Lucene search
K

2049 matches found

Cvelist
Cvelist
added 2021/08/24 11:20 a.m.19 views

CVE-2021-33191 MiNiFi CPP arbitrary script execution is possible on the agent's host machine through the c2 protocol

From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. This "patching" command defaults to calling a trusted binary, but might be modified to an arbitrary value through a "c2-update" command. Said command ...

9.6AI score0.04024EPSS
Exploits0References3
Prion
Prion
added 2021/08/12 10:15 p.m.20 views

Cross site scripting

A cross site scripting XSS vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter...

3.5CVSS5.5AI score0.00595EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/08/12 9:7 p.m.58 views

CVE-2020-20990

CVE-2020-20990 is a cross-site scripting (XSS) vulnerability in Domainmod 4.13 that affects the /segments/edit.php Segment Name parameter. The underlying issue is lack of proper validation of user-supplied data, allowing attackers to inject arbitrary web scripts or HTML. The affected component is...

5.4CVSS5.4AI score0.00595EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2021/08/12 3:15 p.m.3 views

CVE-2020-20977

A stored cross site scripting XSS vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section...

5.4CVSS5.6AI score0.00503EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/08/10 12:0 a.m.3 views

Eyoucms 跨站脚本漏洞

Zanzan Network Technology EyouCms EyouCms is a ThinkPHP-based open source content management system CMS from Zanzan Network Technology in China. version v1.4.1 of Eyoucms has a security vulnerability. An attacker can use the vulnerability to execute arbitrary web scripts or HTML...

5.4CVSS6AI score0.005EPSS
Exploits1References1
NVD
NVD
added 2021/07/30 2:15 p.m.19 views

CVE-2020-20699

A cross site scripting XSS vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings...

4.8CVSS0.00527EPSS
Exploits1References1
NCSC
NCSC
added 2021/07/27 12:0 a.m.6 views

Vulnerability fixed in CheckMK

A vulnerability has been fixed in CheckMK. A malicious party can exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. CheckMK has released updates to fix t...

5.4CVSS6.7AI score0.0172EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/07/19 12:0 a.m.83 views

JVN#86026700: Multiple vulnerabilities in GroupSession

GroupSession provided by Japan Total System Co.,Ltd. contains multiple vulnerabilities listed below. Cross-site scripting vulnerability CWE-79 - CVE-2021-20785 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

6.1CVSS5.6AI score0.00916EPSS
Exploits0
CNVD
CNVD
added 2021/07/13 12:0 a.m.5 views

CSZ CMS Cross-Site Scripting Vulnerability (CNVD-2021-50173)

CSZ CMS is a PHP-based open source content management system CMS. CSZ CMS suffers from a cross-site scripting vulnerability that can be exploited to execute arbitrary web script or HTML via a specially crafted load entered in the "New Article" field under the "Article" plugin...

5.4CVSS6.3AI score0.0045EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/13 12:0 a.m.3 views

Codoforum cross-site scripting vulnerability (CNVD-2021-50176)

Codoforum is a set of PHP and MySQL based forum software. A cross-site scripting vulnerability exists in Codoforum version 5.0.2, which can be exploited by an attacker to execute arbitrary web script or HTML via a crafted payload with the "Smiley Code" parameter...

5.4CVSS6.3AI score0.00507EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/13 12:0 a.m.4 views

moziloCMS Stored Cross-Site Scripting Vulnerability

moziloCMS is open source a content management system CMS. A security vulnerability exists in moziloCMS, which can be exploited by an attacker to execute arbitrary web script or HTML through a specially crafted load by entering the "Content" parameter...

5.4CVSS7.1AI score0.00447EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/12 12:0 a.m.8 views

dotCMS Cross-Site Scripting Vulnerability (CNVD-2021-50940)

dotcms is a powerful Content Management System CMS developed in Java. A stored cross-site scripting vulnerability exists in dotCMS version 21.05.1 in dotAdmin//c/cImages, which can be exploited by an attacker to execute arbitrary Web script or HTML via the 'Title' and 'Filename' parameters...

4.8CVSS6.1AI score0.00497EPSS
Exploits1References1
Prion
Prion
added 2021/07/08 4:15 p.m.13 views

Cross site scripting

A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/...

4.3CVSS6.2AI score0.0115EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2021/07/08 12:0 a.m.4 views

Cisco Identity Services Engine 跨站脚本漏洞

Cisco Identity Services Engine ISE is a next-generation identity and access control policy platform that enables organizations to enforce compliance, enhance infrastructure security, and streamline their service operations. A stored cross-site scripting vulnerability exists in the Web management...

4.8CVSS5.7AI score0.00594EPSS
Exploits0References4
NCSC
NCSC
added 2021/07/07 12:0 a.m.5 views

Vulnerability fixed in PRTG Network Monitor

A vulnerability has been fixed in PRTG Network Monitor. A malicious party can exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is visited. Paessler has released updat...

5.4CVSS6.2AI score0.0059EPSS
Exploits1
CNVD
CNVD
added 2021/07/05 12:0 a.m.8 views

phplist cross-site scripting vulnerability (CNVD-2021-48517)

phpList is an open source newsletter and email marketing software from phpList UK. A stored cross-site scripting vulnerability exists in phplist 3.5.4 and earlier versions, which can be exploited to execute arbitrary Web script or HTML via the "admin" parameter under the "Manage Administrators"...

5.4CVSS6.1AI score0.00528EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/05 12:0 a.m.9 views

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2021-48500)

CMS Made Simple CMSMS is an open source content management system that provides developers, programmers, and website owners with a web-based version of the development and management interface. A stored cross-site scripting vulnerability exists in CMS Made Simple version 2.2.14, which can be...

5.4CVSS6AI score0.00473EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/05 12:0 a.m.8 views

LavaLite Cross-Site Scripting Vulnerability (CNVD-2021-48515)

Lavalite is an open source content management system developed using the Laravel framework. A stored cross-site scripting vulnerability exists in the /admin/roles/role component of LavaLite version 5.8.0, which can be exploited by an attacker to execute arbitrary Web script or HTML via the ""New"...

5.4CVSS6AI score0.005EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/07/02 12:0 a.m.4 views

PhpList 跨站脚本漏洞

phpList is an open source newsletter and email marketing software from phpList UK. A stored cross-site scripting vulnerability exists in phplist 3.5.4 and earlier versions, which can be exploited by an attacker to execute arbitrary Web script or HTML via the "Campaign" field under the "Send...

5.4CVSS5.6AI score0.00522EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/02 12:0 a.m.10 views

phplist cross-site scripting vulnerability (CNVD-2021-46871)

phpList is an open source newsletter and email marketing software from phpList UK. A stored cross-site scripting vulnerability exists in phplist version 3.5.3. The vulnerability can be exploited to execute arbitrary web script or HTML via the "Send Test" field under the "Start or Continue Campaig...

5.4CVSS6AI score0.00551EPSS
Exploits1References1
Rows per page
Query Builder