Lucene search
K

357 matches found

Vulnrichment
Vulnrichment
added 2025/04/03 1:27 p.m.5 views

CVE-2025-31582 WordPress Contact Form vCard Generator plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ashish Ajani Contact Form vCard Generator allows Stored XSS. This issue affects Contact Form vCard Generator: from n/a through 2.4...

7.1CVSS6.9AI score0.00257EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/03 12:0 a.m.5 views

WordPress plugin Contact Form vCard Generator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

7.1CVSS6.8AI score0.00257EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/03 12:0 a.m.5 views

PT-2025-14726 · Unknown · Ashish Ajani Contact Form Vcard Generator

Name of the Vulnerable Software and Affected Versions: Ashish Ajani Contact Form vCard Generator versions n/a through 2.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that ...

7.1CVSS7.1AI score0.00257EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/01/27 12:0 a.m.7 views

PT-2025-31669 · Alpine · Alpine Ilx-507

Name of the Vulnerable Software and Affected Versions: Alpine iLX-507 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected devices. User interaction is required, specifically the target must connect to a malicious Bluetoot...

7.7CVSS7.9AI score0.00266EPSS
Exploits0References5
NVD
NVD
added 2024/11/21 5:15 p.m.8 views

CVE-2024-45513

An issue was discovered in Zimbra Collaboration ZCS through 10.1. A stored Cross-Site Scripting XSS vulnerability exists in the /modern/contacts/print endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code in the context of the victim's browser when a...

4.8CVSS0.00392EPSS
Exploits0References5
OSV
OSV
added 2024/11/21 5:15 p.m.4 views

CVE-2024-45513

An issue was discovered in Zimbra Collaboration ZCS through 10.1. A stored Cross-Site Scripting XSS vulnerability exists in the /modern/contacts/print endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code in the context of the victim's browser when a...

4.8CVSS5.7AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/11/21 12:0 a.m.12 views

CVE-2024-45513

An issue was discovered in Zimbra Collaboration ZCS through 10.1. A stored Cross-Site Scripting XSS vulnerability exists in the /modern/contacts/print endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code in the context of the victim's browser when a...

5.6AI score0.00392EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/11/21 12:0 a.m.12 views

CVE-2024-45513

An issue was discovered in Zimbra Collaboration ZCS through 10.1. A stored Cross-Site Scripting XSS vulnerability exists in the /modern/contacts/print endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code in the context of the victim's browser when a...

0.00392EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/09/23 12:0 a.m.4 views

PT-2024-31672 · Zimbra · Zimbra Collaboration

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS versions prior to 10.1.1 Description: A stored Cross-Site Scripting XSS issue exists in the "/modern/contacts/print" endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code ...

4.8CVSS5.1AI score0.00392EPSS
Exploits0References11
CNNVD
CNNVD
added 2024/08/30 12:0 a.m.4 views

SourceCodester Contact Manager with Export to VCF 跨站脚本漏洞

SourceCodester Contact Manager with Export to VCF is an open source contact manager from SourceCodester. A cross-site scripting vulnerability exists in SourceCodester Contact Manager with Export to VCF version 1.0, which stems from the parameter contactname in the file index.html that can lead to...

5.4CVSS4.4AI score0.00422EPSS
Exploits1References6
BDU FSTEC
BDU FSTEC
added 2024/01/25 12:0 a.m.6 views

The vulnerability of cloud-based software for creating and using NextCloud Server’s data storage system is related to lack of access control. This allows a malicious individual to modify or delete VCards from the system address book on the NextCloud server.

The vulnerability of the index.php component in the Enterprise Server software package, a cloud-based software for creating and managing data storage in NextCloud Server, is related to inadequate access control mechanisms. Exploiting this vulnerability could allow an attacker to remotely modify o...

8.5CVSS7.4AI score0.00805EPSS
Exploits0References3Affected Software2
Patchstack
Patchstack
added 2023/07/24 12:0 a.m.9 views

WordPress QR code MeCard/vCard generator Plugin <= 1.6.0 is vulnerable to Broken Access Control

Software QR code MeCard/vCard generator Type Plugin Vulnerable versions = 1.6.0 Fixed in 1.6.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-38477 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9f9bd59f2364 Credits Abdi Pranata...

6.5AI score0.00377EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/06/23 12:0 a.m.5 views

Nextcloud 访问控制错误漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An access control error vulnerability exists in NextCloud Server that originates from allowing a malicious server to modify or delete VCard in the source...

8.1CVSS7.5AI score0.00805EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.4 views

SUSE CVE-2003-0988

Buffer overflow in the VCF file information reader for KDE Personal Information Management kdepim suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file...

7.5CVSS7.9AI score0.06151EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:20 a.m.3 views

SUSE CVE-2004-0903

Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing...

10CVSS8.2AI score0.09748EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:17 a.m.3 views

SUSE CVE-2005-2549

Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 full vCard data, 2 contact data from remote LDAP servers, or 3 task list data from remote servers...

7.5CVSS8AI score0.04426EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:15 a.m.3 views

SUSE CVE-2006-2781

Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service hang and possibly execute arbitrary code via a VCard that contains invalid base64 characters...

6.4CVSS7.9AI score0.03315EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:14 a.m.5 views

SUSE CVE-2006-3474

Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO allow remote attackers to execute arbitrary SQL commands via the 1 catid parameter to a gbrowse.php, 2 cardid parameter to b rating.php and c create.php, and the 3 eventid parameter to d search.php...

7.5CVSS8.9AI score0.01123EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:14 a.m.1 views

SUSE CVE-2006-3804

Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service crash via a VCard attachment with a malformed base64 field, which copies more data than expected due to an integer underflow...

5CVSS7.2AI score0.03245EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2021/01/25 12:0 a.m.30 views

openSUSE Security Update : MozillaThunderbird (openSUSE-2021-93)

This update for MozillaThunderbird fixes the following issues : - Mozilla Thunderbird 78.6.1 - changed: MailExtensions: browserAction, composeAction, and messageDisplayAction toolbar buttons now support label and defaultlabel properties bmo1583478 - fixed: Running a quicksearch that returned no...

8.8CVSS8.2AI score0.01304EPSS
Exploits0References2
Rows per page
Query Builder