Lucene search
K

80 matches found

ATTACKERKB
ATTACKERKB
added 2023/04/24 6:15 p.m.2 views

CVE-2023-27990

The cross-site scripting XSS vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50W firmware versions 4.16 through 5.35, USG20W-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through...

4.8CVSS5.8AI score0.00344EPSS
Exploits0References2Affected Software5
OSV
OSV
added 2023/02/07 2:15 a.m.4 views

CVE-2022-45441

A cross-site scripting XSS vulnerability in Zyxel NBG-418N v2 firmware versions prior to V1.00AARP.13C0, which could allow an attacker to store malicious scripts in the Logs page of the GUI on a vulnerable device. A successful XSS attack could force an authenticated user to execute the stored...

6.1CVSS5.8AI score0.00353EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/02/06 12:0 a.m.5 views

PT-2023-1577 · Zyxel · Zyxel Nbg-418N

Name of the Vulnerable Software and Affected Versions: Zyxel NBG-418N v2 firmware versions prior to V1.00AARP.13C0 Description: A cross-site scripting XSS vulnerability exists in the Zyxel NBG-418N v2 firmware, which could allow an attacker to store malicious scripts in the Logs page of the GUI o...

8.2CVSS5.3AI score0.00353EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/12/29 12:0 a.m.1 views

PT-2022-28129 · Unknown · Usememos/Memos

Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.1 Description: The issue is related to Cross-site Scripting XSS - Stored, which occurs when an application stores user input and later displays it without proper validation, allowing an attacker to inject...

8.6CVSS6.1AI score0.00601EPSS
Exploits1References9
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.31 views

Distributed Data Systems WebHmi 跨站脚本漏洞

Distributed Data Systems WebHmi is a Scada system with a built-in web server from Distributed Data Systems, Ukraine. It is used to monitor and control any automation system on a local network and over the Internet from computers and mobile devices. A cross-site scripting vulnerability exists in...

6.2CVSS4.9AI score0.00459EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/04/11 12:0 a.m.4 views

WordPress plugin Premio Chaty跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A security vulnerability exists in the WordPress plug...

4.8CVSS5.1AI score0.00576EPSS
Exploits0References3
OSV
OSV
added 2022/04/04 4:15 p.m.2 views

CVE-2021-25113

The Dropdown Menu Widget WordPress plugin through 1.9.7 does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues...

5.4CVSS6.1AI score0.00595EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/03/10 12:0 a.m.3 views

Secomea SiteManager 跨站脚本漏洞

Secomea SiteManager is a software application from the Danish company Secomea. It provides a remote maintenance function for industrial equipment. A cross-site scripting vulnerability exists in Secomea SiteManager Version 9.6.621421014 and earlier versions, which allows a user to store javascript...

6.5CVSS5.5AI score0.00556EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/10/08 12:0 a.m.2 views

webTareas 跨站脚本漏洞

webTareas is a web-based open source collaboration tool. The product supports features such as project management, bug tracking, content management and meeting management. A security vulnerability exists in webTareas, which can be exploited by an attacker to store arbitrary web script or HTML by...

5.4CVSS5.9AI score0.00549EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/08/10 12:0 a.m.3 views

SAP ERP 跨站脚本漏洞

SAP Cloud Connector is a connector for connecting to the SAP Cloud Platform from SAP Germany. A cross-site scripting vulnerability exists in SAP Cloud Connector version 2.0, which arises from a program that does not adequately encode user-controlled input, and can be exploited by an attacker with...

5.9CVSS5.3AI score0.0045EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/06/01 12:0 a.m.3 views

Opennms Group OpenNMS 跨站脚本漏洞

Opennms Group OpenNMS is an open source, enterprise-grade network monitoring and network management platform from the U.S.-based OpenNMS Group Opennms Group. A cross-site scripting vulnerability exists in OpenNMS Horizon, which stems from versions OpenNMS -1-0-stable through OpenNMS -27.1.0-1;...

5.4CVSS5.6AI score0.00926EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/05/25 12:0 a.m.3 views

Opennms Group OpenNMS 跨站脚本漏洞

Opennms Group OpenNMS is an open source, enterprise-grade network monitoring and network management platform from the US-based OpenNMS Group Opennms Group. A cross-site scripting vulnerability exists in OpenNMS Horizon and OpenNMS Meridian, which stems from the function add performing incorrect...

5.4CVSS5.7AI score0.0091EPSS
Exploits1References3
OSV
OSV
added 2020/08/12 2:15 p.m.2 views

CVE-2020-6284

SAP NetWeaver Knowledge Management, versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the execution of the script content...

9CVSS7.4AI score0.018EPSS
Exploits0References2
OSV
OSV
added 2020/05/05 4:15 p.m.1 views

CVE-2020-8799

A Stored XSS vulnerability has been found in the administration page of the WTI Like Post plugin through 1.4.5 for WordPress. Once the administrator has submitted the data, the script stored is executed for all the users visiting the website...

4.8CVSS5.7AI score
Exploits0References2
OSV
OSV
added 2019/10/23 1:15 p.m.15 views

CVE-2019-10474

A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system...

4.3CVSS6.6AI score
Exploits0References2
Cvelist
Cvelist
added 2019/10/23 12:45 p.m.9 views

CVE-2019-10474

A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system...

4.4AI score0.00677EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2019/01/28 12:0 a.m.4 views

The vulnerability in the web interface of the Cisco Secure ACS control system allows a perpetrator to execute stored scripts across sites.

The vulnerability in the Cisco Secure ACS access control system’s web interface management interface is related to improper verification and the absence of encryption for user data. Exploiting this vulnerability allows a malicious actor to remotely execute stored scripts against the user’s web...

5.4CVSS6AI score0.00891EPSS
Exploits0References9Affected Software1
CNVD
CNVD
added 2018/12/21 12:0 a.m.3 views

BlackBerry Unified Endpoint Manager Cross-Site Scripting Vulnerability (CNVD-2019-39169)

BlackBerry Unified Endpoint Manager UEM is a unified endpoint management solution from BlackBerry Canada. The solution is used to manage endpoint devices and view their access. A security vulnerability exists in BlackBerry UEM. No information is currently available about this vulnerability, which...

4.8CVSS6.7AI score0.00512EPSS
Exploits0References1
OSV
OSV
added 2018/12/20 8:29 p.m.4 views

CVE-2018-8888

A stored cross-site scripting XSS vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator...

4.8CVSS5.7AI score0.00512EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2011/10/22 4:5 a.m.4 views

Metasploit 4.1.0 Web UI Cross Site Scripting vulnerability

Metasploit 4.1.0 Web UI Cross Site Scripting vulnerability The Web UI in Metasploit version 4.1.0 suffers from a stored cross site scripting vulnerability discovered by "Stefan Schurtz ". Technical Details Login to Web UI - Create New Project - Project name - '"alertdocument.cookie...

5.9AI score
Exploits0
Rows per page
Query Builder