Lucene search
K

2049 matches found

RedhatCVE
RedhatCVE
added 2022/10/14 5:29 a.m.109 views

CVE-2022-3140

A vulnerability was found in LibreOffice that affects the Office URI Schemes. These schemes enable browser integration of LibreOffice with the MS SharePoint server. In LibreOffice, the links using the scheme 'vnd.libreoffice.command' could be constructed to call internal macros with arbitrary...

5.3CVSS2.2AI score0.04354EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/10/13 12:0 a.m.4 views

CVE-2022-35612

A cross-site scripting XSS vulnerability in MQTTRoute v3.3 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the dashboard name text field...

5.3AI score0.00438EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2022/10/13 12:0 a.m.31 views

Debian DSA-5252-1 : libreoffice - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5252 advisory. - LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific t...

6.3CVSS6.6AI score0.04354EPSS
Exploits0References5
NVD
NVD
added 2022/10/11 9:15 p.m.14 views

CVE-2022-3140

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

6.3CVSS0.04354EPSS
Exploits0References5
OSV
OSV
added 2022/10/11 9:15 p.m.6 views

CVE-2022-3140

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

6.3CVSS7.2AI score0.04354EPSS
Exploits0References5
Prion
Prion
added 2022/10/11 9:15 p.m.137 views

Design/Logic Flaw

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

6.8CVSS6.3AI score0.04354EPSS
Exploits0References5Affected Software3
ATTACKERKB
ATTACKERKB
added 2022/10/11 9:15 p.m.5 views

CVE-2022-3140

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

6.3CVSS6.7AI score0.04354EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/10/11 9:15 p.m.2 views

UBUNTU-CVE-2022-3140

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

6.3CVSS7.3AI score0.04354EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/10/11 12:0 a.m.22 views

CVE-2022-3140 Macro URL arbitrary script execution

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

7.5AI score0.04354EPSS
Exploits0References5
CVE
CVE
added 2022/10/11 12:0 a.m.1398 views

CVE-2022-3140

CVE-2022-3140 affects The Document Foundation LibreOffice: 7.4.x before 7.4.1 and 7.3.x before 7.3.6. Root cause is insufficient validation of the vnd.libreoffice.command URI scheme, which could be used to call internal macros with arbitrary arguments. When a user clicks the crafted link or a doc...

6.3CVSS7.3AI score0.04354EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2022/10/11 12:0 a.m.117 views

CVE-2022-3140

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

6.3CVSS6AI score0.04354EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2022/10/11 12:0 a.m.44 views

CVE-2022-3140

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal...

6.3CVSS7.5AI score0.04354EPSS
Exploits0
CNNVD
CNNVD
added 2022/10/07 12:0 a.m.3 views

Total Avengers Totaljs Framework 跨站脚本漏洞

Total Avengers Totaljs Framework is a Javascript-based codebase for building web, desktop, service or IoT applications from Total Avengers Slovakia. The application is similar to PHPs Laravel, Pythons Django, ASP.NET MVC for building Node applications. Total Avengers A security vulnerability exis...

5.4CVSS6.1AI score0.00632EPSS
Exploits1References4
Prion
Prion
added 2022/10/06 6:16 p.m.14 views

Cross site scripting

A cross-site scripting XSS vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML via a crafted payload injected into the ServiceTemplates servicealias parameter...

4.9CVSS5.3AI score0.00616EPSS
Exploits3References1Affected Software1
CNNVD
CNNVD
added 2022/09/30 12:0 a.m.9 views

BookStack 跨站脚本漏洞

BookStack is a simple, self-hosted, easy-to-use platform from BookStack, Inc. for organizing and storing information. A cross-site scripting vulnerability exists in versions prior to BookStack v22.09. An attacker can exploit this vulnerability to execute arbitrary script on a user's web browser...

5.4CVSS5.9AI score0.00692EPSS
Exploits0References5
NVD
NVD
added 2022/09/22 1:15 a.m.18 views

CVE-2022-28980

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter prefix...

6.1CVSS0.00357EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/09/22 12:13 a.m.4 views

CVE-2022-28980

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter prefix...

6.2AI score0.00357EPSS
Exploits0References2
OSV
OSV
added 2022/09/21 6:15 p.m.4 views

CVE-2022-40027

SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component newTask.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter...

6.1CVSS5.9AI score0.00666EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/09/21 5:11 p.m.9 views

CVE-2022-40027

SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component newTask.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter...

6.1AI score0.00666EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/09/19 10:51 p.m.5 views

CVE-2022-38550

A stored cross-site scripting XSS vulnerability in the /weibo/list component of Jeesns v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.6AI score0.0038EPSS
Exploits1References1
Rows per page
Query Builder