Lucene search
K

2049 matches found

CNNVD
CNNVD
added 2022/09/19 12:0 a.m.2 views

OPSWAT MetaDefender ICAP Server 跨站脚本漏洞

OPSWAT MetaDefender ICAP Server is an advanced threat protection software for network traffic from OPSWAT, USA. It is used to protect systems and users by examining every file transmitted over a network. A security vulnerability exists in OPSWAT MetaDefender ICAP Server versions prior to 4.13.0. ...

5.4CVSS6.2AI score0.00395EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/15 12:0 a.m.39 views

JVN#21213852: Multiple vulnerabilities in EC-CUBE

EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple vulnerabilities listed below. Directory traversal vulnerability CWE-22 - CVE-2022-40199 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N| Base Score: 2.7 CVSS v2| AV:N/AC:L/Au:S/C:P/I:N/A:N| Base Score:...

5.4CVSS4.8AI score0.01028EPSS
Exploits0
Cvelist
Cvelist
added 2022/08/25 6:46 p.m.17 views

CVE-2022-36527

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module...

6AI score0.00413EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2022/08/17 9:15 p.m.27 views

CVE-2022-35133

A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node...

6.1CVSS6.5AI score0.00421EPSS
Exploits0References2
NVD
NVD
added 2022/08/02 3:15 p.m.7 views

CVE-2022-34618

A stored cross-site scripting XSS vulnerability in Mealie 1.0.0beta3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the recipe description text field...

5.4CVSS0.00675EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/07/14 12:0 a.m.6 views

Veeam Management Pack for Microsoft System Center 跨站脚本漏洞

Veeam Management Pack for Microsoft System Center is an ultra-comprehensive and intuitive extension for System Center from Veeam USA. It supports application-to-host management of VMware vSphere, Microsoft Hyper-V and Veeam Backup & Replication. A security vulnerability exists in Veeam Management...

6.1CVSS6.6AI score0.00462EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/07/06 8:30 p.m.20 views

CVE-2022-20815 Cisco Unified Communications Products Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM, Cisco Unified CM Session Management Edition Unified CM SME, and Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an unauthenticated, remote attacker to...

6.1CVSS6.2AI score0.00656EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/07/05 12:0 a.m.5 views

Zoo Management System 跨站脚本漏洞

PHPGURUKUL Zoo Management System is a zoo management system by Phpgurukul team. A cross-site scripting vulnerability exists in Zoo Management System v1.0, which stems from a lack of checksum filtering of user-supplied data and output in the Add Category feature. The vulnerability can be exploited...

5.4CVSS5.6AI score0.00682EPSS
Exploits2References4
Prion
Prion
added 2022/06/27 11:15 p.m.17 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file...

3.5CVSS4.9AI score0.00648EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/06/23 5:15 p.m.18 views

CVE-2022-33113

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module...

5.4CVSS7AI score
Exploits0References1
OSV
OSV
added 2022/06/06 11:15 p.m.3 views

CVE-2022-29296

A reflected cross-site scripting XSS vulnerability in the login portal of Avantune Genialcloud ProJ - 10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS6.5AI score0.02363EPSS
Exploits3References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/06/01 4:39 a.m.3 views

WordPress Plugin "Modern Events Calendar Lite" vulnerable to cross-site scripting

Overview WordPress Plugin "Modern Events Calendar Lite" provided by Webnus contains a stored cross-site scripting vulnerability CWE-79. Tsutomu Aramaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

5.4CVSS5.9AI score0.00525EPSS
Exploits0References5
Prion
Prion
added 2022/05/27 2:15 p.m.15 views

Cross site scripting

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector CSPC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient...

4.3CVSS5.9AI score0.00685EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/05/25 1:15 a.m.13 views

Cross site scripting

A cross-site scripting XSS vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin...

4.3CVSS5.9AI score0.00734EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/05/24 7:1 p.m.13 views

GHSA-C8MX-43CQ-993W EC-CUBE Cross-site scripting vulnerability

Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web browser...

6.1CVSS6.1AI score0.02308EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/05/17 12:0 a.m.3 views

Aruba ClearPass Policy Manager 跨站脚本漏洞

Aruba ClearPass Policy Manager is an application of Aruba, Inc. that provides a secure access management system for wireless networks. cross-site scripting is present in Aruba ClearPass Policy Manager versions 6.10.4 and earlier, 6.9.9 and earlier, and 6.8.9-HF2 and earlier. vulnerability. An...

5.4CVSS5.7AI score0.0053EPSS
Exploits0References2
Snyk
Snyk
added 2022/05/14 1:36 a.m.5 views

Cross-site Scripting (XSS)

Overview modx/revolution is a Content Management System. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the parseCustomData function in the update.class.php file. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious...

6.1CVSS5.5AI score0.00861EPSS
Exploits1References2
OSV
OSV
added 2022/05/09 6:15 p.m.3 views

CVE-2022-27308

A stored cross-site scripting XSS vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title...

5.4CVSS6.2AI score
Exploits0References3
CVE
CVE
added 2022/05/03 8:1 p.m.74 views

CVE-2022-27330

CVE-2022-27330 describes a cross-site scripting (XSS) vulnerability in the E-Commerce Website v1.0, exploitable through a crafted payload injected into the Product Title field when using the admin URL /public/admin/index.php?add_product. The vulnerability allows execution of arbitrary web scripts...

5.4CVSS5.2AI score0.00538EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/04/04 9:15 p.m.20 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in TPCMS v3.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Phone text box...

3.5CVSS4.9AI score0.00435EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder