Lucene search
K

3306 matches found

CNVD
CNVD
added 2024/07/17 12:0 a.m.5 views

IBM Datacap Navigator Cross-Site Scripting Vulnerability

IBM Datacap Navigator is a Web client for Datacap from International Business Machines IBM. IBM Datacap Navigator suffers from a cross-site scripting vulnerability that originates from allowing arbitrary JavaScript code to be embedded in the Web UI, which could alter the intended functionality an...

6.4CVSS6.1AI score0.00341EPSS
Exploits0References1
CNVD
CNVD
added 2024/07/17 12:0 a.m.8 views

IBM Datacap Navigator Cross-Site Scripting Vulnerability

IBM Datacap Navigator is a Web client for Datacap from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Datacap Navigator, which can be exploited by an attacker to embed arbitrary JavaScript code in the Web UI...

5.4CVSS6AI score0.00304EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/16 12:0 a.m.8 views

PT-2024-5677 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue is related to a parameter in the market module of the Netcat CMS system, which is vulnerable to cross-site request forgery. This could allow a remote attacker to execute...

9CVSS7.4AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/16 12:0 a.m.4 views

PT-2024-5686 · Netcat · Netcat Netshop Cms

Name of the Vulnerable Software and Affected Versions: Netcat Netshop CMS affected versions not specified Description: The issue is related to the promotion discount parameter in the Netcat Netshop CMS system, which is vulnerable to cross-site request forgery. This could allow a remote attacker t...

9CVSS7.5AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/16 12:0 a.m.7 views

PT-2024-5679 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue exists due to a lack of protection measures for the web page structure in the stats module of the Netcat CMS system. This allows a remote attacker to execute arbitrary JavaScri...

9CVSS7.6AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/07/11 6:31 p.m.63 views

Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability

Withdrawn Advisory This advisory has been withdrawn because it was determined to not be a vulnerability in Bootstrap. From the CVE: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior...

6.4AI score
Exploits0References5Affected Software6
CVE
CVE
added 2024/07/11 5:15 p.m.336 views

CVE-2024-6531

CVE-2024-6531 is rejected and not an active vulnerability entry.

6AI score
Exploits0
RubySec
RubySec
added 2024/07/11 12:0 a.m.37 views

Bootstrap Cross-Site Scripting (XSS) vulnerability

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting XSS attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This...

6.2AI score
Exploits0References1Affected Software1
NVD
NVD
added 2024/07/03 7:15 p.m.17 views

CVE-2024-35234

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...

6.1CVSS0.00333EPSS
Exploits0References3
OSV
OSV
added 2024/07/03 6:23 p.m.29 views

CVE-2024-35234 Discourse vulnerable to stored-dom XSS via Facebook Oneboxes

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...

4.2CVSS7AI score0.00333EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/07/03 12:0 a.m.4 views

PT-2024-26398 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.2.3 on the stable branch Discourse versions prior to 3.3.0.beta3 on the tests-passed branch Description: The issue allows an attacker to execute arbitrary JavaScript on users' browsers by posting a specific URL...

6.1CVSS7.7AI score0.00333EPSS
Exploits0References8
CNVD
CNVD
added 2024/07/02 12:0 a.m.8 views

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2024-30211)

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting...

5.4CVSS6.1AI score0.00261EPSS
Exploits0References1
Veracode
Veracode
added 2024/07/01 10:13 a.m.17 views

Cross Site Scripting(XSS)

zenml is vulnerable to Cross-Site Scripting XSS . The vulnerability is due to improper input neutralization during web page generation within the survey redirect parameter, which allows an attacker to execute arbitrary JavaScript code in the context of the user's browser session...

6.1CVSS6AI score0.00388EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/06/30 7:15 p.m.3 views

CVE-2023-50964

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 276102...

5.4CVSS5.5AI score0.00261EPSS
Exploits0References2
CVE
CVE
added 2024/06/30 3:14 p.m.65 views

CVE-2024-5062

CVE-2024-5062 : A reflected XSS in zenml-io/zenml

6.1CVSS5.4AI score0.00388EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/28 6:11 p.m.14 views

CVE-2024-38514 NextChat Server-Side Request Forgery (SSRF)

NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery SSRF vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance MKCOL, PUT and GET...

7.4CVSS7.7AI score0.02186EPSS
Exploits0References2
OSV
OSV
added 2024/06/26 7:3 p.m.11 views

GHSA-Q6XV-JM4V-349H Cross-site Scripting in ZenUML

Summary Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting XSS. Details The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common markdo...

5.4CVSS5.4AI score0.00381EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/06/26 7:3 p.m.13 views

Cross-site Scripting in ZenUML

Summary Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting XSS. Details The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common markdo...

5.4CVSS6.5AI score0.00381EPSS
Exploits0References4Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/06/24 2:5 a.m.3 views

LINE client for iOS vulnerable to universal cross-site scripting

Overview The in-app browser of LINE client for iOS provided by LY Corporation contains a universal cross-site scripting vulnerability CWE-79, CVE-2024-5739. LY Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact If a user clicks a malicious...

6.1CVSS5.9AI score0.00269EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/06/21 12:0 a.m.3 views

The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the website’s structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code in the context of the victim’s browser...

5.5CVSS5.9AI score0.00587EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder