Lucene search
K

2049 matches found

Hacker One
Hacker One
added 2021/10/23 7:43 p.m.13 views

Rocket.Chat: XSS in various MessageTypes

The Rocket.Chat vulnerability allowed arbitrary script execution in the receiving frontend client through the rendering of messages of various MessageTypes. The vulnerability affected versions 3.18.2 and 4.0.3. The issue was caused by the lack of sanitization of message parameters rendered from...

7.3AI score
Exploits0
OSV
OSV
added 2021/10/22 8:15 p.m.3 views

CVE-2020-36499

TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a cross-site scripting XSS vulnerability in the content parameter of the Rubric Block Add module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the rubric name value...

5.4CVSS5.9AI score0.00551EPSS
Exploits1References1
Prion
Prion
added 2021/10/22 8:15 p.m.14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields...

3.5CVSS5.5AI score0.00562EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/10/22 8:15 p.m.8 views

Cross site scripting

Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting XSS vulnerability in the devicename parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the devicename information...

3.5CVSS5.3AI score0.00551EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/10/22 12:0 a.m.5 views

Fork CMS 跨站脚本漏洞

Fork CMS is an open source content management system CMS developed using PHP. The system contains blogs , questions and answers , forms and other modules . A cross-site scripting vulnerability exists in Fork CMS Content Management System version 5.8.0, which can be exploited by an attacker to...

5.4CVSS5.5AI score0.00576EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/10/22 12:0 a.m.2 views

Sugarcrm SugarCRM 跨站脚本漏洞

Sugarcrm SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM Sugarcrm, USA. The system supports differentiated marketing, management and distribution of sales leads for different customer needs, and information sharing and tracking of sales representatives. SugarC...

5.4CVSS6AI score0.00562EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/09/29 9:29 p.m.22 views

CVE-2020-20131

LaraCMS v1.0.1 contains a stored cross-site scripting XSS vulnerability which allows atackers to execute arbitrary web scripts or HTML via a crafted payload in the page management module...

5.3AI score0.00576EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/09/29 12:0 a.m.5 views

LaraCms 跨站脚本漏洞

LaraCms is a modern content management system in China. version 1.0.1 of LaraCMS contains a cross-site scripting vulnerability that can be exploited by attackers to execute arbitrary web scripts or HTML via specially crafted loads in the content editor...

5.4CVSS5.7AI score0.00576EPSS
Exploits1References1
CNVD
CNVD
added 2021/09/28 12:0 a.m.8 views

Gila CMS Cross-Site Scripting Vulnerability (CNVD-2021-84285)

Gila CMS is an open source content management system CMS based on PHP and MySQL. Gila CMS suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML via a crafted payload in a markup field...

5.4CVSS6.3AI score0.00477EPSS
Exploits1References1
OSV
OSV
added 2021/09/27 10:15 p.m.18 views

CVE-2020-20691

An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files...

6.5CVSS7.2AI score
Exploits0References1
CNNVD
CNNVD
added 2021/09/27 12:0 a.m.5 views

Monstra CMS 代码问题漏洞

Monstra CMS is a lightweight PHP-based content management system CMS from the Ukrainian personal developer Sergey Romanenko.A code issue vulnerability exists in Monstra CMS v3.0.4, which could be exploited by attackers to execute arbitrary web scripts or HTML...

6.5CVSS7AI score0.00896EPSS
Exploits1References1
OSV
OSV
added 2021/09/09 11:15 p.m.13 views

CVE-2020-19283

A reflected cross-site scripting XSS vulnerability in the /newVersion component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML...

6.1CVSS6AI score
Exploits0References2
NVD
NVD
added 2021/09/09 6:15 p.m.11 views

CVE-2020-19266

A stored cross-site scripting XSS vulnerability in the index.php/Dswjcms/Site/articleList component of Dswjcms 1.6.4 allows attackers to execute arbitrary web scripts or HTML...

6.1CVSS0.00621EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/09/09 12:0 a.m.4 views

Dswjcms 跨站脚本漏洞

Dswjcms is for individuals and personal lending launched a free p2p open source project , based on Thinkphp architecture of the industry system , fully automated installation mode , quickly build a P2P website . Dswjcms 1.6.4 version of the existence of cross-site scripting vulnerability , the...

6.1CVSS6.3AI score0.00621EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/09/09 12:0 a.m.5 views

Jeesns 跨站脚本漏洞

JEESNS is a social management system developed on the JAVA enterprise platform. The vulnerability can be exploited to execute arbitrary Web script or HTML via a specially crafted payload in the editor's source field...

5.4CVSS6AI score0.0054EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/08/31 12:0 a.m.3 views

Nature Easy Soft Network Technology ZenTao 跨站脚本漏洞

Nature Easy Soft Network Technology ZenTao is China's easy soft Tianchuang network technology Nature Easy Soft Network Technology company's open source project management software. The software includes features such as product management, project management, quality management and document...

6.1CVSS6.4AI score0.00838EPSS
Exploits1References1
OSV
OSV
added 2021/08/30 6:15 p.m.3 views

CVE-2020-18126

Multiple stored cross-site scripting XSS vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML...

5.4CVSS5.9AI score0.00503EPSS
Exploits1References1
Huntr
Huntr
added 2021/08/28 11:3 p.m.13 views

Cross-site Scripting (XSS) - Stored in namelessmc/nameless

✍️ Description Stored XSS in google analytics. 🕵️‍♂️ Proof of Concept 1. goto 'http://localhost/Nameless/index.php?route=/panel/core/seo/' logged in as admin. 2. enter "G-XXXXXXXX'; javascript:alert1; alert1; instead will cause any admin who visits the SEO page to have the java script activated on...

1.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/08/26 12:0 a.m.40 views

Atlassian JIRA < 8.5.14 / 8.6.x < 8.13.6 / 8.14.x < 8.16.1 XSS (JRASERVER-72392)

According to its self-reported version number, the instance of Atlassian JIRA hosted on the remote web server is affected by a cross-site scripting vulnerability in the number range searcher component due to improper validation of user-supplied input before returning it to users. An...

6.1CVSS6.4AI score0.03841EPSS
Exploits4References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/08/25 12:0 a.m.71 views

JVN#97545738: Multiple cross-site scripting vulnerabilities in Movable Type

Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below. Cross-site scripting vulnerability in Search screen CWE-79 - CVE-2021-20808 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS...

6.1CVSS6.5AI score0.00904EPSS
Exploits0
Rows per page
Query Builder