Lucene search
K

2049 matches found

Prion
Prion
added 2019/10/31 9:15 p.m.22 views

Cross site request forgery (csrf)

An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the way the safe browsing function parses HTTP requests. The server hostname is extracted from captured HTTP/HTTPS requests and inserted as part of a Lua statement without...

10CVSS9.3AI score0.02669EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2019/10/16 7:15 p.m.20 views

Cross site scripting

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected...

4.3CVSS6AI score0.00801EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/10/16 6:36 p.m.30 views

CVE-2019-15281 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The attacker must have...

4.8CVSS4.8AI score0.00622EPSS
Exploits0References1
Symantec
Symantec
added 2019/10/15 12:0 a.m.78 views

Adobe Experience Manager APSB19-48 Multiple Security Vulnerabilities

Description Adobe Experience Manager is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials, to gain access to sensitive...

0.5AI score
Exploits0Affected Software1
NVD
NVD
added 2019/10/05 11:15 p.m.51 views

CVE-2019-17206

Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper aka Redis Wrapper before 0.3.0 allows attackers to execute arbitrary scripts...

9.8CVSS9.7AI score0.03158EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/10/05 10:1 p.m.47 views

CVE-2019-17206

Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper aka Redis Wrapper before 0.3.0 allows attackers to execute arbitrary scripts...

9.7AI score0.03158EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/10/03 12:0 a.m.304 views

LibreOffice < 6.2.7 / 6.3.x < 6.3.1 Multiple Vulnerabilities (Windows)

The version of LibreOffice installed on the remote Windows host is prior to 6.2.7 or 6.3.x prior to 6.3.1. It is, therefore, affected by the following vulnerabilities: - A directory traversal vulnerability resulting from a feature in LibreOffice which allows documents to specify pre-installed...

9.8CVSS8.7AI score0.02646EPSS
Exploits0References4
OSV
OSV
added 2019/09/25 4:18 a.m.6 views

OPENSUSE-SU-2019:2183-1 Security update for libreoffice

This update for libreoffice fixes the following issues: Updated to version 6.2.7.1. Security issues fixed: - CVE-2019-9849: Disabled fetching remote bullet graphics in 'stealth mode' bsc1141861. - CVE-2019-9848: Fixed an arbitrary script execution via LibreLogo bsc1141862. - CVE-2019-9851: Fixed...

9.8CVSS7.4AI score0.78007EPSS
Exploits5References16
CNVD
CNVD
added 2019/09/12 12:0 a.m.1 views

WordPress Checklist Cross-Site Scripting Vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A cross-site scripting vulnerability exists in WordPress Checklist, which can be exploited ...

6.4AI score
Exploits0References1
CNVD
CNVD
added 2019/09/11 12:0 a.m.2 views

WordPress Qwiz Online Quizzes And Flashcards Cross-Site Scripting Vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A cross-site scripting vulnerability exists in WordPress Qwiz Online Quizzes And Flashcards...

6.4AI score
Exploits0References1
OpenVAS
OpenVAS
added 2019/09/03 12:0 a.m.51 views

openSUSE: Security Advisory for libreoffice (openSUSE-SU-2019:2057-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS8.1AI score0.78007EPSS
Exploits5References2
OSV
OSV
added 2019/08/28 5:59 a.m.7 views

SUSE-SU-2019:2231-1 Security update for libreoffice

This update for libreoffice fixes the following issues: Security issues fixed: - CVE-2019-9849: Disabled fetching remote bullet graphics in 'stealth mode' bsc1141861. - CVE-2019-9848: Fixed an arbitrary script execution via LibreLogo bsc1141862. - CVE-2019-9851: Fixed LibreLogo global-event scrip...

9.8CVSS7.3AI score0.78007EPSS
Exploits5References12
Tenable Nessus
Tenable Nessus
added 2019/08/26 12:0 a.m.49 views

Fedora 29 : 1:libreoffice (2019-2fe22a3a2c)

CVE-2019-9850 Insufficient url validation allowing LibreLogo script execution - CVE-2019-9851 LibreLogo global-event script execution - CVE-2019-9852 Insufficient URL encoding flaw in allowed script location check ---- - CVE-2019-9848 LibreLogo arbitrary script execution - CVE-2019-9849 remote...

9.8CVSS7.6AI score0.78007EPSS
Exploits5References6
Tenable Nessus
Tenable Nessus
added 2019/08/05 12:0 a.m.46 views

LibreOffice < 6.2.5 Multiple Vulnerabilities (macOS)

The version of LibreOffice installed on the remote macOS host is prior to 6.2.5. It is, therefore, affected by multiple vulnerabilities : - An arbitrary script execution vulnerability exists due to a flaw allowing event-based execution of python scripts within a document. Note, LibreLogo must be...

9.8CVSS7.8AI score0.30698EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2019/08/05 12:0 a.m.295 views

LibreOffice < 6.2.5 Multiple Vulnerabilities (Windows)

The version of LibreOffice installed on the remote Windows host is prior to 6.2.5. It is, therefore, affected by multiple vulnerabilities : - An arbitrary script execution vulnerability exists due to a flaw allowing event-based execution of python scripts within a document. Note, LibreLogo must b...

9.8CVSS7.8AI score0.30698EPSS
Exploits5References4
CNVD
CNVD
added 2019/06/20 12:0 a.m.4 views

Cisco Prime Service Catalog Input Validation Error Vulnerability

Cisco Prime Service Catalog PSC is a service catalog solution from Cisco that provides all IT services through a single portal. The solution supports automated ordering of a unified service catalog for compute, network, storage, and other data center resources. An input validation error...

4.8CVSS7.8AI score0.00878EPSS
Exploits0References1
Symantec
Symantec
added 2019/05/14 12:0 a.m.54 views

Microsoft SharePoint Server CVE-2019-0963 Cross Site Scripting Vulnerability

Description Microsoft SharePoint Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...

6.1AI score0.01585EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2019/02/22 12:0 a.m.3 views

CloudBees Jenkins Script Security Plugin Sandbox Bypass Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A sandbox bypass vulnerabilit...

8.8CVSS7.9AI score0.0299EPSS
Exploits0References1
CVE
CVE
added 2019/01/09 10:0 p.m.50 views

CVE-2018-0665

CVE-2018-0665 affects Yamaha routers RT57i (≤8.00.95), RT58i (≤9.01.51), NVR500 (≤11.00.36), and RTX810 (≤11.01.31). The vulnerability allows an administrative user to embed arbitrary scripts into a configuration form field, which may be executed in another administrative user’s web browser. This...

6.8CVSS6.6AI score0.00652EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2018/12/20 5:29 p.m.12 views

CVE-2018-1000856

DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting XSS vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page. This attack appear t...

4.8CVSS5.8AI score
Exploits0References1
Rows per page
Query Builder