Lucene search
K

176 matches found

CNNVD
CNNVD
added 2023/09/30 12:0 a.m.5 views

osCommerce Cross-Site Scripting Vulnerability

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...

5.4CVSS5.9AI score0.00431EPSS
Exploits1References3
NVD
NVD
added 2023/08/03 10:15 p.m.27 views

CVE-2023-20218

A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters ATAs could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the...

6.1CVSS5.7AI score0.00368EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2023/06/30 12:0 a.m.352 views

Event Booking Calendar 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
OSV
OSV
added 2023/03/29 6:31 p.m.38 views

GHSA-7J98-H7FP-4VWJ smarty Cross-site Scripting vulnerability in Javascript escaping

Impact An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the...

7.1CVSS7AI score0.01025EPSS
Exploits0References9
OSV
OSV
added 2023/02/27 3:15 p.m.4 views

CVE-2022-45137

The configuration backend of the web-based management is vulnerable to reflected XSS Cross-Site Scripting attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability...

6.1CVSS5.8AI score0.00375EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/12/08 12:0 a.m.5 views

Micro Focus Operations Bridge Manager 跨站脚本漏洞

Micro Focus Operations Bridge Manager is a software application from Micro Focus UK. It provides a monitoring function. A security vulnerability exists in Micro Focus Micro Focus Operations Bridge Manager versions prior to 2022.11, Micro Focus Micro Focus Operations Bridge- Containerized versions...

8CVSS5.8AI score0.00623EPSS
Exploits0References4
OSV
OSV
added 2022/05/13 1:1 a.m.3 views

GHSA-PGXV-H967-FW2Q Improper Neutralization of Input During Web Page Generation in Jenkins

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other us...

5.4CVSS7.1AI score0.00894EPSS
Exploits0References5
Prion
Prion
added 2022/04/25 1:15 p.m.19 views

Cross site scripting

XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars...

4.3CVSS6.2AI score0.00628EPSS
Exploits1References1Affected Software1
0day.today
0day.today
added 2022/04/14 12:0 a.m.248 views

Delta Controls enteliTOUCH 3.40.3935 Cross Site Scripting Vulnerability

enteliTouch XSS alertdocument.cookie" / input type="hidden" n...

7.4AI score
Exploits0
Prion
Prion
added 2022/03/16 3:15 p.m.12 views

Cross site scripting

A Cross-Site Scripting XSS attack can cause arbitrary code javascript to run in a user’s browser while the browser is connected to a trusted website. As the vehicle for the attack, the application targets the users and not the application itself. Additionally, the XSS payload is executed when the...

3.5CVSS5.3AI score0.00567EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/03/10 5:42 p.m.16 views

Cross site scripting

A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin...

3.5CVSS5.4AI score0.01318EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/10/26 12:0 a.m.4 views

Nextcloud Talk 跨站脚本漏洞

Nextcloud Talk, a self-hosted local audio/video and chat communication service from Germany-based Nextcloud, is vulnerable to a cross-site scripting vulnerability that could be exploited by remote attackers to inject and execute arbitrary HTML and script code in the user's browser within the...

6.4CVSS5.7AI score0.01063EPSS
Exploits0References5
NVD
NVD
added 2021/10/05 10:15 p.m.15 views

CVE-2021-33849

A Cross-Site Scripting XSS attack can cause arbitrary code JavaScript to run in a user’s browser while the browser is connected to a trusted website. The attack targets your application's users and not the application itself while using your application as the attack's vehicle. The XSS payload...

5.4CVSS0.01044EPSS
Exploits1References2
Huntr
Huntr
added 2021/10/05 3:58 a.m.15 views

Cross-site Scripting (XSS) - Reflected in yeswiki/yeswiki

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

5.2AI score
Exploits0References2
Huntr
Huntr
added 2021/08/13 2:52 p.m.10 views

Cross-site Scripting (XSS) - Stored in ampache/ampache

✍️ Description This is a stored XSS in the mp3 management library. 🕵️‍♂️ Proof of Concept 1. Edit meta data with Audacity: 2. Create a new playlist that contains this file. 3. Open "Album" 1 under "Search" menu then click "Search" 2: 💥 Impact By uploading an mp3 with javascript code into meta tag...

1.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/06/29 12:0 a.m.5 views

The vulnerability of the Magento Commerce software platform for developing and managing online stores stems from the lack of measures taken to protect the website structure, allowing attackers to execute arbitrary JavaScript code.

The vulnerability of the Magento Commerce software platform for developing and managing online stores is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser using ...

6.4CVSS6AI score0.01397EPSS
Exploits0References3Affected Software2
CNVD
CNVD
added 2021/06/17 12:0 a.m.5 views

Ec-cube cross-site scripting vulnerability (CNVD-2021-46277)

Ec-cube is an open source e-commerce system of the Japanese company Ec-cube . Ec-cube suffers from a cross-site scripting vulnerability that can be exploited by an attacker to trick a victim into following a specially crafted link and executing arbitrary HTML and script code in the user's browser...

6.1CVSS6.1AI score0.00754EPSS
Exploits0References1
CNVD
CNVD
added 2021/03/09 12:0 a.m.8 views

Apache Superset Stored Cross-Site Scripting Vulnerability

Apache Superset up is an open source application from the Apache Foundation that provides a design for horizontal scaling in large distributed environments. A security vulnerability exists in Apache Superset 0.38.0 and earlier versions, which can be exploited by an attacker to inject javascript...

5.4CVSS6.8AI score0.86393EPSS
Exploits0References1
Veracode
Veracode
added 2021/02/17 3:47 a.m.7 views

Cross-Site Scripting (XSS)

@angular/core is vulnerable to cross-site scripting. An attacker is able to inject and execute arbitrary Javascript in a user's browser through SSR into a comment node...

2.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/02/10 5:1 a.m.5 views

Wekan vulnerable to cross-site scripting

Overview Wekan, open source kanban board system, is vulnerable to cross-site scripting CWE-79. This vulnerability is treated as one of multiple cross-site scripting vulnerabilities, named "Fieldbleed". Ryoya Koyama at Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA...

5.4CVSS6AI score0.00751EPSS
Exploits1References5
Rows per page
Query Builder