Lucene search
K

255 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:2 a.m.8 views

CVE-2012-1608

The t3libdiv::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting XSS protection mechanism and inject arbitrary web script or HTML via non printable characters...

5CVSS5.8AI score0.02301EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/26 12:0 a.m.4 views

CVE-2025-46654

CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file...

4.9CVSS5AI score0.00212EPSS
Exploits1References2
CVE
CVE
added 2025/04/26 12:0 a.m.61 views

CVE-2025-46655

CVE-2025-46655 affects CodiMD up to version 2.5.4. The issue is a bypass of the CSP-based XSS protection for SVG uploads when using cross-origin file storage (e.g., AWS S3) in configurations where the architecture cannot insert Content-Security-Policy headers. This can allow XSS in certain storag...

4.9CVSS6.1AI score0.00202EPSS
Exploits0References2
CVE
CVE
added 2025/04/26 12:0 a.m.66 views

CVE-2025-46654

CVE-2025-46654 affects CodiMD up to version 2.2.0, where a CSP-based XSS protection can be bypassed by uploading an HTML file that references an uploaded JavaScript file. Documented impact is cross-site scripting due to this bypass; the vulnerability applies to 2.2.0 and earlier. No exploit detai...

4.9CVSS6.1AI score0.00212EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/04/03 2:4 p.m.6 views

BIT-DOLIBARR-2020-13240

The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS...

5.5CVSS5.6AI score0.00701EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2021-46900

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value...

7.5CVSS7.2AI score0.00369EPSS
Exploits0References3
NVD
NVD
added 2024/07/25 8:15 p.m.31 views

CVE-2024-41808

The OpenObserve open-source observability platform provides the ability to filter logs in a dashboard by the values uploaded in a given log. However, all versions of the platform through 0.9.1 do not sanitize user input in the filter selection menu, which may result in complete account takeover. ...

8.8CVSS0.00528EPSS
Exploits1References1
CVE
CVE
added 2024/07/25 8:10 p.m.52 views

CVE-2024-41808

CVE-2024-41808 concerns the OpenObserve open‑source observability platform. Multiple connected sources confirm that versions through 0.9.1 do not sufficiently sanitize user input in the log filter selection menu, creating a path to a full account takeover when combined with insecure frontend auth...

8.8CVSS8.1AI score0.00528EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/02/01 3:24 p.m.28 views

CVE-2024-23645 GLPI reflected XSS in reports pages

GLPI is a Free Asset and IT Management Software package. A malicious URL can be used to execute XSS on reports pages. Upgrade to 10.0.12...

6.5CVSS6.1AI score0.00886EPSS
Exploits0References6
OSV
OSV
added 2023/12/31 5:15 a.m.3 views

DEBIAN-CVE-2021-46900

Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism...

7.5CVSS7.2AI score0.00369EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/12/31 5:15 a.m.27 views

CVE-2021-46900

Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism...

7.5CVSS7.1AI score0.00369EPSS
Exploits0References3
OSV
OSV
added 2023/12/31 5:15 a.m.1 views

UBUNTU-CVE-2021-46900

Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism...

7.5CVSS7.1AI score0.00369EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2023/12/31 12:0 a.m.23 views

CVE-2021-46900

Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism...

7.5CVSS7.4AI score0.00369EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/12/30 12:0 a.m.6 views

PT-2023-12620 · Sympa +1 · Sympa +1

Name of the Vulnerable Software and Affected Versions: Sympa versions prior to 6.2.62 Description: The issue relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a sa...

7.5CVSS7.2AI score0.00369EPSS
Exploits0References17
Openbugbounty
Openbugbounty
added 2023/08/15 6:26 p.m.22 views

magnezyumanot.com Cross Site Scripting vulnerability OBB-3585733

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
FreeBSD
FreeBSD
added 2023/07/25 12:0 a.m.29 views

typo3 -- multiple vulnerabilities

TYPO3 reports: TYPO3-CORE-SA-2023-002: By-passing Cross-Site Scripting Protection in HTML Sanitizer TYPO3-CORE-SA-2023-003: Information Disclosure due to Out-of-scope Site Resolution TYPO3-CORE-SA-2023-004: Cross-Site Scripting in CKEditor4 WordCount Plugin...

6.1CVSS6.2AI score0.0088EPSS
Exploits0References1
NVD
NVD
added 2023/07/11 3:15 a.m.22 views

CVE-2023-33988

In SAP Enable Now - versions WPBMANAGER 1.0, WPBMANAGERCE 10, WPBMANAGERHANA 10, ENABLENOWCONSUMPDEL 1704, the Content-Security-Policy and X-XSS-Protection response headers are not implemented, allowing an unauthenticated attacker to attempt reflected cross-site scripting, which could result in...

6.1CVSS6.2AI score0.00345EPSS
Exploits0References2
Prion
Prion
added 2023/07/11 3:15 a.m.21 views

Cross site scripting

In SAP Enable Now - versions WPBMANAGER 1.0, WPBMANAGERCE 10, WPBMANAGERHANA 10, ENABLENOWCONSUMPDEL 1704, the Content-Security-Policy and X-XSS-Protection response headers are not implemented, allowing an unauthenticated attacker to attempt reflected cross-site scripting, which could result in...

5.8CVSS6.2AI score0.00345EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/07/11 2:26 a.m.17 views

CVE-2023-33988 Cross-Site Scripting vulnerability in SAP Enable Now

In SAP Enable Now - versions WPBMANAGER 1.0, WPBMANAGERCE 10, WPBMANAGERHANA 10, ENABLENOWCONSUMPDEL 1704, the Content-Security-Policy and X-XSS-Protection response headers are not implemented, allowing an unauthenticated attacker to attempt reflected cross-site scripting, which could result in...

6.1CVSS6.8AI score0.00345EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/07/11 2:26 a.m.29 views

CVE-2023-33988 Cross-Site Scripting vulnerability in SAP Enable Now

In SAP Enable Now - versions WPBMANAGER 1.0, WPBMANAGERCE 10, WPBMANAGERHANA 10, ENABLENOWCONSUMPDEL 1704, the Content-Security-Policy and X-XSS-Protection response headers are not implemented, allowing an unauthenticated attacker to attempt reflected cross-site scripting, which could result in...

6.1CVSS6.4AI score0.00345EPSS
Exploits0References2
Rows per page
Query Builder