Lucene search
K

3306 matches found

OSV
OSV
added 2024/03/06 10:59 a.m.13 views

BIT-MAGENTO-2021-21030 Magento Commerce Stored Cross-site Scripting Could Lead To Arbitrary Javascript Execution

Magento versions 2.4.1 and earlier, 2.4.0 and earlier and 2.3.6 and earlier are vulnerable to a stored cross-site scripting XSS in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue requires...

8.1CVSS7.3AI score0.05629EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 10:57 a.m.14 views

BIT-MLFLOW-2023-6568 Reflected XSS via Content-Type Header in mlflow/mlflow

A reflected Cross-Site Scripting XSS vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the us...

6.5CVSS5.8AI score0.01649EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 10:53 a.m.13 views

BIT-GHOST-2022-47194

An insecure default vulnerability exists in the Post Creation functionality of Ghost Foundation Ghost 5.9.4. Default installations of Ghost allow non-administrator users to inject arbitrary Javascript in posts, which allow privilege escalation to administrator via XSS. To trigger this...

9CVSS5.8AI score0.00823EPSS
Exploits1References3
NVD
NVD
added 2024/03/05 2:15 p.m.11 views

CVE-2024-27627

A reflected cross-site scripting XSS vulnerability exists in SuperCali version 1.1.0, allowing remote attackers to execute arbitrary JavaScript code via the email parameter in the badpassword.php page...

6.1CVSS5.9AI score0.00424EPSS
Exploits0References1
Prion
Prion
added 2024/03/05 2:15 p.m.15 views

Cross site scripting

A reflected cross-site scripting XSS vulnerability exists in SuperCali version 1.1.0, allowing remote attackers to execute arbitrary JavaScript code via the email parameter in the badpassword.php page...

6.3AI score0.00424EPSS
Exploits0References1
OSV
OSV
added 2024/02/29 1:44 a.m.7 views

CVE-2024-26472

KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting XSS vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' or 'validator' parameters of...

6.1CVSS6AI score0.00549EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:44 a.m.20 views

Cross site scripting

KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting XSS vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' or 'validator' parameters of...

6.1AI score0.00549EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/27 12:0 a.m.14 views

CVE-2024-26472

KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting XSS vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' or 'validator' parameters of...

6.1AI score0.00549EPSS
Exploits0References2
NVD
NVD
added 2024/02/26 4:27 p.m.7 views

CVE-2024-26468

A DOM based cross-site scripting XSS vulnerability in the component index.html of jstrieb/urlpages before commit 035b647 allows attackers to execute arbitrary Javascript via sending a crafted URL...

6.1CVSS5.8AI score0.00429EPSS
Exploits0References1
Prion
Prion
added 2024/02/26 4:27 p.m.13 views

Cross site scripting

A DOM based cross-site scripting XSS vulnerability in the component index.html of jstrieb/urlpages before commit 035b647 allows attackers to execute arbitrary Javascript via sending a crafted URL...

6.2AI score0.00429EPSS
Exploits0References1
Prion
Prion
added 2024/02/26 4:27 p.m.16 views

Cross site scripting

A DOM based cross-site scripting XSS vulnerability in the component /beep/Beep.Instrument.js of stewdio beep.js before commit ef22ad7 allows attackers to execute arbitrary Javascript via sending a crafted URL...

6.2AI score0.00425EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/26 12:0 a.m.4 views

Railroad-diagram Generator Security Vulnerability

Railroad-diagram Generator is a small library for generating railroad diagrams such as those used by JSON.org using SVG by the individual developer Tab Atkins Jr. A security vulnerability exists in versions prior to Railroad-diagram Generator commit ea9a123, which stems from the presence of a...

6.1CVSS6.1AI score0.00429EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/26 12:0 a.m.13 views

CVE-2024-26467

A DOM based cross-site scripting XSS vulnerability in the component generator.html of tabatkins/railroad-diagrams before commit ea9a123 allows attackers to execute arbitrary Javascript via sending a crafted URL...

6.2AI score0.00429EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/26 12:0 a.m.4 views

The web-platform-tests Project Security Vulnerabilities

The web-platform-tests Project is web-platform-tests open source a cross-browser test suite for the Web platform stack . The web-platform-tests Project commit 938e843 previous version of a security vulnerability , the vulnerability stems from the existence of DOM-based cross-site scripting XSS...

6.1CVSS6AI score0.00429EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/26 12:0 a.m.17 views

CVE-2024-26465

A DOM based cross-site scripting XSS vulnerability in the component /beep/Beep.Instrument.js of stewdio beep.js before commit ef22ad7 allows attackers to execute arbitrary Javascript via sending a crafted URL...

6.2AI score0.00425EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/26 12:0 a.m.18 views

CVE-2024-26465

A DOM based cross-site scripting XSS vulnerability in the component /beep/Beep.Instrument.js of stewdio beep.js before commit ef22ad7 allows attackers to execute arbitrary Javascript via sending a crafted URL...

6AI score0.00425EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/21 12:0 a.m.5 views

PT-2024-12443 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted sessio...

5.4CVSS7AI score0.0036EPSS
Exploits0References5
OSV
OSV
added 2024/02/20 6:15 p.m.3 views

CVE-2024-21678

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...

8.5CVSS7.6AI score0.00471EPSS
Exploits0References2
Veracode
Veracode
added 2024/02/15 7:5 a.m.16 views

Cross-Site Scripting (XSS)

sidekiq-unique-jobs is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper parameter sanitization within GET request to the admin webUI. This allows an attacker with super-user permission to execute arbitrary JavaScript code in the browser...

7.1CVSS6.8AI score0.00525EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/02/14 12:0 a.m.8 views

The vulnerability of the XWiki Platform, a platform for creating collaborative web applications, lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary JavaScript code.

The vulnerability of the XWiki Platform lies in the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...

9CVSS8AI score0.71143EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder