Lucene search
K

2049 matches found

NCSC
NCSC
added 2021/02/10 12:0 a.m.2 views

Vulnerabilities fixed in Xerox WorkCentre

Xerox has fixed several vulnerabilities in WorkCentre. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service or to perform a Cross-Site Scripting XSS attack. The latter can lead to the execution of arbitrary script code in the browser used to visit the application is...

6.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2020/11/04 9:8 p.m.43 views

Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0

baserCMS 4.4.0 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Attack vector is: Administrator must be logged in. Components are: Edit feed settings, Edit widget area, Sub site new registration, New category registration Tested baserCMS Version :...

8.1CVSS0.7AI score0.01016EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2020/11/04 9:8 p.m.12 views

GHSA-WPWW-4JF4-4HX8 Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0

baserCMS 4.4.0 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Attack vector is: Administrator must be logged in. Components are: Edit feed settings, Edit widget area, Sub site new registration, New category registration Tested baserCMS Version :...

7.3CVSS7.6AI score0.01016EPSS
Exploits0References4
Cisco
Cisco
added 2020/11/04 4:0 p.m.39 views

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the web-based...

4.8CVSS4.9AI score0.00609EPSS
Exploits0References1
CNVD
CNVD
added 2020/11/04 12:0 a.m.7 views

Cisco Adaptive Security Appliance Cross-Site Scripting Vulnerability (CNVD-2021-44674)

Cisco Adaptive Security Appliance is a set of firewalls and network security platforms from the U.S. company Cisco Cisco. The platform provides highly secure access to data and network resources and other features. A cross-site scripting vulnerability exists in the Cisco Adaptive Security...

6.1CVSS6.6AI score0.00823EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2020/10/30 7:10 p.m.31 views

Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0

baserCMS 4.4.0 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Components are: Blog comment posting Tested baserCMS Version : 4.4.0 Latest Affected baserCMS Version : 4.0.0 4.4.0 Patches : https://basercms.net/security/20201029 Found by yama...

8.7CVSS2.2AI score0.0099EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2020/10/30 7:10 p.m.15 views

GHSA-FW5Q-J9P4-3VXG Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0

baserCMS 4.4.0 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Components are: Blog comment posting Tested baserCMS Version : 4.4.0 Latest Affected baserCMS Version : 4.0.0 4.4.0 Patches : https://basercms.net/security/20201029 Found by yama...

7.7CVSS8.2AI score0.0099EPSS
Exploits0References4
CNVD
CNVD
added 2020/10/26 12:0 a.m.1 views

WordPress Plugin Colorbox Lightbox Cross-Site Scripting Vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A cross-site scripting vulnerability exists in the WordPress plugin Colorbox Lightbox. An...

6.6AI score
Exploits0References1
Cvelist
Cvelist
added 2020/10/08 4:20 a.m.33 views

CVE-2020-3589 Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the...

4.8CVSS4.9AI score0.00609EPSS
Exploits0References1
CNVD
CNVD
added 2020/08/31 12:0 a.m.3 views

BaserCMS Cross-Site Scripting Vulnerability (CNVD-2020-49572)

BaserCMS is an open source enterprise-level content management system cms. BaserCMS 4.3.6 and earlier versions of contentfields.php, contentinfo.php, contentoptions.php, contentrelated.php, indexlisttree.php, jquery.bcTree. A cross-site scripting vulnerability exists in the js component. An...

7.3CVSS6.6AI score0.01011EPSS
Exploits0References1
OSV
OSV
added 2020/08/28 8:48 p.m.15 views

GHSA-CPXC-67RC-C775 Cross Site Scripting in baserCMS

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Attack vector is: Administrator must be logged in. Components are: contentfields.php, contentinfo.php, contentoptions.php, contentrelated.php, indexlisttree.php, jquery.bcTree.js Tested...

7.3CVSS6.8AI score0.01011EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/08/21 5:34 a.m.2 views

Multiple cross-site scripting vulnerabilities in Exment

Overview Exment provided by Kajitori Co.,Ltd contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in some input fields CWE-79 - CVE-2020-5619 Stored cross-site scripting vulnerability in upload files CWE-79 - CVE-2020-5620 Ryoya Koyama of...

5.4CVSS6.1AI score0.00664EPSS
Exploits0References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/08/21 12:0 a.m.50 views

JVN#88315581: Multiple cross-site scripting vulnerabilities in Exment

Exment provided by Kajitori Co.,Ltd contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in some input fields CWE-79 - CVE-2020-5619 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4...

5.4CVSS5.8AI score0.00664EPSS
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2020/05/18 12:0 a.m.3 views

VulnCheck KEV: CVE-2017-7391

A Cross-Site Scripting XSS was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data prefix passed to the 'magmi-git-master/magmi/web/ajaxgettime.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the...

6.1CVSS6.6AI score0.08173EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/04/08 5:51 p.m.20 views

CVE-2018-21055

An issue was discovered on Samsung mobile devices with N7.0 Qualcomm models using MSM8996 chipsets software. A device can be rooted with a custom image to execute arbitrary scripts in the INIT context. The Samsung ID is SVE-2018-11940 September 2018...

9.7AI score0.00831EPSS
Exploits0References1
OSV
OSV
added 2019/12/26 4:15 p.m.3 views

CVE-2019-6034

a-blog cms versions prior to Ver.2.10.23 Ver.2.10.x, Ver.2.9.26 Ver.2.9.x, and Ver.2.8.64 Ver.2.8.x allows arbitrary scripts to be executed in the context of the application due to unspecified vectors...

6.1CVSS6.4AI score0.00655EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/12/20 12:0 a.m.120 views

JVN#10377257: Multiple vulnerabilities in a-blog cms

a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2019-6033 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3...

6.1CVSS6.7AI score0.00781EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2019/12/12 12:0 a.m.76 views

JVN#26847507: Multiple vulnerabilities in "Custom Body Class"

WordPress Plugin "Custom Body Class" provided by Andrei Lupu contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-6029 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N|...

8.8CVSS7.5AI score0.00937EPSS
Exploits0
CNVD
CNVD
added 2019/12/11 12:0 a.m.2 views

Kinza Cross-Site Scripting Vulnerability

KINZA is a web browser. A cross-site scripting vulnerability exists in KINZA version 5.9.2 and earlier on Windows platforms and version 5.0.0 and earlier on Mac platforms. An attacker can exploit this vulnerability to execute arbitrary script on a user's web browser...

6.1CVSS6.6AI score0.00781EPSS
Exploits0References1
CNVD
CNVD
added 2019/11/04 12:0 a.m.0 views

Zyxel NBG-418N v2 Modem Cross-Site Request Forgery Vulnerability

The Zyxel NBG-418N is a broadband router. The Zyxel NBG-418N v2 Modem suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to execute arbitrary script code in the context of an affected site to steal cookie-based authentication credentials or perform...

7.5AI score
Exploits0References1
Rows per page
Query Builder