views

CVE-2018-19644 Solutions Business Manager (SBM) reflected cross site script issue in version prior to 11.5

Reflected cross site script issue in Micro Focus Solutions Business Manager SBM formerly Serena Business Manager SBM versions prior to 11.5...

5CVSS6.2AI score0.00512EPSS
Exploits0References1
CVE
CVE
added 2019/03/27 5:7 p.m.46 views

CVE-2018-19644

CVE-2018-19644 affects Micro Focus Solutions Business Manager (SBM, formerly Serena SBM) and SBM versions prior to 11.5. The connected documents describe a reflected cross-site scripting vulnerability that allows a remote attacker to inject arbitrary web script or HTML into SBM’s web context.

6.1CVSS5.9AI score0.00512EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2019/03/13 12:54 a.m.28 views

Cross-Site Script Inclusion (XSSI)

Jupyter notebook is vulnerable to cross-site script inclusion XSSI. When a user is logged into the Jupyter server and visits an unauthorized website, the web resources from a known URL could be included in a page of that unauthorized website, causing malicious code to be executed in the victim's...

5.4CVSS5.5AI score0.01636EPSS
Exploits0References3Affected Software1
exploitpack
exploitpack
added 2019/01/07 12:0 a.m.18 views

Embed Video Scripts - Persistent Cross-Site Scripting

Embed Video Scripts - Persistent Cross-Site Scripting Exploit Title: Embed Video Scripts - Cross-site Script stored Google Dork: N/A Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me POC Video: https://youtu.be/2CFJLwkxpT8 Vendor...

6.8AI score
Exploits0
0day.today
0day.today
added 2019/01/07 12:0 a.m.20 views

Embed Video Scripts - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Embed Video Scripts - Cross-site Script stored Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me POC Video: https://youtu.be/2CFJLwkxpT8 Vendor Homepage: https://codeawesome.in/embed/...

Exploits0
Packet Storm
Packet Storm
added 2018/12/31 12:0 a.m.24 views

WebFairy Mediat 1.4.1 Cross Site Scripting

Exploit Title: Mediat 1.4.1 - Cross-site Script Google Dork: N/A Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage: http://webfairy.net/ Software Link: https://github.com/WebFairyNet/Mediat Demo Website:...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2018/06/01 5:25 p.m.28 views

Liberapay: Current CSP Policy chained with HTML Injection can lead to Data Exfiltration

Hi Team, Summary While reviewing the CSP headers for en.liberapay.com i noticed that img-src has a source set to which means any source on the internet. The following is found in the current CSP Header config. img-src blob: data: Description: If the site is vulnerable to HTML Injection its possib...

0.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/02/14 10:21 a.m.18 views

inherentresolve.mil XSS vulnerability

Open Bug Bounty ID: OBB-559280 Description| Value ---|--- Affected Website:| inherentresolve.mil Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
NVD
NVD
added 2017/12/27 5:8 p.m.17 views

CVE-2017-17894

Readymade Job Site Script has CSRF via the /job URI...

8.8CVSS8.8AI score0.00505EPSS
Exploits1References1
NVD
NVD
added 2017/12/27 5:8 p.m.15 views

CVE-2017-17895

Readymade Job Site Script has SQL Injection via the locationname array parameter to the /job URI...

9.8CVSS9.9AI score0.01161EPSS
Exploits1References1
NVD
NVD
added 2017/12/27 5:8 p.m.15 views

CVE-2017-17896

Readymade Job Site Script has XSS via the keyword parameter to the /job URI...

6.1CVSS6AI score0.00683EPSS
Exploits1References1
Prion
Prion
added 2017/12/27 5:8 p.m.15 views

Cross site request forgery (csrf)

Readymade Job Site Script has CSRF via the /job URI...

6.8CVSS8.7AI score0.00505EPSS
Exploits1References1
Prion
Prion
added 2017/12/27 5:8 p.m.9 views

Default credentials

Readymade Job Site Script has XSS via the keyword parameter to the /job URI...

4.3CVSS5.9AI score0.00683EPSS
Exploits1References1
CNVD
CNVD
added 2017/12/25 12:0 a.m.2 views

PHP Scripts Mall Readymade Job Site Script Cross-Site Scripting Vulnerability

PHP Scripts Mall Readymade Job Site Script is a PHP based job site script by PHP Scripts Mall India. The script includes features like job management, profile management and email notifications. A cross-site scripting vulnerability exists in PHP Scripts Mall Readymade Job Site Script. A remote...

6.1CVSS6.3AI score0.00683EPSS
Exploits1References1
CNVD
CNVD
added 2017/12/25 12:0 a.m.3 views

PHP Scripts Mall Readymade Job Site Script Cross Site Request Forgery Vulnerability

PHP Scripts Mall Readymade Job Site Script is a PHP based job site script by PHP Scripts Mall India. The script includes features like job management, profile management and email notifications. A cross-site request forgery vulnerability exists in PHP Scripts Mall Readymade Job Site Script. A...

8.8CVSS6.5AI score0.00505EPSS
Exploits1References1
CVE
CVE
added 2017/12/24 6:0 p.m.51 views

CVE-2017-17894

CVE-2017-17894 affects the Readymade Job Site Script, with a CSRF flaw exploitable via the /job URI. Public sources (NVD/NVD-derived records) assign a CVSS‑3 base score of 8.8 (HIGH) and CVSS‑2 of 6.8 (MEDIUM), indicating network access required with user interaction typically needed (UI: REQUIRE...

8.8CVSS8.7AI score0.00505EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2017/12/24 6:0 p.m.50 views

CVE-2017-17896

CVE-2017-17896 affects Readymade Job Site Script with a cross-site scripting (XSS) vulnerability via the keyword parameter to the /job URI. The NVD entry reports a base score of 4.3 (CVSS2) and 6.1 (CVSS3), indicating that network access is required and user interaction is involved in a changed s...

6.1CVSS5.9AI score0.00683EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2017/12/24 6:0 p.m.21 views

CVE-2017-17895

Readymade Job Site Script has SQL Injection via the locationname array parameter to the /job URI...

9.9AI score0.01161EPSS
Exploits1References1
Rows per page
Query Builder