Lucene search
K

97 matches found

NVD
NVD
added 2024/06/13 9:15 a.m.41 views

CVE-2024-34105

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser whe...

4.8CVSS0.0067EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/13 9:4 a.m.25 views

CVE-2024-34105 Stored Cross Site Scripting in Order Comment

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser whe...

4.8CVSS4.7AI score0.0067EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/13 9:4 a.m.27 views

CVE-2024-34105 Stored Cross Site Scripting in Order Comment

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser whe...

4.8CVSS0.0067EPSS
Exploits0References1
CVE
CVE
added 2024/06/13 9:4 a.m.122 views

CVE-2024-34105

CVE-2024-34105 concerns Adobe Commerce/Magento Open Source versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier. The issue is a stored Cross-Site Scripting (XSS) in order form fields that an admin attacker can abuse to inject malicious scripts, which may execute in a victim’s browser when loa...

4.8CVSS4.6AI score0.0067EPSS
Exploits0References1Affected Software3
Github Security Blog
Github Security Blog
added 2024/02/15 3:30 p.m.12 views

Magento Open Source allows Cross-Site Scripting (XSS)

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim’s browser when they browse...

9.1CVSS5.7AI score0.01307EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2024/02/15 3:30 p.m.9 views

GHSA-264G-F7V8-Q5QQ Magento Open Source allows Cross-Site Scripting (XSS)

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim’s browser when they browse...

9.4CVSS5.5AI score0.01307EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/01/29 2:44 p.m.3 views

CVE-2023-7074 WP Social Bookmark Menu <= 1.2 - Settings Update via CSRF

The WP SOCIAL BOOKMARK MENU WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.5AI score0.00329EPSS
Exploits2References2
OSV
OSV
added 2023/09/06 12:15 p.m.2 views

CVE-2023-4589

Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account could perform software updates without proper integrity verification mechanisms. In this scenario, the update process lacks digital...

7.2CVSS5.8AI score
Exploits0References1
Veracode
Veracode
added 2023/06/30 12:43 p.m.26 views

Information Disclosure

flaskappbuilder is vulnerable to Information Disclosure. The vulnerability exists in the crud operator functions in interface.py due to log messages which are not properly sanitized during database errors, allowing an admin authenticated attacker to gain access to sensitive user information such ...

2.7CVSS6.7AI score0.00676EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/03/14 6:15 a.m.19 views

Directory traversal

An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. In this attack, no data can be read but potentially critical OS files can be over-written making the system unavailable...

5.5CVSS7.8AI score0.00982EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/02/01 12:30 p.m.26 views

CVE-2023-23692

Dell EMC prior to version DDOS 7.9 contains an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable...

8.8CVSS9.2AI score0.01569EPSS
Exploits0References1
OSV
OSV
added 2022/10/18 6:15 a.m.4 views

CVE-2022-39057

RAVA certificate validation system has insufficient filtering for special parameter of the web page input field. A remote attacker with administrator privilege can exploit this vulnerability to perform arbitrary system command and disrupt service...

7.2CVSS5.9AI score0.00686EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/09/14 12:0 a.m.7 views

PT-2022-5136 · Dell · Dell Wyse Thinos

Name of the Vulnerable Software and Affected Versions: Dell Wyse ThinOS version 2205 Description: The issue is related to the use of a regular expression with inefficient computational complexity in the UI of Dell Wyse ThinOS. This could allow a remote attacker to cause a denial-of-service. An...

6.8CVSS5.3AI score0.00595EPSS
Exploits0References4
NVD
NVD
added 2022/01/13 5:15 p.m.24 views

CVE-2022-22125

In Halo, versions v1.0.0 to v1.4.17 latest are vulnerable to Stored Cross-Site Scripting XSS in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server...

4.8CVSS0.00828EPSS
Exploits1References3
OSV
OSV
added 2022/01/13 5:15 p.m.23 views

CVE-2022-22125

In Halo, versions v1.0.0 to v1.4.17 latest are vulnerable to Stored Cross-Site Scripting XSS in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server...

4.8CVSS5.6AI score0.00828EPSS
Exploits1References3
Prion
Prion
added 2022/01/13 5:15 p.m.18 views

Cross site scripting

In Halo, versions v1.0.0 to v1.4.17 latest are vulnerable to Stored Cross-Site Scripting XSS in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server...

3.5CVSS4.8AI score0.00828EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2020/01/23 9:15 p.m.18 views

CVE-2019-19894

In IXP EasyInstall 6.2.13723, it is possible to temporarily disable UAC by using the Agent Service on a client system. An authenticated attacker non-admin can disable UAC for other users by renaming and replacing %SYSTEMDRIVE%\IXP\DATA\IXPAS.IXP...

5.5CVSS5.4AI score0.00299EPSS
Exploits1References1
Rows per page
Query Builder