Lucene search
K

6 matches found

CNNVD
CNNVD
added 2024/05/27 12:0 a.m.2 views

WinNMP 跨站脚本漏洞

WinNMP is a WinNMP package for quickly setting up a development server. A cross-site scripting vulnerability exists in WinNMP version 19.02, which stems from susceptibility to cross-site scripting XSS attacks that could allow an attacker to send a specially crafted query to an authenticated user...

6.3CVSS5.7AI score0.00301EPSS
Exploits0References2
Prion
Prion
added 2021/09/08 5:15 p.m.14 views

Session fixation

An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions...

5CVSS7.2AI score0.0112EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/07/06 12:15 p.m.4 views

CVE-2021-27930

Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which allows an authenticated or compromised user to inject malicious JavaScript in folder/file name within the application in order to grab other users’ sessions or execute malicious code in their browsers 1-click RCE...

5.4CVSS5.9AI score0.00637EPSS
Exploits1References2
Prion
Prion
added 2019/05/14 7:29 p.m.13 views

Race condition

An improper authentication vulnerability can be exploited through a race condition that occurs in Ellucian Banner Web Tailor 8.8.3, 8.8.4, and 8.9 and Banner Enterprise Identity Services 8.3, 8.3.1, 8.3.2, and 8.4, in conjunction with SSO Manager. This vulnerability allows remote attackers to ste...

6.8CVSS7.9AI score0.05858EPSS
Exploits1References6Affected Software2
CNVD
CNVD
added 2017/02/05 12:0 a.m.3 views

Honeywell XL Web II Controller Session Fixation Vulnerability

Honeywell XL Web Controller is a web-based SCADA system. A session fixation vulnerability exists in Honeywell XL Web II Controller, which can be exploited by an attacker to establish a new user session and steal authenticated sessions...

6.5CVSS6.8AI score0.01102EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2005/03/15 12:0 a.m.24 views

photopost50rc3.txt

PhotoPost 5.0RC3, All Enthusiast, Inc, multiple vulnerabilities March 05 2005 For your consideration. 1. BACKGROUND PhotoPost is a popular commercial image publishing software. Everyone loves showing off their photos! Add PhotoPost to your site, or let us install it for you, and your visitors wil...

7.4AI score
Exploits0
Rows per page
Query Builder