Lucene search
+L

134 matches found

NVD
NVD
added 2024/03/24 7:15 p.m.16 views

CVE-2024-29194

OneUptime is a solution for monitoring and managing online services. The vulnerability lies in the improper validation of client-side stored data within the web application. Specifically, the ismasteradmin key, stored in the local storage of the browser, can be manipulated by an attacker. By...

8.3CVSS8.2AI score0.00702EPSS
Exploits1References2
CVE
CVE
added 2024/03/24 7:4 p.m.67 views

CVE-2024-29194

OneUptime web application vulnerability: localStorage key is_master_admin can be changed from false to true, bypassing server-side checks and granting administrative privileges to a regular user. Root cause: improper validation of client-side stored data in the web app; privileges are controlled ...

8.3CVSS8.1AI score0.00702EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/03/06 10:58 a.m.13 views

BIT-MYBB-2022-43707

MyBB 1.8.31 has a Cross-site scripting XSS vulnerability in the visual MyCode editor SCEditor allows remote attackers to inject HTML via user input or stored data...

6AI score
Exploits0References2
CNNVD
CNNVD
added 2024/03/01 12:0 a.m.5 views

Dell Secure Connect Gateway 跨站脚本漏洞

Dell Secure Connect Gateway is a secure connectivity gateway from Dell USA. Dell Secure Connect Gateway suffers from a cross-site scripting vulnerability that originates from a cross-site scripting vulnerability in the Policy Manager that contains storage in the policy page. No detailed...

7.6CVSS6.1AI score0.00422EPSS
Exploits0References2
wpexploit
wpexploit
added 2024/02/20 12:0 a.m.126 views

Tabs Shortcode and Widget <= 1.17 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks otwshortcodetabslayout tabs="2"...

7.7AI score0.00431EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/12/18 8:7 p.m.22 views

CVE-2023-5348 Product Catalog Enquiry for WooCommerce < 5.0.3 - Unauthenticated Stored XSS via Arbitrary Setting Update

The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users...

6.2AI score0.00531EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/11/06 12:0 a.m.173 views

WP-UserOnline < 2.88.3 - Unauthenticated Stored XSS

Description The plugin does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks. curl https://example.com -H 'X-Forwarded-For: ' Then, as a high-privileged user, visit...

6.1CVSS6.1AI score0.0051EPSS
Exploits2
NVD
NVD
added 2023/10/02 9:15 a.m.19 views

CVE-2023-41859

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin = 1.2 versions...

5.9CVSS5.4AI score0.00316EPSS
Exploits0References1
OSV
OSV
added 2023/09/05 9:15 p.m.1 views

DEBIAN-CVE-2023-39515

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts an...

4.8CVSS6.8AI score0.00703EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/07/12 12:48 p.m.14 views

CVE-2023-38065

In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible...

4.6CVSS6AI score0.0104EPSS
Exploits0References1
Prion
Prion
added 2023/06/03 8:15 a.m.13 views

Cross site scripting

Cross-site Scripting XSS - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9...

4.3CVSS8.1AI score0.00738EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/05/12 2:15 a.m.1 views

CVE-2023-28520

IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454...

5.4CVSS5.8AI score0.0035EPSS
Exploits0References2
NVD
NVD
added 2023/04/11 5:15 a.m.23 views

CVE-2023-29492

Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data...

9.8CVSS9.8AI score0.0269EPSS
Exploits0References2
NVD
NVD
added 2023/04/10 2:15 p.m.19 views

CVE-2023-1120

The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.7AI score0.00442EPSS
Exploits2References1
Prion
Prion
added 2023/01/07 4:15 a.m.20 views

Cross site scripting

Cross-site Scripting XSS - Stored in GitHub repository usememos/memos prior to 0.10.0...

6CVSS5.3AI score0.00645EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/23 12:0 a.m.36 views

MonsterInsights < 8.9.1 - Stored Cross-Site Scripting via Google Analytics

The plugin does not sanitize or escape page titles in the top posts/pages section, allowing an unauthenticated attacker to inject arbitrary web scripts into the titles by spoofing requests to google analytics. PoC 1. Open a WP page with the plugin and Google analytics installed and search for...

6.1CVSS6.1AI score0.01217EPSS
Exploits3Affected Software1
CNVD
CNVD
added 2022/11/24 12:0 a.m.21 views

MyBB MyCode Editor Cross-Site Scripting Vulnerability

MyBB MyBulletinBoard is a free and web-based forum software developed by MYBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. A cross-site scripting vulnerability exists in versions prior to mybb MyBB 1.8.32, which stems from a...

6.1CVSS6AI score0.00469EPSS
Exploits0References1
OSV
OSV
added 2022/11/22 12:15 a.m.4 views

CVE-2022-43707

MyBB 1.8.31 has a Cross-site scripting XSS vulnerability in the visual MyCode editor SCEditor allows remote attackers to inject HTML via user input or stored data...

6.1CVSS5.8AI score0.00469EPSS
Exploits0References2
Prion
Prion
added 2022/11/22 12:15 a.m.24 views

Cross site scripting

MyBB 1.8.31 has a Cross-site scripting XSS vulnerability in the visual MyCode editor SCEditor allows remote attackers to inject HTML via user input or stored data...

5.8CVSS6AI score0.00469EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/10/31 9:15 p.m.13 views

Cross site scripting

The application was vulnerable to an authenticated Stored Cross-Site Scripting XSS in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile...

6CVSS7.7AI score0.00621EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder