Lucene search
K

2007 matches found

Veracode
Veracode
added 2023/05/29 2:46 a.m.16 views

Cross-site Scripting (XSS)

SSCMS is vulnerable to Cross-site Scripting XSS. The vulnerability exists because of the improper sanitization in the ajaxDivId argument in the Submit function of ActionsSearchController.Submit.cs, which allows an attacker to inject and execute malicious javascript through the...

6.1CVSS6.6AI score0.00561EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/24 12:0 a.m.5 views

PT-2023-24495 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Site Groups function, specifically at the /dcim/site-groups/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting...

5.4CVSS5.4AI score0.00394EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2023/05/22 12:0 a.m.313 views

eBankIT 6 Arbitrary OTP Generation

CVE-2023-33291 Description In eBankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any email address or phone number without validation. ------------------------------------------ Additional Information The cookies in the...

7.1AI score0.00889EPSS
Exploits1
OSV
OSV
added 2023/05/11 8:37 p.m.30 views

GHSA-HQXW-F8MX-CPMW distribution catalog API endpoint can lead to OOM via malicious user input

Impact Systems that run distribution built after a specific commit running on memory-restricted environments can suffer from denial of service by a crafted malicious /v2/catalog API endpoint request. Patches Upgrade to at least 2.8.2-beta.1 if you are running v2.8.x release. If you use the code...

7.5CVSS6.7AI score0.00938EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/05/11 8:37 p.m.26 views

distribution catalog API endpoint can lead to OOM via malicious user input

Impact Systems that run distribution built after a specific commit running on memory-restricted environments can suffer from denial of service by a crafted malicious /v2/catalog API endpoint request. Patches Upgrade to at least 2.8.2-beta.1 if you are running v2.8.x release. If you use the code...

6.5CVSS6.4AI score0.00938EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2023/05/09 11:15 p.m.21 views

Information disclosure

An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key...

5CVSS7.5AI score0.29699EPSS
Exploits1References2Affected Software32
Cvelist
Cvelist
added 2023/05/09 12:0 a.m.17 views

CVE-2023-31478

An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key...

7.7AI score0.29699EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/05/09 12:0 a.m.4 views

PT-2023-23357 · Gl.Inet · Gl.Inet

Name of the Vulnerable Software and Affected Versions: GL.iNet devices versions prior to 3.216 Description: An issue was discovered that reveals information about the Wi-Fi configuration, including the SSID and key, through an API endpoint. Recommendations: For versions prior to 3.216, update to...

7.5CVSS7.8AI score0.29699EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/05/09 12:0 a.m.12 views

CVE-2023-31478

An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key...

7.5AI score0.29699EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/05/08 10:56 p.m.12 views

CVE-2023-22813 Device API endpoint missing access controls on Western Digital Mobile and Web Apps

A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS...

3.3CVSS4.5AI score0.00455EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/08 10:56 p.m.21 views

CVE-2023-22813 Device API endpoint missing access controls on Western Digital Mobile and Web Apps

A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS...

3.3CVSS4.8AI score0.00455EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/05/08 12:0 a.m.23 views

HollerBox < 2.1.4 - Admin+ SQL Injection

The plugin concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's database. PoC 1. Login as admin 2. Make sure HollerBox is installed and...

4.9CVSS9AI score0.00752EPSS
Exploits2Affected Software1
Huntr
Huntr
added 2023/04/29 1:51 p.m.98 views

Stored XSS and CSP Bypass in KiwiTCMS

Description Stored XSS, also known as persistent XSS, is the more damaging of the XSS. It occurs when a malicious script is injected directly into a vulnerable web application. Due to a sanitization problem it is possible to perform a Stored XSS. The problem is that the upload function permit...

6.2AI score
Exploits0
OSV
OSV
added 2023/04/27 5:11 p.m.24 views

GHSA-JWG4-QCGV-5WG6 SQL Injection in Admin Translations API

Impact SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any...

8.8CVSS8.9AI score0.00791EPSS
Exploits0References6
OSV
OSV
added 2023/04/27 5:10 p.m.25 views

GHSA-XMG8-W465-MR56 SQL Injection in Translation Export API

Impact SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any...

8.8CVSS8.9AI score0.00791EPSS
Exploits0References6
OSV
OSV
added 2023/04/27 5:9 p.m.28 views

GHSA-6MHM-GCPF-5GR8 SQL Injection in Admin Search Find API

Impact SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any...

8.8CVSS8.9AI score0.00724EPSS
Exploits0References6
OSV
OSV
added 2023/04/27 4:44 p.m.21 views

CVE-2023-30852 Pimcore Arbitrary File Read in Admin JS CSS files

Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the /admin/misc/script-proxy API endpoint that is accessible by an authenticated administrator user is vulnerable to arbitrary JavaScript and CSS file read via the scriptPath and scripts parameters. The...

4.4CVSS4.9AI score0.01EPSS
Exploits0References5
NVD
NVD
added 2023/04/26 8:15 p.m.30 views

CVE-2022-45456

Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent Windows, macOS, Linux before build 30161...

7.5CVSS5AI score0.00345EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/04/26 7:54 p.m.31 views

CVE-2022-45456

Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent Windows, macOS, Linux before build 30161...

3.3CVSS7.8AI score0.00345EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/04/26 12:0 a.m.4 views

PT-2023-22591 · Ourphp · Ourphp

Name of the Vulnerable Software and Affected Versions: OURPHP versions 7.2.0 and earlier Description: The issue is related to Cross Site Scripting XSS and can be exploited via the "/client/manage/ourphp out.php" API endpoint. Recommendations: For OURPHP versions 7.2.0 and earlier, at the moment,...

6.1CVSS5.7AI score0.08115EPSS
Exploits9References5
Rows per page
Query Builder