Lucene search
K

88 matches found

RedhatCVE
RedhatCVE
added 2025/03/22 12:44 p.m.32 views

CVE-2024-8556

A stored cross-site scripting XSS vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. The vulnerability occurs in the view for inspecting detailed run information, where a user-controllable string run ID is appended and rendered as HTML. This allows ...

6.1CVSS5.6AI score0.00389EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:9 p.m.8 views

CVE-2024-10831

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...

9.1CVSS7AI score0.00769EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:19 a.m.14 views

CVE-2024-8769

A vulnerability in the LockManager.releaselocks function in aimhubio/aim commit bb76afe allows for arbitrary file deletion through relative path traversal. The runhash parameter, which is user-controllable, is concatenated without normalization as part of a path used to specify file deletion. Thi...

9.1CVSS6.9AI score0.00849EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 12:32 p.m.69 views

GHSA-6MF6-7J75-2M6F AgentScope stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. The vulnerability occurs in the view for inspecting detailed run information, where a user-controllable string run ID is appended and rendered as HTML. This allows ...

6.1CVSS5.8AI score0.00389EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.18 views

Aim path traversal in LockManager.release_locks

A vulnerability in the LockManager.releaselocks function in aimhubio/aim commit bb76afe allows for arbitrary file deletion through relative path traversal. The runhash parameter, which is user-controllable, is concatenated without normalization as part of a path used to specify file deletion. Thi...

9.1CVSS6.9AI score0.00849EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/03/20 12:32 p.m.7 views

GHSA-HHW5-29F6-HF4X DB-GPT Absolute Path Traversal vulnerability

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...

9.1CVSS7.2AI score0.00769EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/03/20 10:11 a.m.6 views

CVE-2024-8556 Stored XSS in modelscope/agentscope

A stored cross-site scripting XSS vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. The vulnerability occurs in the view for inspecting detailed run information, where a user-controllable string run ID is appended and rendered as HTML. This allows ...

6.1CVSS5.9AI score0.00389EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/01/14 3:58 p.m.7 views

CVE-2025-23366

A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...

6.5CVSS6.7AI score0.00426EPSS
Exploits0References3
Veracode
Veracode
added 2025/01/13 6:56 a.m.5 views

Cross-Site Scripting (XSS)

netcarver/textile is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-controllable href input in image links when running the parser in restricted mode, allowing an attacker to inject malicious JavaScript code into image links, which is executed wh...

6.5AI score
Exploits0
OSV
OSV
added 2024/11/29 9:31 p.m.14 views

GHSA-2GX6-QRPP-C4P3 Ant-Media-Server vulnerable to Improper Output Neutralization for Logs

Ant-Media-Server v2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be include...

8.7CVSS7.5AI score0.00536EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/11/29 9:31 p.m.19 views

Ant-Media-Server vulnerable to Improper Output Neutralization for Logs

Ant-Media-Server v2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be include...

7.5CVSS6.8AI score0.00536EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/11/29 8:15 p.m.22 views

CVE-2024-35371

Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be included...

7.5CVSS0.00536EPSS
Exploits0References3
CVE
CVE
added 2024/11/29 12:0 a.m.64 views

CVE-2024-35371

Ant-Media-Server v2.8.2 is affected by Improper Output Neutralization for Logs due to insufficient input sanitization in the logging mechanism. User-controllable data can be included in log entries without restrictions, potentially exposing sensitive information. The CVE-2024-35371 entry, with a ...

7.5CVSS6.9AI score0.00536EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/29 12:0 a.m.22 views

CVE-2024-35371

Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be included...

0.00536EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/25 12:0 a.m.4 views

SvelteKit 跨站脚本漏洞

SvelteKit is an open source web development framework from Svelte. A cross-site scripting vulnerability exists in SvelteKit versions prior to 2.8.3, which stems from the presence of unpurified input data and user-controllable data flow in a particular file, making it susceptible to cross-site...

5.4CVSS8.6AI score0.00321EPSS
Exploits0References3
NVD
NVD
added 2024/08/29 10:15 p.m.34 views

CVE-2024-45302

RestSharp is a Simple REST and HTTP API Client for .NET. The second argument to RestRequest.AddHeader the header value is vulnerable to CRLF injection. The same applies to RestRequest.AddOrUpdateHeader and RestClient.AddDefaultHeader. The way HTTP headers are added to a request is via the...

7.8CVSS0.00316EPSS
Exploits1References3
NVD
NVD
added 2024/05/14 3:39 p.m.10 views

CVE-2024-34698

FreeScout is a free, self-hosted help desk and shared mailbox. Versions of FreeScout prior to 1.8.139 contain a Prototype Pollution vulnerability in the /public/js/main.js source file. The Prototype Pollution arises because the getQueryParam Function recursively merges an object containing...

6.3CVSS4.8AI score0.00461EPSS
Exploits1References2
NVD
NVD
added 2024/05/06 12:15 p.m.15 views

CVE-2024-3576

The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and...

8.3CVSS8AI score0.00381EPSS
Exploits0References1
CVE
CVE
added 2024/05/06 12:4 p.m.64 views

CVE-2024-3576

CVE-2024-3576 affects MOXA NPort 5100A Series firmware v1.6 and earlier. The root cause is failure to properly neutralize user-controllable input in the device’s web server output, enabling a cross-site scripting (XSS) condition. Impact per sources: potential disclosure of sensitive information a...

8.3CVSS6AI score0.00381EPSS
Exploits0References1
Veracode
Veracode
added 2023/12/26 10:53 p.m.27 views

Cross-site Scripting

gitlab:sid is vulnerable of cross site scripting. The vulnerability due to the manipulation with an unknown input in Jira integration configuration in GitLab CE/EE and does not neutralize user-controllable input before it is placed in output. It leads to cross site scripting by allow an attacker ...

8.7CVSS5.8AI score0.00557EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder