Lucene search
K

3308 matches found

CNNVD
CNNVD
added 2024/10/30 12:0 a.m.3 views

Video Downloader 安全漏洞

Video Downloader is a video downloading application. A security vulnerability exists in Video Downloader version 20-30.05.24. An attacker can exploit this vulnerability to execute arbitrary JavaScript code via the acr.browser.lightning.DefaultBrowserActivity component...

8.1CVSS7.4AI score0.00339EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/30 12:0 a.m.8 views

CVE-2024-42041

The com.videodownload.browser.videodownloader aka AppTool-Browser-Video All Video Downloader application 20-30.05.24 for Android allows an attacker to execute arbitrary JavaScript code via the acr.browser.lightning.DefaultBrowserActivity component...

7.6AI score0.00339EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/29 12:0 a.m.4 views

PT-2024-31656

Name of the Vulnerable Software and Affected Versions: Apache NiFi versions 1.10.0 through 1.27.0 Apache NiFi versions 2.0.0-M1 through 2.0.0-M3 Description: The vulnerability allows an authenticated user, authorized to configure a Parameter Context, to enter arbitrary JavaScript code in the...

5.1CVSS5.8AI score0.00646EPSS
Exploits0References16
RedHat Linux
RedHat Linux
added 2024/10/28 12:58 a.m.48 views

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

9.8CVSS7.6AI score0.0937EPSS
Exploits2References13
Github Security Blog
Github Security Blog
added 2024/10/24 6:13 p.m.21 views

OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project

Summary The built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page if an attacker can reliably produce an error with an attacker-influenced message. It appears that the only way to reach this...

6.1CVSS6.9AI score0.00487EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/24 6:0 p.m.28 views

OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand

Summary The export-rows command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page that submits a form POST that contains embedded JavaScript code. This code would then ...

8.1CVSS7.4AI score0.00361EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/10/24 6:0 p.m.15 views

GHSA-79JV-5226-783F OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand

Summary The export-rows command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page that submits a form POST that contains embedded JavaScript code. This code would then ...

8.6CVSS7.4AI score0.00361EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/10/24 12:0 a.m.5 views

PT-2024-8657 · Velocity +2 · Velocity +2

Name of the Vulnerable Software and Affected Versions: Butterfly framework versions prior to 1.2.6 Description: The Butterfly framework has a weakness related to incorrect restriction of the path name to a directory with limited access. This can be exploited by an attacker with network access to...

9.4CVSS7.2AI score0.01602EPSS
Exploits1References17
CNVD
CNVD
added 2024/10/23 12:0 a.m.4 views

Unspecified Vulnerability in JetBrains YouTrack

JetBrains YouTrack is a project management tool, developed by JetBrains, supporting cloud hosting and local deployment, providing task management, team collaboration, time tracking and other features for software development, human resources and other scenarios. JetBrains YouTrack suffers from a...

8.1CVSS6.7AI score0.00401EPSS
Exploits0References1
NVD
NVD
added 2024/10/21 5:15 p.m.15 views

CVE-2024-40746

A stored cross-site scripting XSS vulnerability in HikaShop Joomla Component 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the description parameter of any product. The description parameter is not sanitised in the...

5.4CVSS0.0026EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/21 4:16 p.m.13 views

CVE-2024-40746 Extension - hikashop.com - Stored cross site scripting vulnerability in Hikashop component for Joomla < 5.1.1

A stored cross-site scripting XSS vulnerability in HikaShop Joomla Component 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the description parameter of any product. The description parameter is not sanitised in the...

5.6AI score0.0026EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/21 4:16 p.m.27 views

CVE-2024-40746 Extension - hikashop.com - Stored cross site scripting vulnerability in Hikashop component for Joomla < 5.1.1

A stored cross-site scripting XSS vulnerability in HikaShop Joomla Component 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the description parameter of any product. The description parameter is not sanitised in the...

0.0026EPSS
Exploits0References1
CVE
CVE
added 2024/10/21 4:16 p.m.53 views

CVE-2024-40746

CVE-2024-40746 is a stored XSS affecting the Hikashop Joomla component prior to 5.1.1. The root cause is that the description parameter in a product is not sanitized in the backend, enabling a remote attacker to inject arbitrary JavaScript into a user’s browser. Affected software: Hikashop Joomla...

5.4CVSS5.3AI score0.0026EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/10/17 1:15 p.m.5 views

CVE-2024-49579

In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...

6.1CVSS6AI score0.00401EPSS
Exploits0References1
NVD
NVD
added 2024/10/17 1:15 p.m.14 views

CVE-2024-49579

In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...

8.1CVSS0.00401EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/17 1:0 p.m.19 views

CVE-2024-49579

In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...

8.1CVSS0.00401EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/17 1:0 p.m.22 views

CVE-2024-49579

In JetBrains YouTrack before 2024.3.47197 insecure plugin iframe allowed arbitrary JavaScript execution and unauthorized API requests...

8.1CVSS7.1AI score0.00401EPSS
Exploits0References1
CVE
CVE
added 2024/10/17 1:0 p.m.90 views

CVE-2024-49579

JetBrains YouTrack prior to 2024.3.47197 is affected by CVE-2024-49579 due to insufficient validation of the iframe plugin communication channel, allowing arbitrary JavaScript execution and unauthorized API requests. The issue stems from the iframe plugin; attacker-controlled payloads could be ex...

8.1CVSS7.1AI score0.00401EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2024/10/17 12:0 a.m.7 views

Esri Portal For ArcGIS Cross-Site Scripting Vulnerability (CNVD-2024-41005)

Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. Esri Portal For ArcGIS suffers from a cross-site scripting vulnerability that can be...

4.8CVSS6.1AI score0.00266EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/17 12:0 a.m.3 views

ComfyUI 跨站脚本漏洞

ComfyUI is one of the most powerful and modular diffusion model GUI and backend for comfyanonymous individual developers. A cross-site scripting vulnerability exists in ComfyUI version 0.2.2 and prior versions, which can be exploited by an attacker to cause arbitrary JavaScript code to be execute...

6.1CVSS5.8AI score0.00342EPSS
Exploits1References2
Rows per page
Query Builder