Lucene search
K

3308 matches found

Veracode
Veracode
added 2024/12/18 5:40 a.m.11 views

Cross Site Scripting

SimpleXLSX is vulnerable to Cross Site Scripting. The vulnerability is due to insufficient input validation and sanitization in the toHTMLEx method, allowing the execution of arbitrary JavaScript code when processing Excel XLSx files...

6.8CVSS7AI score0.00444EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2024/12/17 10:44 a.m.14 views

Code Injection

Mongoose is vulnerable to a Code Injection. The vulnerability is due to improper use of the $where operator, which allows the execution of arbitrary JavaScript code in MongoDB queries. This could lead to code injection attacks, enabling unauthorized access to or manipulation of database data...

9.1CVSS7.3AI score0.03988EPSS
Exploits3References8Affected Software1
CNNVD
CNNVD
added 2024/12/16 12:0 a.m.5 views

Rebuild 代码注入漏洞

Rebuild is a highly customizable enterprise management system. A code injection vulnerability exists in Rebuild version 3.8.5, which stems from a cross-site scripting vulnerability that allows an attacker to inject arbitrary JavaScript code...

5.4CVSS5AI score0.00414EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/12/16 12:0 a.m.5 views

Rebuild 代码注入漏洞

Rebuild is a highly customizable enterprise management system. A code injection vulnerability exists in Rebuild version 3.8.5, which stems from a cross-site scripting vulnerability that allows an attacker to inject arbitrary JavaScript code...

5.4CVSS4.9AI score0.00438EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/12/16 12:0 a.m.15 views

CVE-2024-55451

A Stored Cross-Site Scripting XSS vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. The vulnerability arises from insufficient sanitization of embedded attributes in uploaded SVG files. When a maliciously crafted SVG file is viewed by other backend...

0.00306EPSS
Exploits1References2
CVE
CVE
added 2024/12/12 7:20 p.m.64 views

CVE-2024-55878

The CVE-2024-55878 entry affects SimpleXLSX (PHP library for parsing Excel XLSX files). The vulnerability lies in the extended toHTMLEx method, exploited when calling toHTMLEx in versions 1.0.12 through 1.1.11, allowing arbitrary JavaScript execution (XSS) in affected contexts. Impact is elevated...

6.8CVSS6.9AI score0.00444EPSS
Exploits0References2
NVD
NVD
added 2024/12/12 1:15 p.m.14 views

CVE-2024-36494

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The login page at /cgi/slogin.cgi suffers from XSS due to improper input filtering of the -tsetup+-uuser parameter, which can only be exploited if th...

4.7CVSS0.0046EPSS
Exploits0References3
NVD
NVD
added 2024/12/12 1:15 p.m.25 views

CVE-2024-28142

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page /cgi/uset.cgi?-cfilename in the User Settings menu improperly filters the "file name" and wildcard character input field. By...

4.7CVSS0.00443EPSS
Exploits0References3
CVE
CVE
added 2024/12/12 12:51 p.m.46 views

CVE-2024-36494

CVE-2024-36494 involves a cross-site scripting vulnerability on the login page (/cgi/slogin.cgi) caused by missing input sanitization of the -tsetup+-uuser parameter. The issue can allow an attacker to execute arbitrary JavaScript in other users’ browsers, potentially enabling phishing-focused lo...

4.7CVSS5.9AI score0.0046EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/12 12:38 p.m.16 views

CVE-2024-47947 Stored cross site scripting

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function...

0.0046EPSS
Exploits0References2
CVE
CVE
added 2024/12/12 12:38 p.m.49 views

CVE-2024-47947

CVE-2024-47947 concerns a stored XSS vulnerability in Image Access Scan2Net/ScanWizard ecosystem. The issue arises from missing input sanitization in the configuration menu’s "Edit Disclaimer Text" function, exploitable by an attacker to inject JavaScript that runs in other users’ browsers. Affec...

4.7CVSS6.3AI score0.0046EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/12 12:35 p.m.14 views

CVE-2024-28142 Stored cross site scripting

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page /cgi/uset.cgi?-cfilename in the User Settings menu improperly filters the "file name" and wildcard character input field. By...

7AI score0.00443EPSS
Exploits0References2
CVE
CVE
added 2024/12/12 12:35 p.m.55 views

CVE-2024-28142

The CVE-2024-28142 entry describes stored cross-site scripting via improper input sanitization on the Image Access Scan2Net (and related lines) File Name input on the User Settings page (/cgi/uset.cgi?-cfilename). The root cause is inadequate filtering of the file name and wildcard character inpu...

4.7CVSS6.7AI score0.00443EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/12 12:35 p.m.32 views

CVE-2024-28142 Stored cross site scripting

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page /cgi/uset.cgi?-cfilename in the User Settings menu improperly filters the "file name" and wildcard character input field. By...

0.00443EPSS
Exploits0References2
NVD
NVD
added 2024/12/12 2:15 a.m.8 views

CVE-2024-53274

Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The register function in home.vue containsa reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious redirectTo parameter...

6.1CVSS0.00438EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.2 views

Image Access Scan2Net 安全漏洞

Image Access Scan2Net is a scanning software from Image Access Germany. A security vulnerability exists in Image Access Scan2Net version 7.40 and earlier, version 7.42 and earlier, and version 7.42B and earlier, which stems from improper input cleanup and allows an attacker to perform a cross-sit...

4.7CVSS6.2AI score0.0046EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/12 12:0 a.m.4 views

PT-2024-22292 · Image Access Gmbh · Scan2Net

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is due to missing input sanitization, allowing an attacker to perform cross-site-scripting attacks and run arbitrary Javascript in the browser...

4.7CVSS6.7AI score0.00443EPSS
Exploits0References6
OSV
OSV
added 2024/12/11 10:16 p.m.7 views

CVE-2024-53274 GHSL-2024-111: Reflected XSS in /home in habitica

Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The register function in home.vue containsa reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious redirectTo parameter...

5.1CVSS5.8AI score0.00438EPSS
Exploits1References4
NVD
NVD
added 2024/12/11 3:15 p.m.12 views

CVE-2024-50585

Users who click on a malicious link or visit a website under the control of an attacker can be infected with arbitrary JavaScript which is running in the context of the "Numerix License Server Administration System Login" nlslogin.jsp page. The vulnerability can be triggered by sending a speciall...

4.7CVSS0.00462EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/09 12:0 a.m.12 views

CVE-2024-54919

A Stored Cross Site Scripting XSS was found in /teacheravatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter...

7.1AI score0.003EPSS
Exploits1References1
Rows per page
Query Builder