Lucene search
K

92 matches found

CVE
CVE
added 2023/03/16 12:0 a.m.88 views

CVE-2023-22880

CVE-2023-22880 affects Zoom client on Windows: Zoom for Windows prior to 5.13.3, Zoom Rooms for Windows prior to 5.13.5, and Zoom VDI for Windows prior to 5.13.1. The vulnerability is an information disclosure caused by a Microsoft Edge WebView2 runtime update that sent text to Microsoft's online...

7.5CVSS6.6AI score0.00983EPSS
Exploits0References1Affected Software3
SUSE CVE
SUSE CVE
added 2023/02/15 5:21 a.m.2 views

SUSE CVE-2015-1263

The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file...

4.3CVSS9.3AI score0.00989EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:21 a.m.2 views

SUSE CVE-2015-1288

The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related...

6.8CVSS9.5AI score0.01079EPSS
Exploits0References4
OSV
OSV
added 2023/02/14 10:43 p.m.3 views

MGASA-2023-0049 Updated phpmyadmin packages fix security vulnerability

Security fix for an XSS vulnerability in the drag-and-drop upload functionality PMASA-2023-01 Additional bugfixes including - issue 17506 Fix error when configuring 2FA without XMLWriter or Imagick issue 17519 Fix Export pages not working in certain conditions issue 17121 Fix passwordhash functio...

6.4AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/02/14 12:0 a.m.5 views

PT-2023-36335 · Unknown · Phpmyadmin

Name of the Vulnerable Software and Affected Versions: phpMyAdmin affected versions not specified Description: The issue concerns a security fix for an XSS vulnerability in the drag-and-drop upload functionality. Additional bugfixes include resolving errors when configuring 2FA without XMLWriter ...

6.4AI score
Exploits0References4
OSV
OSV
added 2022/08/06 5:46 a.m.3 views

GHSA-C558-5GFM-P2R8 JSPUI spellcheck and autocomplete tools vulnerable to Cross Site Scripting

Impact The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autocomplete HTML does not properly escape text passed to it. Both are vulnerable to XSS. This vulnerability only impacts the JSPUI. This...

7.1CVSS6.6AI score0.00603EPSS
Exploits0References7
OSV
OSV
added 2022/08/01 8:30 p.m.22 views

CVE-2022-31191 Cross Site Scripting possible in DSpace JSPUI spellcheck and autocomplete tools

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI...

7.1CVSS6.2AI score0.00603EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2022/08/01 8:30 p.m.6 views

CVE-2022-31191 Cross Site Scripting possible in DSpace JSPUI spellcheck and autocomplete tools

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI...

7.1CVSS6.7AI score0.00603EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/08/01 12:0 a.m.4 views

PT-2022-20600 · Dspace · Dspace

Name of the Vulnerable Software and Affected Versions: DSpace versions prior to 5.11 DSpace versions prior to 6.4 Description: The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autocomplete HTML does not...

7.1CVSS6.2AI score0.00603EPSS
Exploits0References11
Metasploit
Metasploit
added 2021/10/12 5:42 p.m.450 views

Moodle Authenticated Spelling Binary RCE

Moodle allows an authenticated user to define spellcheck settings via the web interface. The user can update the spellcheck mechanism to point to a system-installed aspell binary. By updating the path for the spellchecker to an arbitrary command, an attacker can run arbitrary commands in the...

9.1CVSS8.4AI score0.42566EPSS
Exploits12
Packet Storm
Packet Storm
added 2021/10/12 12:0 a.m.345 views

Moodle SpellChecker Path Authenticated Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Moodle SpellChecker Path Authenticated Remote Command Execution', 'Description' = %q Moodle allows an authenticated administrator to define...

9.1CVSS0.5AI score0.42566EPSS
Exploits11
Packet Storm
Packet Storm
added 2021/10/12 12:0 a.m.415 views

Moodle Authenticated Spelling Binary Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'Moodle Authenticated Spelling Binary RCE', 'Description' = %q Moodle allows an authenticated user to define spellcheck...

9.1CVSS0.4AI score0.42566EPSS
Exploits12
Hacker One
Hacker One
added 2019/10/16 10:11 p.m.19 views

U.S. Dept Of Defense: [HTA2] XXE on https://███ via SpellCheck Endpoint.

A full read XXE vulnerability was discovered on a website via the SpellCheck endpoint, allowing an attacker to read local files, make HTTP requests to internal applications and read the responses, steal NTLM hashes, and also completely deny service to the application...

6.8AI score
Exploits0
Friends Of PHP
Friends Of PHP
added 2019/05/23 12:0 a.m.7 views

EZSA-2019-003 XSS in eZFind spellcheck

More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-003-xss-in-ezfind-spellcheck...

7.2AI score
Exploits0Affected Software1
Kitploit
Kitploit
added 2018/06/07 10:10 p.m.75 views

AutoSQLi - An Automatic SQL Injection Tool Which Takes Advantage Of Googler, Ddgr, WhatWaf And SQLMap

An Automatic SQL Injection Tool Which Takes Advantage Of DorkNet Googler, Ddgr, WhatWaf And Sqlmap. Features Save System - there is a complete save system, which can resume even when your pc crashed. - technology is cool Dorking - from the command line one dork : YES - from a file: NO - from an...

8.4AI score
Exploits0References2
Openbugbounty
Openbugbounty
added 2017/06/27 2:28 p.m.5 views

imyst.com XSS vulnerability

Vulnerable URL: http://www.imyst.com/ams/spellcheck/ASPSpellCheck.asp?fields=1/-///'/"//--...

6.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2015/09/22 10:41 a.m.12 views

dictionary.cambridge.org XSS vulnerability

Vulnerable URL: http://dictionary.cambridge.org/us/spellcheck/english/?q=+ Details: Description| Value ---|--- Patched:| Yes, at 11.10.2015 Latest check for patch:| 11.10.2015 09:11 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google...

6.3AI score
Exploits0
CNVD
CNVD
added 2015/07/24 12:0 a.m.2 views

Google Chrome Spellcheck API Man-in-the-Middle Attack Vulnerability

Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in the implementation of the Spellcheck API in versions of Google Chrome prior to 44.0.2403.89, which stems from the program failing to download the Hunspell directory using an HTTPS...

6.8CVSS8.8AI score0.01079EPSS
Exploits0References1
NVD
NVD
added 2015/07/23 12:59 a.m.21 views

CVE-2015-1288

The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related...

6.8CVSS9.7AI score0.01079EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2015/07/23 12:59 a.m.31 views

CVE-2015-1288

The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file, a related...

6.8CVSS7.2AI score0.01079EPSS
Exploits0References2
Rows per page
Query Builder