Lucene search
K

3308 matches found

CNNVD
CNNVD
added 2024/12/09 12:0 a.m.4 views

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit this vulnerability to execute arbitrary Java script via the filename parameter...

5.4CVSS7.3AI score0.003EPSS
Exploits1References1
CVE
CVE
added 2024/11/29 1:0 p.m.47 views

CVE-2024-11990

The CVE-2024-11990 entry concerns SurgeMail v78c2 with a Cross-Site Scripting (XSS) issue that lets an attacker execute arbitrary JavaScript when a crafted payload is injected into vulnerable parameters. Connected documents corroborate that the vulnerability affects SurgeMail 78c2 and describe th...

4.6CVSS4.7AI score0.00265EPSS
Exploits0References1
Veracode
Veracode
added 2024/11/25 10:57 a.m.15 views

Reflected Cross-site Scripting (XSS)

librenms/librenms is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization in the "reportthis" function, allowing attackers to inject and execute arbitrary JavaScript code via the "section" parameter of the "logs" tab...

5.4CVSS6.6AI score0.00387EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2024/11/22 12:0 a.m.6 views

MyBB Cross-Site Scripting Vulnerability (CNVD-2024-46255)

MyBB is a free and open source forum software, written in PHP, supporting MySQL, MariaDB, PostgreSQL and SQLite databases. A cross-site scripting vulnerability exists in MyBB. The vulnerability is related to the component installindex.php, which does not adequately clean up the websitename...

5.4CVSS6.6AI score0.0025EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/11/21 12:0 a.m.6 views

Zimbra Collaboration Server 跨站脚本漏洞

Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A cross-site scripting vulnerability exists in Zimbra Collaboration Server version 10.1 and earlier. An attacke...

4.8CVSS6.3AI score0.00392EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/11/21 12:0 a.m.15 views

CVE-2024-45514

An issue was discovered in Zimbra Collaboration ZCS through v10.1. A Cross-Site Scripting XSS vulnerability exists in one of the endpoints of Zimbra Webmail due to insufficient sanitization of the packages parameter. Attackers can bypass the existing checks by using encoded characters, allowing t...

0.00645EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/11/21 12:0 a.m.13 views

CVE-2024-45517

An issue was discovered in Zimbra Collaboration ZCS through 10.1. A Cross-Site Scripting XSS vulnerability in the /h/rest endpoint of the Zimbra webmail and admin panel interfaces allows attackers to execute arbitrary JavaScript in the victim's session. This issue is caused by improper sanitizati...

0.00531EPSS
Exploits0References6
CVE
CVE
added 2024/11/21 12:0 a.m.54 views

CVE-2024-45514

Summary: CVE-2024-45514 affects Zimbra Collaboration (ZCS) Webmail; a Cross-Site Scripting (XSS) flaw arises from insufficient sanitization of the packages parameter in one endpoint. Attackers can bypass checks by using encoded characters to inject and execute JavaScript in a victim’s session. Wh...

5.4CVSS6.2AI score0.00645EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/21 12:0 a.m.9 views

CVE-2024-45514

An issue was discovered in Zimbra Collaboration ZCS through v10.1. A Cross-Site Scripting XSS vulnerability exists in one of the endpoints of Zimbra Webmail due to insufficient sanitization of the packages parameter. Attackers can bypass the existing checks by using encoded characters, allowing t...

6.2AI score0.00645EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/11/21 12:0 a.m.6 views

Zimbra Collaboration Server 10.0 < 10.0.9, 10.1.0 < 10.1.1 XSS

An issue was discovered in Zimbra Collaboration ZCS through 10.1. A reflected Cross-Site Scripting XSS issue exists through the Briefcase module due to improper sanitization of file content by the OnlyOffice formatter. This occurs when the victim opens a crafted URL pointing to a shared folder...

5.4CVSS5.9AI score0.00312EPSS
Exploits0References5
OSV
OSV
added 2024/11/20 7:15 p.m.3 views

CVE-2024-45511

An issue was discovered in Zimbra Collaboration ZCS through 10.1. A reflected Cross-Site Scripting XSS issue exists through the Briefcase module due to improper sanitization of file content by the OnlyOffice formatter. This occurs when the victim opens a crafted URL pointing to a shared folder...

5.4CVSS6.1AI score
Exploits0References4
NVD
NVD
added 2024/11/20 7:15 p.m.17 views

CVE-2024-45511

An issue was discovered in Zimbra Collaboration ZCS through 10.1. A reflected Cross-Site Scripting XSS issue exists through the Briefcase module due to improper sanitization of file content by the OnlyOffice formatter. This occurs when the victim opens a crafted URL pointing to a shared folder...

5.4CVSS0.00312EPSS
Exploits0References4
CVE
CVE
added 2024/11/20 12:0 a.m.54 views

CVE-2024-45511

CVE-2024-45511 affects Zimbra Collaboration (ZCS) up to 10.1, via the Briefcase module. The root cause is improper sanitization of file contents by the OnlyOffice formatter, allowing a crafted URL to a shared folder containing a malicious file to execute arbitrary JavaScript in the victim’s sessi...

5.4CVSS6.2AI score0.00312EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/11/20 12:0 a.m.2 views

MyBB 安全漏洞

MyBB is a free and open source forum software, written in PHP, supporting MySQL, MariaDB, PostgreSQL and SQLite databases. A cross-site scripting vulnerability exists in MyBB. The vulnerability is related to the component installindex.php, which does not adequately clean up the websitename...

5.4CVSS6.4AI score0.0025EPSS
Exploits1References4
OSV
OSV
added 2024/11/15 8:48 p.m.8 views

GHSA-8FH4-942R-JF2G LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Services" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the...

7.5CVSS5.3AI score0.00449EPSS
Exploits1References4
NVD
NVD
added 2024/11/15 4:15 p.m.34 views

CVE-2024-49754

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the API-Access page allows authenticated users to inject arbitrary JavaScript through the "token" parameter when creating a new API token. This vulnerability can result i...

7.5CVSS0.69818EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/11/15 3:55 p.m.18 views

CVE-2024-52526 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Services" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when adding a service to a device. This...

4.8CVSS5.6AI score0.00449EPSS
Exploits1References2
OSV
OSV
added 2024/11/15 3:55 p.m.21 views

CVE-2024-52526 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Services" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when adding a service to a device. This...

4.8CVSS5.4AI score0.00449EPSS
Exploits1References4
CVE
CVE
added 2024/11/15 3:46 p.m.52 views

CVE-2024-51497

LibreNMS is affected by a Stored XSS in the Custom OID tab, where an authenticated user can inject JavaScript via the unit parameter when creating a new OID. The vulnerability is due to improper sanitization in librenms/includes/html/print-customoid.php and is associated with the stored XSS paylo...

5.4CVSS4.8AI score0.00396EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/11/15 3:46 p.m.9 views

GHSA-GV4M-F6FX-859X LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the "unit" parameter when creating a new OID. This vulnerability can lead to the execution of malicious code in the context of other users'...

7.5CVSS5.2AI score0.00396EPSS
Exploits1References4
Rows per page
Query Builder