Lucene search
K

11 matches found

Cvelist
Cvelist
added 2025/08/14 12:0 a.m.17 views

CVE-2025-50862

The Lotus Cars Android app com.lotus.carsdomestic.intl 1.2.8 has allowBackup=true set in its manifest, allowing data exfiltration via ADB backup on rooted or debug-enabled devices. This presents a risk of user data exposure...

0.00129EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:17 a.m.9 views

CVE-2024-50576

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest...

5.4CVSS5.8AI score0.00292EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/11/07 12:0 a.m.5 views

The vulnerability of the App Manifest component of the JetBrains YouTrack software environment allows a hacker to perform cross-site scripting attacks.

The vulnerability of the App Manifest component in the JetBrains YouTrack project management and task management software is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows attackers to perform cross-site scripting attacks...

5.5CVSS5.2AI score0.00292EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/10/28 1:15 p.m.4 views

CVE-2024-50576

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest...

5.4CVSS5.8AI score0.00292EPSS
Exploits0References1
NVD
NVD
added 2024/10/28 1:15 p.m.19 views

CVE-2024-50576

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest...

5.4CVSS0.00292EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/28 12:55 p.m.16 views

CVE-2024-50576

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest...

4.6CVSS0.00292EPSS
Exploits0References1
CVE
CVE
added 2024/10/28 12:55 p.m.71 views

CVE-2024-50576

JetBrains YouTrack is affected: prior to 2024.3.47707, a stored cross-site scripting (XSS) vulnerability could be triggered via the vendor URL in the App manifest. Exploitation details beyond the description are not provided in the connected documents. Remediation would be upgrading to 2024.3.477...

5.4CVSS5.9AI score0.00292EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/28 12:55 p.m.9 views

CVE-2024-50576

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest...

4.6CVSS4.5AI score0.00292EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2023/10/11 12:0 a.m.17 views

(Pwn2Own) Microsoft Teams Cross-Site Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Teams. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...

5CVSS7.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/22 12:0 a.m.7 views

CVE-2023-33293

An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios/api-daemon exposes a local web server on .localhost with subdomains for each installed applications, e.g., myapp.localhost. An attacker can make fetch requests to api-deamon to determine if a given app is installed and read th...

6.8AI score0.0056EPSS
Exploits1References1
OSV
OSV
added 2018/11/14 3:29 p.m.3 views

UBUNTU-CVE-2018-6083

Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page...

8.8CVSS7.3AI score0.0155EPSS
Exploits0References3
Rows per page
Query Builder