CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

341 matches found

Github Security Blog•added 2023/07/06 3:30 p.m.•7 views

@vendure/admin-ui-plugin authenticated Cross-site Scripting vulnerability

Impact Vendure provides an authorization system with different levels of privileges. For example, an administrator cannot create another administrator. In the admin UI, there are a couple of places with description inputs, such as inventory/collection catalog, shipping methods, promotions, and...

6.8AI score

Exploits0References4Affected Software1

Positive Technologies•added 2023/07/06 12:0 a.m.•3 views

PT-2023-33019 · Vendure · Vendure

Name of the Vulnerable Software and Affected Versions: Vendure affected versions not specified Description: The issue concerns an authorization system with different levels of privileges. In the admin UI, certain description inputs, such as those for inventory, collection catalog, shipping method...

5.6AI score

Exploits0References5

Rapid7 Blog•added 2023/03/31 3:44 p.m.•63 views

What’s New in InsightVM and Nexpose: Q1 2023 in Review

In Q1, our team continued to focus on driving better customer outcomes with InsightVM and Nexpose by further improving efficiency and performance. While many of these updates are under the hood, you may have started to notice faster vulnerability checks available for the recent ETRs or an upgrade...

5.8CVSS9.5AI score0.99999EPSS

Exploits58

F5 Networks•added 2023/02/21 7:41 p.m.•14 views

K7147: Execution of UNIX shell commands from the URL in the Admin UI

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

6.7AI score

Exploits0

F5 Networks•added 2023/02/21 6:27 p.m.•22 views

K7397: Download of local FirePass files using the URL in Webtop or the Admin UI

Security Advisory Description Note: Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...

6.5AI score

Exploits0

Prion•added 2023/01/04 5:15 p.m.•17 views

Design/Logic Flaw

Discourse Mermaid discourse-mermaid-theme-component allows users of Discourse, open-source forum software, to create graphs using the Mermaid syntax. Users of discourse-mermaid-theme-component version 1.0.0 who can create posts are able to inject arbitrary HTML on that post. The issue has been...

4.9CVSS5.5AI score0.0047EPSS

Exploits0References3Affected Software1

Cvelist•added 2023/01/04 4:44 p.m.•29 views

CVE-2022-46180 Arbitrary HTML injection in discourse-mermaid-theme-component

5CVSS5.7AI score0.0047EPSS

Exploits0References3

Vulnrichment•added 2023/01/04 4:44 p.m.•3 views

CVE-2022-46180 Arbitrary HTML injection in discourse-mermaid-theme-component

5CVSS5.5AI score0.0047EPSS

Exploits0References3

OSV•added 2023/01/04 4:44 p.m.•21 views

CVE-2022-46180 Arbitrary HTML injection in discourse-mermaid-theme-component

5CVSS5.5AI score0.0047EPSS

Exploits0References5

OSV•added 2022/12/27 11:15 p.m.•11 views

CVE-2021-4291

A vulnerability was found in OpenMRS Admin UI Module up to 1.5.x. It has been declared as problematic. This vulnerability affects unknown code of the file omod/src/main/webapp/pages/metadata/locations/location.gsp. The manipulation leads to cross site scripting. The attack can be initiated...

6.1CVSS6.4AI score

Exploits0References5

NVD•added 2022/12/27 11:15 p.m.•16 views

CVE-2020-36636

A vulnerability classified as problematic has been found in OpenMRS Admin UI Module up to 1.4.x. Affected is the function sendErrorMessage of the file omod/src/main/java/org/openmrs/module/adminui/page/controller/systemadmin/accounts/AccountPageController.java of the component Account Setup...

6.1CVSS0.00926EPSS

Exploits0References5

NVD•added 2022/12/27 11:15 p.m.•15 views

CVE-2021-4291

6.1CVSS0.00903EPSS

Exploits0References5

NVD•added 2022/12/27 11:15 p.m.•19 views

CVE-2021-4292

A vulnerability was found in OpenMRS Admin UI Module up to 1.4.x. It has been rated as problematic. This issue affects some unknown processing of the file omod/src/main/webapp/pages/metadata/privileges/privilege.gsp of the component Manage Privilege Page. The manipulation leads to cross site...

6.1CVSS0.00903EPSS

Exploits0References5

OSV•added 2022/12/27 11:15 p.m.•12 views

CVE-2021-4292

6.1CVSS6.2AI score

Exploits0References5

OSV•added 2022/12/27 11:15 p.m.•13 views

CVE-2020-36636

6.1CVSS6.2AI score

Exploits0References5

Prion•added 2022/12/27 11:15 p.m.•20 views

Cross site scripting

5.8CVSS6.1AI score0.00926EPSS

Exploits0References5Affected Software1

Prion•added 2022/12/27 11:15 p.m.•13 views

Cross site scripting

5.8CVSS6.2AI score0.00903EPSS

Exploits0References5Affected Software1

Prion•added 2022/12/27 11:15 p.m.•16 views

Cross site scripting

5.8CVSS6.1AI score0.00903EPSS

Exploits0References5Affected Software1

Cvelist•added 2022/12/27 10:59 p.m.•25 views

CVE-2020-36636 OpenMRS Admin UI Module Account Setup AccountPageController.java sendErrorMessage cross site scripting

3.5CVSS6.1AI score0.00926EPSS

Exploits0References5

CVE•added 2022/12/27 10:59 p.m.•43 views

CVE-2020-36636

OpenMRS Admin UI Module (up to 1.4.x) is affected by a cross-site scripting vulnerability in the sendErrorMessage function of AccountPageController.java (Account Setup Handler). The issue can be exploited remotely. Upgrading to version 1.5.0 fixes the vulnerability (patch 702fbfdac7c4418f23bb5f64...

6.1CVSS4.8AI score0.00926EPSS

Exploits0References5Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by