Lucene search
K

2049 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/02/28 12:0 a.m.32 views

JVN#04785663: Multiple cross-site scripting vulnerabilities in EC-CUBE

EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability in Contents Management CWE-79 - CVE-2023-22438 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVS...

5.4CVSS6AI score0.00692EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:41 p.m.32 views

K17563: Apache Struts vulnerability CVE-2015-2992

Security Advisory Description Arbitrary script can be executed when JSP files are exposed to be accessed directly. Affected versions are Struts 2.0.0 - 2.3.16.3. CVE-2015-2992 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product...

6.1CVSS7AI score0.07203EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/02/17 12:0 a.m.5 views

CVE-2023-24369

A cross-site scripting XSS vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function...

5.8AI score0.00429EPSS
Exploits1References1
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.6 views

JSA10377 - Pulse Policy Secure (PPS): Cross-Site Scripting Vulnerability

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Older software versions of Policy Secure are prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute an arbitrary script. This issue is caused by ...

7.2AI score
Exploits0
NVD
NVD
added 2023/02/10 4:15 p.m.8 views

CVE-2023-24234

A stored cross-site scripting XSS vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter...

4.8CVSS4.9AI score0.0048EPSS
Exploits0References2
Prion
Prion
added 2023/02/10 4:15 p.m.17 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter...

4.3CVSS4.9AI score0.0048EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/02/10 12:0 a.m.5 views

Inventory Management System 跨站脚本漏洞

Inventory Management System is an inventory management system by stemword individual developers. A security vulnerability exists in Inventory Management System v1. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the...

4.8CVSS5.7AI score0.0048EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/10 12:0 a.m.4 views

CVE-2023-24233

A stored cross-site scripting XSS vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter...

5.7AI score0.0048EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/02/10 12:0 a.m.3 views

Inventory Management System 跨站脚本漏洞

Inventory Management System is an inventory management system by stemword individual developers. A security vulnerability exists in Inventory Management System v1. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the...

4.8CVSS5.7AI score0.0048EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/09 12:0 a.m.5 views

CVE-2023-24322

A reflected cross-site scripting XSS vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters...

5.9AI score0.31714EPSS
Exploits1References3
Prion
Prion
added 2023/01/27 10:15 p.m.15 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in /index.php?page=help of Revenue Collection System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into sent messages...

4.9CVSS5.2AI score0.00513EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/25 12:0 a.m.7 views

CVE-2022-45730

A cross-site scripting XSS vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search function...

5.9AI score0.00503EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/01/25 12:0 a.m.28 views

AlmaLinux 9 : libreoffice (ALSA-2023:0304)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0304 advisory. - LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme...

8.8CVSS7.8AI score0.04354EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/01/24 7:0 a.m.1 views

EasyMail vulnerable to cross-site scripting

Overview EasyMail provided by First Net Japan Inc. contains a stored cross-site scripting vulnerability CWE-79. Toyama Taku reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed...

6.1CVSS5.8AI score0.00508EPSS
Exploits0References5
Oracle linux
Oracle linux
added 2023/01/24 12:0 a.m.105 views

libreoffice security update

7.1.8.1-8.0.1 - Replace colors with Oracle colors Orabug: 32120093 - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. 1:7.1.8.1-8 - Resolves: rhbz2134759 Untrusted Macros - Resolves: rhbz2134757 Weak Master Keys - Resolves: rhbz2134755 Static...

8.8CVSS3.8AI score0.04354EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/01/24 12:0 a.m.28 views

Oracle Linux 9 : libreoffice (ELSA-2023-0304)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0304 advisory. 7.1.8.1-8.0.1 - Replace colors with Oracle colors Orabug: 32120093 - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option...

8.8CVSS7.4AI score0.04354EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/01/23 12:0 a.m.35 views

RHEL 9 : libreoffice (RHSA-2023:0304)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0304 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor...

8.8CVSS7.6AI score0.04354EPSS
Exploits0References11
AlmaLinux
AlmaLinux
added 2023/01/23 12:0 a.m.27 views

Moderate: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

8.8CVSS8AI score0.04354EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2023/01/20 12:0 a.m.3 views

CVE-2022-41441

Multiple cross-site scripting XSS vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters...

6.2AI score0.05302EPSS
Exploits3References4
Oracle linux
Oracle linux
added 2023/01/18 12:0 a.m.71 views

libreoffice security update

6.4.7.2-12.0.1 - Replace colors with Oracle colors Orabug: 32120093 - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. 1:6.4.7.2-12 - Resolves: rhbz2134752 CVE-2022-26305 Untrusted Macros - Resolves: rhbz2134751 CVE-2022-26307 Weak Master Keys -...

8.8CVSS3.8AI score0.04354EPSS
Exploits0
Rows per page
Query Builder