Lucene search
K

2049 matches found

OSV
OSV
added 2021/07/01 9:15 p.m.15 views

CVE-2020-23207

A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Edit Values" field under the "Configure Attributes" module...

5.4CVSS5.5AI score
Exploits0References1
Prion
Prion
added 2021/07/01 9:15 p.m.18 views

Cross site scripting

A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add a list" field under the "Import Emails" module...

3.5CVSS5.3AI score0.00558EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/07/01 9:15 p.m.17 views

Cross site scripting

A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under the "Start or continue campaign" module...

3.5CVSS5.3AI score0.00551EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/07/01 12:0 a.m.4 views

PhpList 跨站脚本漏洞

phpList is an open source newsletter and email marketing software from phpList UK. A stored cross-site scripting vulnerability exists in phplist version 3.5.3. The vulnerability can be exploited to execute arbitrary web script or HTML via the "Add List" field under the "Import Email" module...

5.4CVSS5.5AI score0.00558EPSS
Exploits1References3
CNVD
CNVD
added 2021/06/29 12:0 a.m.6 views

Zammad cross-site scripting vulnerability (CNVD-2021-50125)

Zammad is a Web-based open source helpdesk/customer support system. A cross-site scripting vulnerability exists in Zammad. A remote attacker can exploit this vulnerability to execute arbitrary web script or HTML via the "user-avatar" attribute...

6.1CVSS6.3AI score0.00833EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/06/21 12:0 a.m.3 views

WordPress plugin Admin Columns 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.4CVSS5.8AI score0.00997EPSS
Exploits1References3
Exploit DB
Exploit DB
added 2021/06/10 12:0 a.m.411 views

TextPattern CMS 4.8.7 - Stored Cross-Site Scripting (XSS)

Exploit Title: TextPattern CMS 4.8.7 - Stored Cross-Site Scripting XSS Date: 2021/09/06 Exploit Author: Mert Daş [email protected] Software Link: https://textpattern.com/filedownload/113/textpattern-4.8.7.zip Software web: https://textpattern.com/ Tested on: Server: Xampp TextPattern is pron...

7.4AI score
Exploits0
CNVD
CNVD
added 2021/06/02 12:0 a.m.7 views

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2021-39688)

CMS Made Simple is a simple, easy-to-use content management system developed using PHP, MySQL and Smarty template engine. A cross-site scripting vulnerability exists in the "Setup News" module in the admin panel of CMS Made Simple version 2.2.14. An attacker can exploit this vulnerability to...

4.8CVSS6.5AI score0.00534EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2021/06/01 12:0 a.m.5 views

The vulnerability of the virtual learning environment Moodle, related to the lack of protection for the website structure, allows a hacker to execute arbitrary HTML code and script code in the user’s browser within the context of the vulnerable website.

The vulnerability of the virtual learning environment Moodle is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary HTML code and script code in the user’s browser, within the context of the...

7.2CVSS7AI score0.00569EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2021/06/01 12:0 a.m.4 views

CMS Made Simple 跨站脚本漏洞

CMS Made Simple is a simple, easy-to-use content management system developed using PHP, MySQL and Smarty template engine. A cross-site scripting vulnerability exists in the "Setup News" module in the admin panel of CMS Made Simple version 2.2.14. An attacker can exploit this vulnerability to...

4.8CVSS5.6AI score0.00534EPSS
Exploits1References1
OSV
OSV
added 2021/05/10 10:15 a.m.21 views

CVE-2021-20717

Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web browser...

6.1CVSS6.6AI score
Exploits0References3
Prion
Prion
added 2021/05/10 10:15 a.m.21 views

Cross site scripting

Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web browser...

4.3CVSS6.2AI score0.02308EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2021/03/29 12:0 a.m.6 views

SourceForge Kagemai Cross-Site Scripting Vulnerability (CNVD-2021-24011)

SourceForge Organization kagemai is an application of the Japanese open source SourceForge Organization . A Web-based bug tracking system BTS. Kagemai 0.8.6 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary script in a user's web browser...

6.1CVSS6.5AI score0.00756EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/26 12:0 a.m.69 views

JVN#64869876: Multiple vulnerabilities in baserCMS

baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Improper Neutralization of JavaScript input in the page editing function CWE-79 - CVE-2021-20681 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4...

9CVSS6.6AI score0.02475EPSS
Exploits0
CNNVD
CNNVD
added 2021/03/26 12:0 a.m.17 views

WonderLink Yomi-Search 跨站脚本漏洞

WonderLink Yomi-Search is a WonderLink application. A versatile search engine. A cross-site scripting vulnerability exists in version 4.22 of Yomi-Search Ver4.22, which originates from the ability to execute arbitrary script on the web browser of a user accessing a website that uses Yomi-Search. ...

6.1CVSS8.4AI score0.00756EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 8:46 a.m.3 views

Kagemai vulnerable to cross-site scripting

Overview Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a stored cross-site scripting vulnerability CWE-79 which allows an unintended script execution on the web browser of the user w...

6.1CVSS5.9AI score0.00756EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/03/25 8:43 a.m.3 views

Kagemai vulnerable to cross-site scripting

Overview Kagemai provided by daifukuya.com is a bug tracking system to share bug information of the software being developed among its development team. Kagemai contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved...

6.1CVSS6AI score0.00756EPSS
Exploits0References4
CNVD
CNVD
added 2021/03/09 12:0 a.m.4 views

WESEEK GROWI cross-site scripting vulnerability (CNVD-2021-16350)

GROWI is a team collaboration software. A stored cross-site scripting vulnerability exists in WESEEK GROWI 4.2.2 and earlier versions, which can be exploited by a remote attacker to execute arbitrary script in a user's browser by sending specially crafted content...

5.4CVSS6.4AI score0.0065EPSS
Exploits0References1
CNVD
CNVD
added 2021/02/24 12:0 a.m.7 views

Aruba ClearPass Policy Manager Cross-Site Scripting Vulnerability

Aruba ClearPass Policy Manager is a network access control NAC solution. A reflective cross-site scripting vulnerability in the client portal interface of Aruba ClearPass Policy Manager versions prior to 6.9.5, 6.8.8-HF1, and 6.7.14-HF1 can be exploited by an attacker to execute arbitrary script...

6.1CVSS6.6AI score0.00802EPSS
Exploits0References1
CNVD
CNVD
added 2021/02/24 12:0 a.m.9 views

Aruba ClearPass Policy Manager Cross-Site Scripting Vulnerability (CNVD-2021-13473)

Aruba ClearPass Policy Manager is a network access control NAC solution. A stored cross-site scripting vulnerability in the ClearPass web administration interface in versions prior to Aruba ClearPass Policy Manager 6.9.5, 6.8.8-HF1, and 6.7.14-HF1 can be exploited by an attacker to execute...

6.1CVSS6.4AI score0.00873EPSS
Exploits0References1
Rows per page
Query Builder