Lucene search
K

39 matches found

Vulnrichment
Vulnrichment
added 2023/04/15 2:28 p.m.7 views

CVE-2023-29202 org.xwiki.platform:xwiki-platform-rendering-macro-rss Cross-site Scripting vulnerability

XWiki Commons are technical libraries common to several other top level XWiki projects. The RSS macro that is bundled in XWiki included the content of the feed items without any cleaning in the HTML output when the parameter content was set to true. This allowed arbitrary HTML and in particular...

9CVSS8.8AI score0.01393EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/12/12 12:0 a.m.5 views

CVE-2022-46905

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS...

7AI score0.00385EPSS
Exploits0References1
CVE
CVE
added 2022/10/13 12:0 a.m.64 views

CVE-2022-38902

Summary (CVE-2022-38902) : In Liferay Digital Experience Platform (DXP) 7.3.10 SP3, a Cross-site Scripting (XSS) vulnerability exists in the Blog module’s add-topic flow. The issue allows remote attackers to inject arbitrary JavaScript or HTML via the name field when creating a new topic. Affecte...

5.4CVSS5.4AI score0.00702EPSS
Exploits1References3Affected Software2
PyPA
PyPA
added 2022/08/18 7:15 p.m.8 views

PYSEC-2022-249

The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting XSS vulnerabilities if the...

7.5CVSS8.2AI score0.01102EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/04/25 10:0 a.m.3 views

CVE-2022-2511

Cross-site Scripting XSS vulnerability in the "commonuserinterface" component of BlueSpice allows an attacker to inject arbitrary HTML into a page using the title parameter of the call URL...

6.1CVSS6.5AI score0.0039EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/08/12 5:10 p.m.38 views

CVE-2021-32809 Arbitrary HTML injection vulnerability in ckeditor

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Clipboard package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It...

4.6CVSS6.6AI score0.01188EPSS
Exploits0References6
NVD
NVD
added 2019/06/11 2:29 p.m.28 views

CVE-2019-10336

A reflected cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.6 and earlier allowed attackers able to control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in job configuration forms containing post-build steps provided by this plugin...

6.1CVSS6AI score0.01375EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2016/09/15 12:0 a.m.4 views

PT-2016-17: Cross-Site Scripting in SAP NetWeaver

The specialists of the Positive Research center have detected a Cross-Site Scripting vulnerability in SAP NetWeaver. Reflected cross-site scripting in the "/com.sap.portal.themes.styleservice.LockingTestPortalComponent" component allows remote attackers to inject arbitrary HTML tags including...

6.1CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2013/08/05 12:0 a.m.13 views

PT-2013-83: Arbitrary HTML Injection in Siemens SIMATIC S7-1500 CPU PLC

The specialists of the Positive Research center have detected an Arbitrary HTML Injection vulnerability in Siemens SIMATIC S7-1500 CPU PLC. The integrated web server port 80/tcp and port 443/tcp of the affected device might allow attackers to inject HTML headers. How to fix Update your firmware u...

5.8CVSS6.8AI score0.02417EPSS
Exploits0References7
Packet Storm
Packet Storm
added 2010/12/09 12:0 a.m.52 views

Drupal Embedded Media Field Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Details of this disclosure are also available at http://www.madirish.net/?article=472 Description of Vulnerability: - ----------------------------- Drupal http://drupal.org is a robust content management system CMS written in PHP and MySQL. The Drupal...

0.1AI score
Exploits0
OpenVAS
OpenVAS
added 2008/10/31 12:0 a.m.25 views

Opera Web Browser Command Execution and XSS Vulnerabilities (Windows)

The host is installed with Opera Web Browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperacmdexecnxssvulnwin.nasl 6519 2017-07-04 14:08:14Z cfischer $ Opera Web Browser Command Execution and XSS Vulnerabilities Windows Authors: Chandan S Copyright: Copyright c...

9.3CVSS0.7AI score0.04504EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2008/10/31 12:0 a.m.26 views

Opera Web Browser Command Execution and XSS Vulnerabilities (Linux)

The host is installed with Opera Web Browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperacmdexecnxssvulnlin.nasl 6539 2017-07-05 12:02:14Z cfischer $ Opera Web Browser Command Execution and XSS Vulnerabilities Linux Authors: Chandan S Copyright: Copyright c 20...

9.3CVSS0.7AI score0.04504EPSS
Exploits3References2
Prion
Prion
added 2007/02/07 11:28 a.m.21 views

Cross site scripting

Cross-site scripting XSS vulnerability in Adobe ColdFusion web server allows remote attackers to inject arbitrary HTML or web script via the User-Agent HTTP header, which is not sanitized before being displayed in an error page...

4.3CVSS6.2AI score0.08336EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2005/03/01 5:0 a.m.16 views

CVE-2005-0606

Cross-site scripting XSS vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the 1 catid, 2 PHPSESSID, 3 viewdoc, 4 product, 5 session, 6 catname, 7 search, or 8 page parameters...

5.9AI score0.01964EPSS
Exploits1References6
NVD
NVD
added 2005/01/06 5:0 a.m.13 views

CVE-2004-1318

Cross-site scripting XSS vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab "%09" character, which prevents the rest of the query from being properly sanitized...

4.3CVSS5.5AI score0.01884EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2005/01/04 5:0 a.m.16 views

CVE-2004-1061

Cross-site scripting XSS vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter...

4.3CVSS6.1AI score0.01034EPSS
Exploits0References1
Cvelist
Cvelist
added 2004/12/01 5:0 a.m.18 views

CVE-2004-1075

Cross-site scripting XSS vulnerability in standarderrormessage.dtml for Zwiki after 0.10.0rc1 to 0.36.2 allows remote attackers to inject arbitrary HTML and web script via a malformed URL, which is not properly cleansed when generating an error message...

5.7AI score0.04945EPSS
Exploits1References6
NVD
NVD
added 2004/11/23 5:0 a.m.13 views

CVE-2004-0301

Cross-site scripting XSS vulnerability in more.php for Online Store Kit 3.0 allows remote attackers to inject arbitrary HTML via the id parameter...

6.8CVSS5.8AI score0.04223EPSS
Exploits1References5
securityvulns
securityvulns
added 2003/11/03 12:0 a.m.35 views

[UNIX] MPM Guestbook Multiple Vulnerabilities (CSS, Path Disclosure)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

0.2AI score
Exploits0
Rows per page
Query Builder