Lucene search
K

2049 matches found

Vulnrichment
Vulnrichment
added 2023/05/25 12:0 a.m.6 views

CVE-2023-33751

A stored cross-site scripting XSS vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at /app/tag/controller/ApiAdminTagCategory.php...

5.3AI score0.004EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/05/24 8:15 p.m.5 views

CVE-2023-33793

A stored cross-site scripting XSS vulnerability in the Create Power Panels /dcim/power-panels/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

5.4CVSS6.2AI score0.00394EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/05/24 12:0 a.m.8 views

CVE-2023-33829

A stored cross-site scripting XSS vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field...

5.4AI score0.07258EPSS
Exploits7References3
Vulnrichment
Vulnrichment
added 2023/05/24 12:0 a.m.8 views

CVE-2023-31457

A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 22.24.1500.0 and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control...

9.7AI score0.00986EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/24 12:0 a.m.5 views

Mitel MiVoice Connect 安全漏洞

Mitel MiVoice Connect is Mitel Canada's software for centralized management of Mitel Networks' call processing and collaboration tools. A security vulnerability exists in Mitel MiVoice Connect version 19.3 SP2 and prior versions that stems from improper access control and allows an unauthenticate...

9.8CVSS8.7AI score0.00986EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/05/24 12:0 a.m.3 views

Mitel MiVoice Connect 跨站脚本漏洞

Mitel MiVoice Connect is Mitel Canada's software for centralized management of Mitel Networks' call processing and collaboration tools. A cross-site scripting vulnerability exists in Mitel MiVoice Connect 19.3 SP2 and prior versions, which originated from a vulnerability that allows an...

7.4CVSS7.3AI score0.00624EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/05/24 12:0 a.m.2 views

NetBox 跨站脚本漏洞

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A security vulnerability exists in NetBox version v3.5.1, which stems from a security issue in the Create Tenants /tenancy/tenants/ feature, and can b...

5.4CVSS6.1AI score0.00415EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/05/24 12:0 a.m.5 views

NetBox 跨站脚本漏洞

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A security vulnerability exists in NetBox version v3.5.1, which stems from a security issue in the Create Contacts /tenancy/contacts/ function, and ca...

5.4CVSS6.1AI score0.00394EPSS
Exploits1References2
NVD
NVD
added 2023/05/23 2:15 a.m.12 views

CVE-2023-22654

Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T&D Corporation data logger products TR-71W/7...

5.4CVSS5.7AI score0.00508EPSS
Exploits0References3
Prion
Prion
added 2023/05/23 2:15 a.m.15 views

Design/Logic Flaw

Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T&D Corporation data logger products TR-71W/7...

4.9CVSS6.6AI score0.00508EPSS
Exploits0References3
Prion
Prion
added 2023/05/23 1:15 a.m.15 views

Cross site scripting

A reflected cross-site scripting XSS vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter...

5.8CVSS5.9AI score0.012EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2023/05/23 12:0 a.m.64 views

CVE-2023-22654

CVE-2023-22654 affects T&D Corporation and ESPEC MIC CORP. data loggers: TR-71W/72W, RTR-5W, WDR-7, WDR-3, WS-2; RT-12N/RS-12N, RT-22BN, TEU-12N. Issue: client-side enforcement of server-side security may allow arbitrary script execution in a logged-in user’s browser. Impact details are limited t...

5.4CVSS5.7AI score0.00508EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/05/23 12:0 a.m.22 views

CVE-2023-22654

Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T&D Corporation data logger products TR-71W/7...

6.9AI score0.00508EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/05/23 12:0 a.m.5 views

PT-2023-18606 · T&D +1 · Tr-71W/72W +7

Name of the Vulnerable Software and Affected Versions: T&D Corporation data logger products TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions ESPEC MIC CORP. data logger products RT-12N/RS-12N a...

5.4CVSS5.6AI score0.00508EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2023/05/23 12:0 a.m.8 views

CVE-2023-31664

A reflected cross-site scripting XSS vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter...

5.9AI score0.012EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/05/19 12:0 a.m.3 views

Dassault Systèmes 3DEXPERIENCE 跨站脚本漏洞

Dassault Systèmes 3DEXPERIENCE is a business and innovation platform from Dassault Systèmes France. A cross-site scripting vulnerability exists in Dassault Systèmes 3DEXPERIENCE versions R2018x through R2023x, which originates from a vulnerability that allows an attacker to execute arbitrary scri...

6.1CVSS6.2AI score0.00353EPSS
Exploits0References2
CNVD
CNVD
added 2023/05/18 12:0 a.m.24 views

Pimcore Cross-Site Scripting Vulnerability (CNVD-2023-41505)

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A cross-site scripting vulnerability exists in...

6.3CVSS6.2AI score0.00479EPSS
Exploits1References1
CNVD
CNVD
added 2023/05/17 12:0 a.m.6 views

Personnel Property Equipment System Cross-Site Scripting Vulnerability

Personnel Property Equipment System is a personnel property equipment management system by Jon Remus Sevellejo personal developer. A cross-site scripting vulnerability exists in Personnel Property Equipment System v1.0, which stems from the lack of effective filtering and escaping of user-supplie...

5.4CVSS6.2AI score0.00636EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/05/17 12:0 a.m.2 views

ChurchCRM 跨站脚本漏洞

ChurchCRM is an open source CRM system for churches. A cross-site scripting vulnerability exists in ChurchCRM v4.5.4. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary Web scrip...

4.8CVSS6.1AI score0.01508EPSS
Exploits3References4
Vulnrichment
Vulnrichment
added 2023/05/16 12:0 a.m.6 views

CVE-2023-31544

A stored cross-site scripting XSS vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module...

5.5AI score0.00403EPSS
Exploits1References2
Rows per page
Query Builder