Lucene search
K

2049 matches found

OSV
OSV
added 2023/10/25 5:9 p.m.24 views

CVE-2023-37909 Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.1-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros th...

9.9CVSS8.9AI score0.01621EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/10/23 12:0 a.m.10 views

CVE-2023-37636

A stored cross-site scripting XSS vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket...

5.6AI score0.00346EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/10/23 12:0 a.m.20 views

CVE-2023-37636

A stored cross-site scripting XSS vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket...

5.4AI score0.00346EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/10/23 12:0 a.m.3 views

Enhancesoft osTicket Cross-Site Scripting Vulnerability

Enhancesoft osTicket is an open source ticketing system from Enhancesoft, USA. A security vulnerability exists in Enhancesoft osTicket v1.17.2. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected into the Label input paramete...

4.8CVSS6.7AI score0.00354EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/09/28 3:15 p.m.3 views

CVE-2023-43884

A Cross-site scripting XSS vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter...

5.4CVSS6.1AI score0.00396EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/09/28 12:0 a.m.10 views

PT-2023-29021 · Unknown · October Cms

Name of the Vulnerable Software and Affected Versions: October CMS version 3.4.16 Description: A Cross-Site Scripting XSS vulnerability in the installer of October CMS allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field. Recommendations: For...

5.4CVSS5.3AI score0.00403EPSS
Exploits1References11
Prion
Prion
added 2023/09/27 11:15 p.m.17 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter...

5.8CVSS5.8AI score0.00308EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/09/27 3:19 p.m.19 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website header parameter...

4.9CVSS5.2AI score0.00451EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/09/27 12:0 a.m.3 views

Subrion Cross-Site Scripting Vulnerability

Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into websites and supports a variety of extensions plug-ins and more. A cross-site scripting vulnerability exists in Subrion v4.2.1, which originates from a cross-site scripting XSS...

5.4CVSS5.8AI score0.00495EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/09/19 12:0 a.m.3 views

WordPress plugin Leyka 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

4.8CVSS5.9AI score0.00379EPSS
Exploits2References2
NVD
NVD
added 2023/09/16 1:15 a.m.11 views

CVE-2023-39777

A cross-site scripting XSS vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter...

5.4CVSS5.4AI score0.00386EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/09/12 12:0 a.m.4 views

SAP NetWeaver AS 跨站脚本漏洞

SAP NetWeaver AS is a SAP network application server from SAP. It not only provides network services, but also the basic platform for SAP software. SAP NetWeaver AS ABAP cross-site scripting vulnerability, the vulnerability stems from the lack of effective filtering and escaping of user-supplied...

5.5CVSS6.4AI score0.00346EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/09/11 12:0 a.m.7 views

PT-2023-27988 · Unknown · Dairy Farm Shop Management System Using Php/Mysql

Name of the Vulnerable Software and Affected Versions: Dairy Farm Shop Management System Using PHP and MySQL version 1.1 Description: The issue allows attackers to execute arbitrary web scripts and HTML via a crafted payload injected into the Category and Category Field parameters. This enables t...

5.4CVSS6AI score0.00781EPSS
Exploits0References8
Prion
Prion
added 2023/09/06 8:15 p.m.20 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters...

5.8CVSS6AI score0.00379EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/06 12:0 a.m.4 views

PT-2023-27994 · Csz Cms · Csz Cms

Name of the Vulnerable Software and Affected Versions: CSZ CMS version 1.3.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters in the install/index.php file. This enables the...

6.1CVSS6.8AI score0.00379EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/09/05 12:0 a.m.55 views

JVN#92720882: Multiple vulnerabilities in CGIs of PMailServer and PMailServer2

CGIs included with PMailServer and PMailServer2 provided by A.K.I Software contain multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-39223 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVS...

7.5CVSS8.2AI score0.00975EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/09/05 12:0 a.m.8 views

PT-2023-25592 · Shirasagi · Shirasagi

Name of the Vulnerable Software and Affected Versions: SHIRASAGI versions prior to 1.18.0 Description: A reflected cross-site scripting issue allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. This enables the...

6.1CVSS6.3AI score0.00412EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/09/01 12:0 a.m.8 views

PT-2023-27085 · Unknown · Free/Open Source Inventory Management System

Name of the Vulnerable Software and Affected Versions: Free and Open Source Inventory Management System version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the "Add New...

6.1CVSS6.7AI score0.00537EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/08/31 12:0 a.m.51 views

JVN#60140221: Multiple vulnerabilities in i-PRO VI Web Client

VI Web Client provided by i-PRO Co., Ltd. is Video Insight’s video management software. VI Web Client contains multiple vulnerabilities listed below. Open Redirect CWE-601 - CVE-2023-38574 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N| Base Score: 4.7...

6.1CVSS6.1AI score0.00412EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/08/28 12:0 a.m.8 views

CVE-2023-39578

A stored cross-site scripting XSS vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field...

5.6AI score0.00379EPSS
Exploits1References2
Rows per page
Query Builder