Lucene search
K

46 matches found

Prion
Prion
added 2024/01/22 7:15 p.m.18 views

Design/Logic Flaw

An attacker could execute unauthorized script on a legitimate site through UXSS using window.open by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS 122...

5.8CVSS6.7AI score0.00283EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2024/01/22 7:15 p.m.23 views

Race condition

Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affec...

5.1CVSS7.8AI score0.00387EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/22 6:23 p.m.3 views

CVE-2024-0606

An attacker could execute unauthorized script on a legitimate site through UXSS using window.open by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS 122...

6AI score0.00283EPSS
Exploits0References2
OSV
OSV
added 2024/01/22 6:23 p.m.9 views

CVE-2024-0606

An attacker could execute unauthorized script on a legitimate site through UXSS using window.open by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS 122...

6.1CVSS6.3AI score0.00283EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/01/22 6:23 p.m.4 views

CVE-2024-0605

Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affec...

7.5AI score0.00387EPSS
Exploits0References2
CVE
CVE
added 2023/11/07 7:4 p.m.73 views

CVE-2023-46244

CVE-2023-46244 relates to a privilege-escalation in XWiki Platform where a user with only script permissions could cause velocity content to execute with the right of another document author, potentially returning the title as the unmodified document but instead exposing the attacker to the prote...

9.1CVSS9AI score0.0079EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/09/30 11:15 p.m.2 views

CVE-2023-5112

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "specialstypename1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

5.4CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2023/09/30 10:15 p.m.5 views

CVE-2023-43723

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "ordersstatusname1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

5.4CVSS6AI score0.00431EPSS
Exploits1References2
OSV
OSV
added 2023/09/30 10:15 p.m.4 views

CVE-2023-43727

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "stockindicationtext1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

5.4CVSS5.9AI score0.00431EPSS
Exploits1References2
Prion
Prion
added 2023/09/30 10:15 p.m.18 views

Cross site scripting

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "zonename" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

4.9CVSS5.3AI score0.00431EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2023/09/30 9:15 p.m.18 views

CVE-2023-43714

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "SKIPCARTPAGETITLE1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

5.4CVSS5.3AI score0.00431EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/09/30 12:0 a.m.5 views

osCommerce Cross-Site Scripting Vulnerability

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...

5.4CVSS5.9AI score0.00431EPSS
Exploits1References3
CVE
CVE
added 2023/04/16 6:52 a.m.251 views

CVE-2023-29507

XWiki Commons vulnerability: the Document script API returns directly a DocumentAuthors object, letting an attacker set any document author and potentially affect rights checks. This is fixed by patching the API to a safe script API in XWiki 14.10 and 14.4.7. Affected context includes XWiki Commo...

9.1CVSS8.1AI score0.00899EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/03/02 6:44 p.m.71 views

CVE-2023-26056

CVE-2023-26056 affects XWiki Platform. Starting with 3.0-milestone-1, a script can be executed with the privileges of another user if the target user lacks programming rights. The issue is mitigated by patches in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. Connected advisories (GHSA-859X-P6JP-RC2W, os...

5.4CVSS5.5AI score0.00555EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2022/06/29 12:36 p.m.38 views

CVE-2022-34468

The Mozilla Foundation Security Advisory describes this flaw as: An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link...

8.8CVSS1.6AI score0.00937EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 5:23 p.m.20 views

Stored XSS vulnerability in Jenkins Deployer Framework Plugin

Deployer Framework Plugin is a framework plugin allowing other plugins to provide a way to deploy artifacts. Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page. This results in a stored cross-site scripting XSS vulnerability exploitable by users abl...

5.4CVSS4.9AI score0.00688EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2020/12/09 5:15 p.m.28 views

CVE-2020-26828

SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. In some file types it is possible to enter formulas which can call external applications or execute scripts. The execution of a payload script on target...

6.4CVSS5.8AI score0.00778EPSS
Exploits0References2
NVD
NVD
added 2020/09/25 4:23 a.m.28 views

CVE-2020-24594

Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session...

9.6CVSS0.01713EPSS
Exploits0References2
CNVD
CNVD
added 2020/06/10 12:0 a.m.12 views

Microsoft Office SharePoint Cross-Site Scripting Vulnerability (CNVD-2021-24038)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A cross-site scriptin...

5.4CVSS8AI score0.01526EPSS
Exploits0References1
Prion
Prion
added 2019/08/29 3:15 p.m.12 views

Design/Logic Flaw

IBM Cloud Automation Manager 3.1.2 could allow a malicious user on the client side with access to client computer to run a custom script. IBM X-Force ID: 158278...

3.6CVSS5AI score0.0032EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder