Lucene search
K

2049 matches found

CNNVD
CNNVD
added 2023/08/25 12:0 a.m.3 views

Tenda AC23 输入验证错误漏洞

Tenda AC23 is a home dual-band wireless router launched by Tenda, focusing on large home coverage and high-speed transmission, supporting 802.11acWave2 technology, dual-band concurrent rate up to 2033Mbps. The Tenda AC23 suffers from a stack buffer overflow vulnerability that stems from the...

8.8CVSS7.6AI score0.00787EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/08/21 12:0 a.m.4 views

LuxSoft LuxCal Web Calendar 跨站脚本漏洞

LuxSoft LuxCal Web Calendar is a free user-friendly lightweight web-based event calendar from LuxSoft Switzerland. A security vulnerability exists in LuxSoft LuxCal Web Calendar that stems from the presence of a cross-site scripting XSS vulnerability. An attacker can exploit the vulnerability to...

6.1CVSS6.8AI score0.00528EPSS
Exploits0References5
OSV
OSV
added 2023/08/17 5:21 p.m.30 views

CVE-2023-37914 Privilege escalation (PR)/RCE from account through Invitation subject/message

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view Invitation.WebHome can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to...

9.9CVSS8.9AI score0.01535EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/08/14 12:0 a.m.10 views

CVE-2023-32748

The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 22.24.1500.0 could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control...

7.7AI score0.00901EPSS
Exploits0References2
CVE
CVE
added 2023/08/10 12:0 a.m.142 views

CVE-2023-37625

CVE-2023-37625 describes a stored cross-site scripting (XSS) vulnerability in NetBox v3.4.7, exploitable via a crafted payload injected into the Custom Link templates. The available sources (NVD/OSV, etc.) consistently identify the affected software as NetBox 3.4.7 and the vulnerability as stored...

5.4CVSS5.2AI score0.00593EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/07/24 7:15 p.m.17 views

Cross site scripting

A cross-site scripting XSS vulnerability in Assembly Software Trialworks v11.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the asset src parameter...

5.8CVSS5.9AI score0.0038EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/07/24 12:0 a.m.44 views

CVE-2023-37613

CVE-2023-37613 describes an XSS vulnerability in Assembly Software Trialworks v11.4, where an attacker can inject a crafted payload into the asset src parameter to execute arbitrary web scripts/HTML in the victim’s browser. The connected sources consistently identify the affected product/version ...

6.1CVSS5.9AI score0.0038EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/24 12:0 a.m.7 views

CVE-2023-37613

A cross-site scripting XSS vulnerability in Assembly Software Trialworks v11.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the asset src parameter...

5.8AI score0.0038EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/07/24 12:0 a.m.5 views

Assembly Software Trialworks 跨站脚本漏洞

Assembly Software Trialworks is a feature-rich legal case management platform built by experienced trial attorneys from Assembly Software USA. A security vulnerability exists in Assembly Software Trialworks version v11.4, which stems from the presence of a cross-site scripting XSS vulnerability...

6.1CVSS6.2AI score0.0038EPSS
Exploits1References3
NVD
NVD
added 2023/07/13 5:15 p.m.15 views

CVE-2023-37785

A cross-site scripting XSS vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smilecode parameter of the component /editprofile.php...

4.8CVSS0.00395EPSS
Exploits1References1
Prion
Prion
added 2023/07/13 5:15 p.m.13 views

Cross site scripting

A cross-site scripting XSS vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smilecode parameter of the component /editprofile.php...

4.3CVSS4.9AI score0.00395EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/13 12:0 a.m.16 views

CVE-2023-37746

A cross-site scripting XSS vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter of the /admin/contactus.php component...

5.8AI score0.00314EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/07/13 12:0 a.m.13 views

Discourse 跨站脚本漏洞

Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. Discourse suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which ca...

6.8CVSS6.1AI score0.00347EPSS
Exploits0References2
CVE
CVE
added 2023/07/11 6:19 p.m.64 views

CVE-2023-37280

Pimcore Admin Classic Bundle (ExtJS-based Backend UI) contains a cross-site scripting vulnerability (CVE-2023-37280) that can be exploited by any admin who has not set up two-factor authentication, without extra privileges. The issue allows execution of arbitrary scripts/HTML content via the admi...

6.1CVSS6.1AI score0.00535EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2023/07/10 12:0 a.m.5 views

EyouCms Cross-Site Scripting Vulnerability (CNVD-2023-58096)

EyouCms is an open source content management system CMS based on ThinkPHP. EyouCms has a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the Column management module, which can be exploited by an attacker to execute arbitrar...

5.4CVSS6.2AI score0.00297EPSS
Exploits1References1
CNVD
CNVD
added 2023/07/10 12:0 a.m.32 views

Cisco Webex Meetings Cross-Site Scripting Vulnerability (CNVD-2023-62934)

Cisco Webex Meetings is a set of video conferencing solutions from Cisco USA. Cisco Webex Meetings suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary Web...

4.9CVSS6.3AI score0.00517EPSS
Exploits0
CNNVD
CNNVD
added 2023/07/10 12:0 a.m.4 views

Hostel Management System 跨站脚本漏洞

PHPGurukul Hostel Management System is a hostel management system. A security vulnerability exists in Hostel Management System version v2.1, which can be exploited to execute arbitrary web script or HTML via the add course drop-down menu...

4.8CVSS5.7AI score0.00495EPSS
Exploits1References3
OSV
OSV
added 2023/07/06 3:15 p.m.4 views

CVE-2023-37136

A stored cross-site scripting XSS vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.4CVSS5.9AI score0.00325EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/07/06 3:15 p.m.5 views

CVE-2023-37134

A stored cross-site scripting XSS vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.4CVSS6.2AI score0.00325EPSS
Exploits1References2
OSV
OSV
added 2023/07/06 3:15 p.m.3 views

CVE-2023-37135

A stored cross-site scripting XSS vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.4CVSS5.9AI score0.00297EPSS
Exploits1References1
Rows per page
Query Builder