Lucene search
K

3308 matches found

CVE
CVE
added 2024/10/04 5:16 p.m.64 views

CVE-2024-25707

CVE-2024-25707 is a reflected cross-site scripting vulnerability in Esri Portal for ArcGIS 11.1 and earlier. The issue allows an authenticated user with administrative privileges to supply a crafted string that could cause arbitrary JavaScript execution in their own browser (Self XSS). The vulner...

4.8CVSS5.5AI score0.00329EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/04 5:16 p.m.16 views

CVE-2024-25707 BUG-000160241 - Reflected XSS in Portal for ArcGIS

There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser Self XSS. A...

4.8CVSS6.5AI score0.00329EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/04 5:14 p.m.13 views

CVE-2024-8149 BUG-000168624 - Unvalidated redirect in Portal for ArcGIS.

There is a reflected Cross‑Site Scripting XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 that may allow a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s...

4.6CVSS6AI score0.00392EPSS
Exploits0References1
CVE
CVE
added 2024/10/04 5:14 p.m.58 views

CVE-2024-8149

CVE-2024-8149 describes a reflected Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2. The flaw allows a remote, authenticated attacker with low privileges to craft a link that, when clicked by a victim, could execute arbitrary JavaScript in the victim’s br...

4.6CVSS6AI score0.00392EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/10/04 12:0 a.m.4 views

Esri Portal For ArcGIS 跨站脚本漏洞

Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. Esri Portal For ArcGIS suffers from a cross-site scripting vulnerability that can be...

6.1CVSS6.2AI score0.00392EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/04 12:0 a.m.3 views

Esri Portal For ArcGIS 跨站脚本漏洞

Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. Esri Portal For ArcGIS suffers from a cross-site scripting vulnerability that can be...

6.1CVSS6.2AI score0.00302EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/04 12:0 a.m.4 views

Esri Portal For ArcGIS 跨站脚本漏洞

Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. Esri Portal For ArcGIS suffers from a cross-site scripting vulnerability that can be...

4.8CVSS6.1AI score0.00266EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/04 12:0 a.m.3 views

Esri Portal For ArcGIS 跨站脚本漏洞

Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal For ArcGIS, which can be...

4.8CVSS6.3AI score0.00329EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/04 12:0 a.m.3 views

Esri Portal For ArcGIS 跨站脚本漏洞

Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. Esri Portal For ArcGIS suffers from a cross-site scripting vulnerability that can be...

6.1CVSS6.3AI score0.00302EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/04 12:0 a.m.4 views

Esri Portal For ArcGIS 跨站脚本漏洞

Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal For ArcGIS, which can be...

4.8CVSS6.1AI score0.00268EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/04 12:0 a.m.4 views

Esri Portal For ArcGIS 跨站脚本漏洞

Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A cross-site scripting vulnerability exists in Esri Portal For ArcGIS that stems from...

4.8CVSS6.3AI score0.00266EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/10/02 3:9 a.m.4 views

SUSE CVE-2024-9393

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full...

5.4CVSS6.7AI score0.00402EPSS
Exploits0References14
CVE
CVE
added 2024/10/01 8:31 p.m.49 views

CVE-2024-47523

LibreNMS (PHP/MySQL/SNMP-based) has a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Transports Details field. The root cause is insufficient sanitization of user input in the Details section, allowing an attacker to inject JavaScript that executes in other users’ sessions. This aff...

7.5CVSS5.7AI score0.00585EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/10/01 8:31 p.m.11 views

GHSA-7F84-28QH-9486 LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" feature

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Alert Transports" feature allows authenticated users to inject arbitrary JavaScript through the "Details" section which contains multiple fields depending on which transport is selected at that moment. This vulnerability can lead to...

7.5CVSS5.8AI score0.00585EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/10/01 8:31 p.m.24 views

LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" feature

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Alert Transports" feature allows authenticated users to inject arbitrary JavaScript through the "Details" section which contains multiple fields depending on which transport is selected at that moment. This vulnerability can lead to...

7.5CVSS5.5AI score0.00585EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/10/01 8:31 p.m.23 views

GHSA-RWWC-2V8Q-GC9V LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" feature

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name "hostname" parameter. This vulnerability can lead to the execution of malicious code in the context of other users'...

7.5CVSS5.8AI score0.0049EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/10/01 8:31 p.m.23 views

LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" feature

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name "hostname" parameter. This vulnerability can lead to the execution of malicious code in the context of other users'...

7.5CVSS5.6AI score0.0049EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/01 8:27 p.m.8 views

CVE-2024-47525 Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-alert-rules.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the execution of malicious...

7.5CVSS5.5AI score0.26242EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2024/10/01 7:10 p.m.14 views

CVE-2024-9393

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access cross-origin PDF content. This...

7.6CVSS6.9AI score0.00402EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2024/10/01 4:15 p.m.11 views

CVE-2024-9394

An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full...

7.5CVSS6.8AI score0.00498EPSS
Exploits0References8
Rows per page
Query Builder