Lucene search
K

450 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:14 a.m.4 views

CVE-2014-10394

The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header...

6.1CVSS7.3AI score0.00913EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:24 a.m.10 views

CVE-2017-11180

FineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in 1 the User-Agent header of an HTTP request or 2 the username entered on the login screen...

6.1CVSS5.8AI score0.00632EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:13 p.m.9 views

CVE-2008-0563

Cross-site request forgery CSRF vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to perform unspecified actions as unspecified authenticated users via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in...

4.3CVSS7AI score0.00438EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 7:58 p.m.10 views

CVE-2008-0178

Cross-site scripting XSS vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header...

4.3CVSS5.5AI score0.0201EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 7:55 p.m.7 views

CVE-2008-7250

Cross-site scripting XSS vulnerability in Squid Analysis Report Generator Sarg 2.2.4 allows remote attackers to inject arbitrary web script or HTML via a JavaScript onload event in the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: this issue exists...

4.3CVSS5.8AI score0.01553EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/25 8:51 p.m.20 views

CVE-2025-2767

Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is required to exploit this vulnerability. The specific flaw exist...

8.8CVSS7.5AI score0.00502EPSS
Exploits0References3
NVD
NVD
added 2025/04/23 5:16 p.m.34 views

CVE-2025-2767

Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is required to exploit this vulnerability. The specific flaw exist...

9.6CVSS0.00502EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/23 4:51 p.m.7 views

CVE-2025-2767 Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability

Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is required to exploit this vulnerability. The specific flaw exist...

8.8CVSS7.4AI score0.00502EPSS
Exploits0References1
CVE
CVE
added 2025/04/23 4:51 p.m.70 views

CVE-2025-2767

CVE-2025-2767 affects Arista NG Firewall. The vulnerability is in the processing of the User-Agent HTTP header, due to lack of validation of user-supplied data, enabling injection of arbitrary script and remote code execution with root privileges. It requires minimal user interaction. Documents r...

9.6CVSS7.4AI score0.00502EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/04/23 4:51 p.m.39 views

CVE-2025-2767 Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability

Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is required to exploit this vulnerability. The specific flaw exist...

8.8CVSS0.00502EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/03/25 12:0 a.m.38 views

(0Day) Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the processing of the User-Agent HTTP header. The issue results from the lack o...

8.8CVSS7.5AI score0.00502EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 11:58 p.m.14 views

CVE-2022-29169

BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and prior to 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service ReDoS attacks. By using specific a RegularExpression, an attacker can cause denial of service for the bbb-html5...

7.5CVSS6.7AI score0.01449EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2025/01/14 8:0 a.m.28 views

Description of the security update for SharePoint Server Subscription Edition: January 14, 2025 (KB5002676)

Description of the security update for SharePoint Server Subscription Edition: January 14, 2025 KB5002676 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint Server spoofing vulnerability. To learn more about the...

7.8CVSS8AI score0.01742EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2025/01/14 8:0 a.m.40 views

Description of the security update for SharePoint Server 2019: January 14, 2025 (KB5002666)

Description of the security update for SharePoint Server 2019: January 14, 2025 KB5002666 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerabilities, see th...

7.8CVSS7.4AI score0.01742EPSS
Exploits0
Veracode
Veracode
added 2024/06/24 6:0 a.m.6 views

Session Hijacking

silverstripe/framework is vulnerable to Session Hijacking. The vulnerability is due to a malfunction in the security protection designed to detect changes in the User-Agent header, which allows an attacker to modify the header without invalidating the user session...

7AI score
Exploits0
OSV
OSV
added 2024/05/27 8:35 p.m.5 views

GHSA-4QX8-J9VH-2628 silverstripe/framework's User-Agent header not correctly invalidating user session

A security protection device in Session designed to protect session hijacking was not correctly functioning. This function intended to protect user sessions by detecting changes in the User-Agent header, but modifications to this header were not correctly invalidating the user session...

7.5CVSS7.1AI score
Exploits0References5
OSV
OSV
added 2024/05/22 7:15 a.m.3 views

CVE-2024-1762

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTTPUSERAGENT header in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

6.1CVSS6AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/22 12:0 a.m.5 views

PT-2024-18284 · WordPress · Nextscripts: Social Networks Auto-Poster

Name of the Vulnerable Software and Affected Versions: NextScripts: Social Networks Auto-Poster plugin for WordPress versions up to, and including, 4.4.3 Description: The issue allows unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an...

6.1CVSS7.4AI score0.00389EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/05/15 12:0 a.m.4 views

WordPress plugin Import and export users and customers 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Import...

4.4CVSS5.8AI score0.00255EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.11 views

PT-2024-32042 · WordPress · Import/Export Users/Customers Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: Import and export users and customers plugin for WordPress versions up to, and including, 1.26.6.1 Description: The issue arises from insufficient input sanitization and output escaping, allowing authenticated attackers with administrator...

4.4CVSS6.8AI score0.00255EPSS
Exploits0References4
Rows per page
Query Builder