Lucene search
+L

72 matches found

Veracode
Veracode
added 2024/11/07 6:18 a.m.9 views

Cross-site Scripting (XSS)

baserCMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input validation in the blog post feature, allowing user-generated content to include malicious scripts...

6.3CVSS6.3AI score0.00303EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/09/13 9:49 a.m.9 views

Cross Site Scripting(XSS)

MindsDB is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the lack of proper sanitization or validation of user-generated content within the MindsDB platform. It allows an attacker to execute arbitrary JavaScript code in a user's browser by injecting it into the web UI throug...

9CVSS6.5AI score0.00473EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2024/05/15 9:53 a.m.18 views

Cross-Site Scripting (XSS)

typo3/cms-core is vulnerable to Cross-Site Scripting XSS. The vulnerability is caused due to a lack of proper input sanitization and encoding of user-generated content in the form module. Exploiting this flaw enables attackers to inject and execute malicious scripts...

5.4CVSS6.5AI score0.00502EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2024/04/08 8:9 a.m.30 views

CVE-2024-23189

Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to the users account, access to another account within the same context or an successful social engineering...

5.4CVSS5.8AI score0.00531EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/04/08 8:9 a.m.17 views

CVE-2024-23189

Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to the users account, access to another account within the same context or an successful social engineering...

5.4CVSS7.1AI score0.00531EPSS
Exploits0References4
CVE
CVE
added 2024/04/08 8:9 a.m.92 views

CVE-2024-23189

CVE-2024-23189 concerns Open-Xchange App Suite. A vulnerability arises from embedded content references in tasks that can temporarily execute script code in a user’s browser session. Exploitation would require user interaction or social engineering to import external content, and could enable mal...

5.4CVSS6.8AI score0.00531EPSS
Exploits0References5
NVD
NVD
added 2024/01/24 6:15 p.m.63 views

CVE-2024-23905

Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

5.4CVSS5.6AI score0.00564EPSS
Exploits0References2
OSV
OSV
added 2024/01/24 6:15 p.m.8 views

CVE-2024-23905

Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

5.4CVSS5.8AI score0.00564EPSS
Exploits0References2
Prion
Prion
added 2024/01/24 6:15 p.m.26 views

Design/Logic Flaw

Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

4.9CVSS7.1AI score0.00564EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/01/24 5:52 p.m.53 views

CVE-2024-23905

Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

6.1AI score0.00564EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/01/24 5:52 p.m.2 views

CVE-2024-23905

Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

5.9AI score0.00564EPSS
Exploits0References2
Veracode
Veracode
added 2023/11/23 8:34 a.m.13 views

Cross Site Scripting (XSS)

nautobot is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper usage of Django's marksafe API during the rendering of user-generated content, including personalized links, job buttons, and computed fields. This introduces a vulnerability that allows users with the abilit...

7.1CVSS6.5AI score0.00543EPSS
Exploits0References7Affected Software1
Snyk
Snyk
added 2023/05/19 12:0 a.m.4 views

Acceptance of Extraneous Untrusted Data With Trusted Data

Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Acceptance of Extraneous Untrusted Data With Trusted Data through the processing of shortcodes in user-generated content. An attacker can manipulate...

6.9CVSS7AI score
Exploits0References2
RubySec
RubySec
added 2023/04/20 12:0 a.m.28 views

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay

Impact A payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL could be distributed via email to specifically target certain individuals. If t...

7.1CVSS6.5AI score0.0045EPSS
Exploits0References1Affected Software1
Malwarebytes
Malwarebytes
added 2023/02/17 3:30 p.m.19 views

Two Supreme Court cases could change the Internet as we know it

The Supreme Court is about to reconsider Section 230, a law thats been the foundation of the way we have used the Internet for decades. The court will be handling a few cases that at first glance are about online platforms' liability for hosting accounts from foreign terrorists. But at a deeper...

0.3AI score
Exploits0
NVD
NVD
added 2022/10/19 4:15 p.m.38 views

CVE-2022-43432

Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

4.3CVSS0.00542EPSS
Exploits0References2
OSV
OSV
added 2022/10/19 4:15 p.m.4 views

CVE-2022-43433

Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

4.3CVSS5.8AI score0.00511EPSS
Exploits0References2
Prion
Prion
added 2022/10/19 4:15 p.m.23 views

Design/Logic Flaw

Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

5CVSS5.2AI score0.00639EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/10/19 4:15 p.m.25 views

Design/Logic Flaw

Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

4CVSS4.6AI score0.00511EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/19 12:0 a.m.7 views

CVE-2022-43432

Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

4.6AI score0.00542EPSS
Exploits0References2
Rows per page
Query Builder