Lucene search
K

237 matches found

CNNVD
CNNVD
added 2023/01/03 12:0 a.m.5 views

Nortek Control Linear eMerge E3-Series 跨站脚本漏洞

The Nortek Control Linear eMerge E3-Series is an access control from Nortek Control USA. It allows you to specify which doors a person can use to enter and exit a specified location at a specified time. A security vulnerability exists in several versions of the Nortek Control Linear eMerge...

5.4CVSS4.9AI score0.00554EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/12/09 12:0 a.m.9 views

PT-2022-22113 · Yii2 Gii · Yii2 Gii

Name of the Vulnerable Software and Affected Versions: Yii2 Gii versions through 2.2.4 Description: The issue allows stored XSS by injecting a payload into any field. Some fields, such as Message Category in Model Generator, CRUD Generator or Form Generator, and Author Name in Extension Generator...

5.4CVSS5.1AI score0.00607EPSS
Exploits1References8
BDU FSTEC
BDU FSTEC
added 2022/12/02 12:0 a.m.5 views

The vulnerability in the web interface of Cisco Firepower Management Center’s software for network management allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the web interface for managing Cisco Firepower Management Center FMC software involves a lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

4.9CVSS5.3AI score0.00446EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/11/28 2:15 p.m.2 views

CVE-2022-3824

The WP Admin UI Customize WordPress plugin before 1.5.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2022/10/07 12:0 a.m.3 views

Bodhi 跨站脚本漏洞

Bodhi is a web-based system used to manage the software update release process for Fedora. A security vulnerability exists in Bodhi version 5.6.1, which can be exploited by an attacker to perform cross-site scripting attacks...

6.1CVSS6AI score0.00395EPSS
Exploits0References3
OSV
OSV
added 2022/08/30 9:26 a.m.4 views

USN-5585-1 jupyter-notebook vulnerabilities

It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack of Content Security Policy in Nbconvert to perform cross-site scripting XSS attacks on the notebook server. This issue only affected Ubuntu 18.04 LTS. CVE-2018-19351 It...

7.5CVSS6.5AI score0.01741EPSS
Exploits1References9
Huntr
Huntr
added 2022/05/31 7:14 p.m.6 views

Cross site script

Description 1.Create a new recipe. 2.Edit this recipe and add this payload 3.Save the recipe and reload the recipe page...

0.9AI score
Exploits0
OSV
OSV
added 2022/05/17 2:49 a.m.26 views

GHSA-9XFC-J5MF-9W5P JacksonJsonpInterceptor susceptible to cross-site script inclusion (XSSI) attack

JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion XSSI attack...

6.1CVSS6.1AI score0.01315EPSS
Exploits0References3
CVE
CVE
added 2021/11/24 8:25 a.m.52 views

CVE-2021-20843

The CVE-2021-20843 affects Yamaha routers (RTX830, NVR510, NVR700W, RTX1210). Root cause: Cross-site script inclusion in the Web GUI that can allow an authenticated user to alter settings via a crafted page. Verified fixes are firmware updates: RTX830 Rev.15.02.20; NVR510 Rev.15.01.21; NVR700W Re...

5.4CVSS5.2AI score0.00671EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2021/11/11 12:0 a.m.20 views

Mozilla Firefox Security Advisory (MFSA2015-122) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

7.5CVSS9.6AI score0.03097EPSS
Exploits0References3
NVD
NVD
added 2021/10/13 9:15 a.m.13 views

CVE-2021-20797

Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. This issue occurs only when using Mozilla Firefox...

5.4CVSS0.00588EPSS
Exploits0References2
Prion
Prion
added 2021/10/13 9:15 a.m.15 views

Cross site scripting

Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. This issue occurs only when using Mozilla Firefox...

3.5CVSS5.8AI score0.00588EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/10/13 8:30 a.m.57 views

CVE-2021-20797

CVE-2021-20797 is a cross-site script inclusion vulnerability in the Cybozu Remote Service management UI (CWE-829) affecting Cybozu Remote Service versions around 3.1.8 (and 3.1.9 per related documentation). The issue allows a remote authenticated attacker to obtain information stored in the prod...

5.4CVSS5.8AI score0.00588EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/10/13 8:30 a.m.13 views

CVE-2021-20797

Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. This issue occurs only when using Mozilla Firefox...

6.2AI score0.00588EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/09/30 12:0 a.m.78 views

JVN#52694228: Multiple vulnerabilities in Cybozu Remote Service

Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-525 Cross-site request forgery vulnerability in the management screen CWE-352 - CVE-2021-20795 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N| Base Score:...

8.8CVSS7AI score0.01468EPSS
Exploits0
Packet Storm
Packet Storm
added 2021/09/03 12:0 a.m.195 views

jforum 2.7.0 Cross Site Scripting

hi, I found a vulnerability in the jforum 2.7.0. It is a storage cross site script vulnerability. The place is the user's profile - signature. The technique of the vulnerability is the same as that described in this article "STORED CROSS SITE SCRIPTING IN BBCODE"...

Exploits0
NVD
NVD
added 2021/08/16 7:15 p.m.25 views

CVE-2021-22936

A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter...

6.1CVSS0.00848EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/08/16 6:38 p.m.25 views

CVE-2021-22936

A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter...

6.4AI score0.00848EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/08/02 12:0 a.m.5 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

5.4CVSS5.4AI score0.00547EPSS
Exploits1References1
NVD
NVD
added 2021/07/13 6:15 p.m.15 views

CVE-2021-36214

LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView...

6.1CVSS0.00724EPSS
Exploits0References1
Rows per page
Query Builder