Lucene search
K

3304 matches found

OSV
OSV
added 2023/10/19 7:15 p.m.2 views

CVE-2023-40153

The affected product is vulnerable to a cross-site scripting vulnerability, which could allow an attacker to access the web application to introduce arbitrary Java Script by injecting an XSS payload into the 'hostname' parameter of the vulnerable software...

6.1CVSS5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2023/10/19 12:0 a.m.4 views

Yamcs Cross-Site Scripting Vulnerability

Yamcs is an open source software framework from Yamcs Open Source. It is used to command and control spacecraft, satellites, payloads, ground stations and ground equipment. A security vulnerability exists in Yamcs version 5.8.6, which originates from a method that allows you to upload an HTML fil...

5.4CVSS6.9AI score0.00535EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/10/19 12:0 a.m.3 views

Home Assistant Code Injection Vulnerability

Home Assistant is an open source home automation management system. The system is primarily used to control home automation devices. A security vulnerability exists in Home Assistant versions prior to 2023.9.2 that stems from an arbitrary URL loading issue in WebView. An attacker can exploit the...

8.6CVSS7AI score0.00164EPSS
Exploits0References2
OSV
OSV
added 2023/10/18 10:15 p.m.13 views

CVE-2023-45958

Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the backuppagination parameter at /controller/AdminController.php. This vulnerability allows attackers to execute arbitrary JavaScript in the web browser of a user via a crafted payload...

6.1CVSS6.3AI score
Exploits0References2
Prion
Prion
added 2023/10/18 10:15 p.m.16 views

Cross site scripting

Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the backuppagination parameter at /controller/AdminController.php. This vulnerability allows attackers to execute arbitrary JavaScript in the web browser of a user via a crafted payload...

5.8CVSS6AI score0.00312EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/18 12:0 a.m.9 views

CVE-2023-45958

Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-site scripting XSS vulnerability via the backuppagination parameter at /controller/AdminController.php. This vulnerability allows attackers to execute arbitrary JavaScript in the web browser of a user via a crafted payload...

6.4AI score0.00312EPSS
Exploits0References2
NVD
NVD
added 2023/10/14 4:15 p.m.12 views

CVE-2023-35024

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intend...

7.6CVSS5.4AI score0.00354EPSS
Exploits0References2
NVD
NVD
added 2023/10/11 4:15 p.m.12 views

CVE-2023-34354

A stored cross-site scripting XSS vulnerability exists in the uploadbrand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to...

5.4CVSS4.4AI score0.0081EPSS
Exploits1References2
Prion
Prion
added 2023/10/11 4:15 p.m.23 views

Cross site scripting

A stored cross-site scripting XSS vulnerability exists in the uploadbrand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to...

4.9CVSS5.5AI score0.0081EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/11 3:16 p.m.8 views

CVE-2023-34354

A stored cross-site scripting XSS vulnerability exists in the uploadbrand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to...

3.4CVSS5.3AI score0.0081EPSS
Exploits1References1
NVD
NVD
added 2023/09/21 11:15 p.m.14 views

CVE-2023-41616

A reflected cross-site scripting XSS vulnerability in the Search Student function of Student Management System v1.2.3 and before allows attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload...

4.8CVSS5AI score0.00392EPSS
Exploits0References1
Prion
Prion
added 2023/09/21 11:15 p.m.15 views

Cross site scripting

A reflected cross-site scripting XSS vulnerability in the Search Student function of Student Management System v1.2.3 and before allows attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload...

4.3CVSS5AI score0.00392EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/21 12:0 a.m.12 views

CVE-2023-41616

A reflected cross-site scripting XSS vulnerability in the Search Student function of Student Management System v1.2.3 and before allows attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload...

5.9AI score0.00392EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/09/20 9:15 p.m.2 views

CVE-2023-38875

A reflected cross-site scripting XSS vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'validator' parameter in '/reset-password'...

6.1CVSS6AI score0.00824EPSS
Exploits0References3
NVD
NVD
added 2023/09/20 9:15 p.m.26 views

CVE-2023-38875

A reflected cross-site scripting XSS vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'validator' parameter in '/reset-password'...

6.1CVSS6.1AI score0.00824EPSS
Exploits0References1
NVD
NVD
added 2023/09/20 9:15 p.m.26 views

CVE-2023-38876

A reflected cross-site scripting XSS vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' parameter in '/reset-password'...

6.1CVSS6.1AI score0.00731EPSS
Exploits0References1
Prion
Prion
added 2023/09/20 9:15 p.m.19 views

Cross site scripting

A reflected cross-site scripting XSS vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'validator' parameter in '/reset-password'...

5.8CVSS6.1AI score0.00824EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/09/20 6:15 p.m.17 views

CVE-2023-40618

A reflected cross-site scripting XSS vulnerability in OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 as well as Visual Project Explorer 1.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'service' parameter in...

6.1CVSS6.2AI score0.00512EPSS
Exploits1References1
NVD
NVD
added 2023/09/20 6:15 p.m.15 views

CVE-2023-40618

A reflected cross-site scripting XSS vulnerability in OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 as well as Visual Project Explorer 1.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'service' parameter in...

6.1CVSS6.1AI score0.00512EPSS
Exploits1References1
Prion
Prion
added 2023/09/20 6:15 p.m.14 views

Cross site scripting

A reflected cross-site scripting XSS vulnerability in OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 as well as Visual Project Explorer 1.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'service' parameter in...

5.8CVSS6.1AI score0.00512EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder