Lucene search
K

3308 matches found

CNNVD
CNNVD
added 2024/11/15 12:0 a.m.5 views

Pimcore 跨站脚本漏洞

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce frameworks and product information management applications. A cross-site scripting vulnerability exist...

4.8CVSS4.6AI score0.00356EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.3 views

PT-2024-29564 · Ibm · Ibm Concert

Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.0.1 Description: The issue allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosur...

6.1CVSS6.2AI score0.00269EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/11/14 12:21 p.m.3 views

webkitgtk: arbitrary javascript code execution

A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution...

9.8CVSS6AI score0.01356EPSS
Exploits0References5
NVD
NVD
added 2024/11/11 11:15 p.m.11 views

CVE-2024-50601

Persistent and reflected XSS vulnerabilities in the themeMode cookie and h URL parameter of Axigen Mail Server up to version 10.5.28 allow attackers to execute arbitrary Javascript. Exploitation could lead to session hijacking, data leakage, and further exploitation via a multi-stage attack. Fixe...

6.1CVSS0.00235EPSS
Exploits0References1
CVE
CVE
added 2024/11/11 7:24 a.m.51 views

CVE-2024-11021

CVE-2024-11021 relates to a Stored Cross-site Scripting vulnerability in Webopac from Grand Vice info. The issue allows remote attackers with regular privileges to inject arbitrary JavaScript into the server, which is executed in users’ browsers when visiting the affected page. Connected sources ...

5.4CVSS5.5AI score0.00279EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/11/11 7:15 a.m.3 views

CVE-2024-11019

Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques...

6.1CVSS6.1AI score0.00324EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/11 7:6 a.m.32 views

CVE-2024-11019 Grand Vice info Webopac7 - Reflected XSS

Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques...

6.1CVSS0.00324EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/11 12:0 a.m.4 views

SYQ com.downloader.video.fast 安全漏洞

SYQ com.downloader.video.fast SYQ Master Video Downloader is a video downloader from SYQ Inc. A security vulnerability exists in SYQ com.downloader.video.fast Master Video Downloader version 2.0 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary JavaScript code...

9.1CVSS7.3AI score0.00377EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/11 12:0 a.m.14 views

CVE-2024-46962

The SYQ com.downloader.video.fast aka Master Video Downloader application through 2.0 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.video.fast.SpeedMainAct component...

7.6AI score0.00377EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/11 12:0 a.m.3 views

DS Browsers allvideo.downloader.browser 安全漏洞

DS Browsers allvideo.downloader.browser DS Browsers Fast Video Downloader: Browser is a video downloader from DS Browsers. A security vulnerability exists in DS Browsers allvideo.downloader.browser Fast Video Downloader: Browser version 1.6-RC1 and earlier versions. An attacker can exploit this...

5.4CVSS7.3AI score0.00235EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/11 12:0 a.m.4 views

PT-2024-16710 · Grand Vice Info · Webopac

Name of the Vulnerable Software and Affected Versions: Webopac from Grand Vice info affected versions not specified Description: The issue is a Stored Cross-site Scripting vulnerability, allowing remote attackers with regular privileges to inject arbitrary JavaScript code into the server. When...

5.4CVSS6.5AI score0.00279EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2024/11/11 12:0 a.m.4 views

PT-2024-34350 · Axigen · Axigen Mail Server

Name of the Vulnerable Software and Affected Versions: Axigen Mail Server versions prior to 10.5.29 Description: The issue concerns persistent and reflected XSS vulnerabilities in the themeMode cookie and h URL parameter. This could allow attackers to execute arbitrary Javascript, potentially...

6.1CVSS7AI score0.00235EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/11/07 12:0 a.m.3 views

ASD Dev Video Player HD Video Downloader 安全漏洞

ASD Dev Video Player HD Video Downloader is a video downloader from ASD Dev Video Player, Inc. A security vulnerability exists in ASD Dev Video Player HD Video Downloader version 7.0.129 and earlier, which originates from a vulnerability that allows attackers to execute arbitrary JavaScript code...

8.8CVSS7.4AI score0.00449EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/07 12:0 a.m.4 views

PT-2024-32302 · Winshot · Winshot

Name of the Vulnerable Software and Affected Versions: Inshot com.downloader.privatebrowser aka Video Downloader - XDownloader versions 1.3.5 and earlier Description: The issue allows an attacker to execute arbitrary JavaScript code via the com.downloader.privatebrowser.activity.PrivateMainActivi...

8.1CVSS7.3AI score0.00395EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/11/04 12:0 a.m.2 views

Chamilo LMS 安全漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS version 1.11.26, which stems...

6.1CVSS6.4AI score0.00381EPSS
Exploits1References2
CVE
CVE
added 2024/11/04 12:0 a.m.59 views

CVE-2024-30618

CVE-2024-30618 is a Stored XSS in Chamilo LMS 1.11.26 triggered by a malicious payload in the content parameter of group_topics.php. Impact is to execute JavaScript in a victim’s browser (confidentiality/integrity) with network access and user interaction required. Root cause is insufficient inpu...

6.1CVSS6AI score0.00381EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2024/10/30 6:15 p.m.15 views

CVE-2024-42041

The com.videodownload.browser.videodownloader aka AppTool-Browser-Video All Video Downloader application 20-30.05.24 for Android allows an attacker to execute arbitrary JavaScript code via the acr.browser.lightning.DefaultBrowserActivity component...

8.1CVSS0.00339EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/30 12:0 a.m.12 views

CVE-2024-31972

EnGenius ESR580 A8J-EMR5000 devices allow a remote attacker to conduct stored XSS attacks that could lead to arbitrary JavaScript code execution under the context of the user's session via the Wi-Fi SSID input fields. Web scripts embedded into the vulnerable fields this way are executed immediate...

0.00431EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/30 12:0 a.m.14 views

CVE-2024-42041

The com.videodownload.browser.videodownloader aka AppTool-Browser-Video All Video Downloader application 20-30.05.24 for Android allows an attacker to execute arbitrary JavaScript code via the acr.browser.lightning.DefaultBrowserActivity component...

0.00339EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/30 12:0 a.m.2 views

EnGenius ESR580 安全漏洞

The EnGenius ESR580 is a series of wireless access points from EnGenius. A security vulnerability exists in the EnGenius ESR580 that originates from allowing remote attackers to conduct a stored cross-site scripting attack via the Wi-Fi SSID input field, which can lead to arbitrary JavaScript cod...

4.3CVSS6.6AI score0.00431EPSS
Exploits0References1
Rows per page
Query Builder