Lucene search
K

2049 matches found

Prion
Prion
added 2023/07/06 3:15 p.m.20 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Basic Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

4.9CVSS5.2AI score0.00325EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/07/06 3:15 p.m.19 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

4.9CVSS5.2AI score0.00297EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/07/06 2:15 a.m.18 views

Cross site scripting

A cross-site scripting XSS vulnerability in User Registration & Login and User Management System with Admin Panel v3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the first and last name field...

4.9CVSS5.3AI score0.00443EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/07/06 12:0 a.m.4 views

Bagecms 跨站脚本漏洞

BageCMS is a cross-platform content management system CMS based on PHP and MySQL by the BageCMS team in China. A cross-site scripting vulnerability exists in BageCMS v3.1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the custom settings module, and can ...

5.4CVSS6.2AI score0.00297EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/07/05 6:15 p.m.4 views

CVE-2023-33335

Cross Site Scripting XSS in Sophos Sophos iView The EOL was December 31st 2020 in grpname parameter that allows arbitrary script to be executed...

6.1CVSS5.8AI score0.00513EPSS
Exploits0References3
Prion
Prion
added 2023/07/05 6:15 p.m.21 views

Cross site scripting

Cross Site Scripting XSS in Sophos Sophos iView The EOL was December 31st 2020 in grpname parameter that allows arbitrary script to be executed...

5.8CVSS6AI score0.00513EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2023/07/05 9:0 a.m.46 views

Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware

The npm registry for the Node.js JavaScript runtime environment is susceptible to what's called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation. "A npm package's manifest is...

9.8CVSS6.8AI score0.85689EPSS
Exploits10
CNNVD
CNNVD
added 2023/07/05 12:0 a.m.4 views

Sophos iView 跨站脚本漏洞

Sophos iView is a solution from Sophos UK. A security vulnerability exists in Sophos iView that stems from the presence of cross-site scripting XSS, which allows the execution of arbitrary scripts...

6.1CVSS6.2AI score0.00513EPSS
Exploits0References2
NVD
NVD
added 2023/06/29 9:15 p.m.23 views

CVE-2023-36469

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...

9.9CVSS9.9AI score0.82376EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/06/28 12:0 a.m.4 views

ChurchCRM 跨站脚本漏洞

ChurchCRM is an open source CRM system for churches. Church CRM version v4.5.3 suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary Web script ...

6.1CVSS6.1AI score0.00498EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/06/27 12:0 a.m.5 views

DzzOffice 跨站脚本漏洞

DzzOffice is a platform that provides online collaborative office suite functionality from the American company Big Desk DzzOffice. The platform can be used to provide online documents, forms, webstores, presentations, and other features. A security vulnerability exists in DzzOffice version...

6.1CVSS6.7AI score0.00596EPSS
Exploits1References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/06/22 12:0 a.m.26 views

JVN#97818024: Multiple vulnerabilities in Pleasanter

Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2023-32607 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2| AV:N/AC:M/Au:S/C:N/I:P/A:N| Base...

6.5CVSS6.5AI score0.01158EPSS
Exploits0
OSV
OSV
added 2023/06/19 4:15 a.m.5 views

CVE-2023-34657

A stored cross-site scripting XSS vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the webrecordnum parameter...

4.8CVSS5.9AI score0.00351EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/06/16 12:0 a.m.4 views

Wolters Kluwer TeamMate+ 跨站脚本漏洞

Wolters Kluwer TeamMate+ is a financial audit management software from Wolters Kluwer, a Dutch company. A security vulnerability exists in Wolters Kluwer TeamMate+ version 35.0.11.0. An attacker can exploit this vulnerability to execute arbitrary web script or HTML...

5.4CVSS6.1AI score0.0052EPSS
Exploits1References3
CNVD
CNVD
added 2023/06/07 12:0 a.m.5 views

miniCal Cross-Site Scripting Vulnerability

miniCal is miniCal open source an open source PMS. miniCal version 1.0.0 cross-site scripting vulnerability can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a carefully crafted payload...

5.4CVSS6.3AI score0.00548EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/06/05 12:0 a.m.4 views

miniCal 跨站脚本漏洞

miniCal is miniCal open source an open source PMS. miniCal version 1.0.0 cross-site scripting vulnerability can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a carefully crafted payload...

5.4CVSS6.2AI score0.00548EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2023/05/31 12:0 a.m.9 views

CVE-2023-33736

A stored cross-site scripting XSS vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter...

5.5AI score0.00398EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/05/31 12:0 a.m.2 views

Pleasanter 跨站脚本漏洞

Pleasanter is a free OSS no-code/low-code development tool from Pleasanter. A security vulnerability exists in Pleasanter 1.3.38.1 and earlier versions, which stems from the presence of a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary scripts on a...

5.4CVSS5.8AI score0.00671EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/05/31 12:0 a.m.13 views

CVE-2023-31548

A stored Cross-site scripting XSS vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.8AI score0.01248EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/05/25 12:0 a.m.7 views

CVE-2023-33750

A stored cross-site scripting XSS vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at /index.php?s=/article/ApiAdminArticle/itemAdd...

5.3AI score0.004EPSS
Exploits1References1
Rows per page
Query Builder