Lucene search
K

2049 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/07/02 12:0 a.m.267 views

JVN#63895206: Multiple vulnerabilities in Calsos CSDX and CSDJ series products

Calsos CSDX and CSDJ series products provided by NEC Platforms, Ltd. contain multiple vulnerabilities listed below. Access Restriction Bypass CWE-284 - CVE-2018-0613 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...

8.8CVSS7.3AI score0.01078EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/06/15 5:36 a.m.4 views

Chrome Extension "5000 trillion yen converter" vulnerable to cross-site scripting

Overview Chrome Extension "5000 trillion yen converter" provided by Owen contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the extension Update the extension according to the information provided by the...

6.1CVSS6.1AI score0.00781EPSS
Exploits0References5
CNVD
CNVD
added 2018/06/15 12:0 a.m.2 views

Chrome Extension "5000 trillion yen converter" Cross-Site Scripting Vulnerability

Google Chrome is an iOS-based web browser developed by Google USA. A cross-site scripting vulnerability exists in Chrome Extension "5000 trillion yen converter", which can be exploited by an attacker to execute arbitrary scripts on a user's web browser...

6.1CVSS6.5AI score0.00781EPSS
Exploits0References1
Prion
Prion
added 2018/06/07 9:29 p.m.17 views

Cross site scripting

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters...

4.3CVSS6AI score0.01783EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2018/05/29 12:0 a.m.1 views

Unspecified Cross-Site Scripting Vulnerability in SAP SAPUI5

SAP SAPUI5 is a UI technology that provides everything you need to build enterprise-class Web applications. SAP SAPUI5 suffers from an unspecified cross-site scripting vulnerability that stems from the program not properly validating user-supplied input. A remote attacker could use this...

6.8AI score
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/05/28 5:11 a.m.4 views

WordPress plugin "Site Reviews" vulnerable to cross-site scripting

Overview The WordPress plugin "Site Reviews" provided by Gemini Labs contains a stored cross-site scripting vulnerability CWE-79. Keita Uchida of TDU Cryptography Lab reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

6.1CVSS5.8AI score0.01309EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/05/28 12:0 a.m.37 views

JVN#16471686: WordPress plugin "Email Subscribers & Newsletters" vulnerable to cross-site scripting

The WordPress plugin "Email Subscribers & Newsletters" provided by Icegram contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provid...

6.1CVSS6AI score0.01224EPSS
Exploits0
CNVD
CNVD
added 2018/05/23 12:0 a.m.5 views

Multiple Cross-Site Scripting Vulnerabilities in Joomla! Core

Joomla! is an open source content management system CMS. The system provides RSS feeds , site search and other features . Joomla! Core is a Joomla! core. Multiple cross-site scripting vulnerabilities exist in Joomla! Core versions prior to 3.8.8, which stem from the program failing to properly...

4.8CVSS7.3AI score0.0105EPSS
Exploits0References1
exploitpack
exploitpack
added 2018/05/22 12:0 a.m.15 views

WebSocket Live Chat - Cross-Site Scripting

WebSocket Live Chat - Cross-Site Scripting Exploit Title: WebSocket Live Chat - Cross-Site Scripting Date: 2018-05-22 Exploit Author: Alireza Norkazemi Vendor Homepage: https://codecanyon.net/item/websocket-live-chat-instant-messaging-php/16545798?srank=1 POC : 1 Create your account and click...

6.8AI score
Exploits0
OpenVAS
OpenVAS
added 2018/05/15 12:0 a.m.25 views

WordPress Ultimate Member Plugin < 2.0.4 Multiple Vulnerabilities

The WordPress plugin Copyright C 2018 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

7.5CVSS5AI score0.02598EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/05/10 3:0 a.m.15 views

CVE-2018-9111

Cross Site Scripting XSS exists on the Foxconn FEMTO AP-FC4064-T APGTB385.8.3lb15-W47 LTE Build 15 via the configuration of a user account. An attacker can execute arbitrary script on an unsuspecting user's browser...

5.5AI score0.00531EPSS
Exploits1References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/05/09 6:37 a.m.3 views

RT-AC1200HP vulnerable to cross-site scripting

Overview RT-AC1200HP provided by ASUS Japan Inc. is a wireless LAN router. RT-AC1200HP contains a cross-site scripting vulnerability CWE-79. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securi...

6.1CVSS6AI score0.00899EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/04/27 12:0 a.m.73 views

JVN#61081552: WordPress plugin "PixelYourSite" vulnerable to cross-site scripting

The WordPress plugin "PixelYourSite" provided by Minimal Work SRL contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...

5.4CVSS5.3AI score0.00766EPSS
Exploits0
CNVD
CNVD
added 2018/04/04 12:0 a.m.3 views

Cacti cross-site scripting vulnerability (CNVD-2018-08317)

Cacti is based on PHP, MySQL, SNMP and RRDTool developed a set of graphical analysis of network traffic monitoring tools . Cacti suffers from a cross-site scripting vulnerability, which is caused by failing to properly filter HTML code from user-supplied input before displaying it, and can be...

5.4CVSS6.6AI score0.01051EPSS
Exploits1References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/03/30 4:39 a.m.1 views

Safari vulnerable to script injection

Overview Safari provided by Apple Inc. contains a script injection vulnerability CWE-81 in the processing of displaying an error page when it fails to verify server certificates. In an error page Safari displays when it fails to verify server certificates, a domain name of the website accessed is...

6.1CVSS6.7AI score0.01161EPSS
Exploits0References5
CNVD
CNVD
added 2018/02/26 12:0 a.m.1 views

Multiple Cross-Site Scripting Vulnerabilities in SAP BI Launchpad

SAP BI Launchpad is the gateway to BO4.0, BO4.0 SAP BusinessObjects a German company SAP SAP provides a wide range of business intelligence software, information management software, enterprise performance management solutions, regulatory, risk and compliance solutions. Multiple cross-site...

6.8AI score
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2018/02/20 12:0 a.m.59 views

JVN#83834277: Multiple vulnerabilities in FS010W

FS010W provided by FUJI SOFT INCORPORATED is a WiFi router. FS010W contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2018-0519 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.3 CVSS v2|...

8.8CVSS7AI score0.00682EPSS
Exploits0
Prion
Prion
added 2018/01/18 6:29 a.m.12 views

Cross site scripting

A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input...

4.3CVSS6AI score0.00871EPSS
Exploits0References2Affected Software85
CNVD
CNVD
added 2017/12/21 12:0 a.m.2 views

TYPO3 Recommend Page Extension Cross-Site Scripting Vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF maintained by the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in the TYPO3 Recommend Page extension due to the program failing to properly filter user-supplied input. An attacker could use the...

6.7AI score
Exploits0References1
CNVD
CNVD
added 2017/11/21 12:0 a.m.2 views

Cisco Registered Envelope Service Cross-Site Scripting Vulnerability (CNVD-2017-34811)

Cisco Registered Envelope Service is a set of mail service solutions from Cisco USA. The product includes read receipts for mail, mail recycling, mail forwarding and reply functions, and provides smartphone support. A cross-site scripting vulnerability exists in the web interface in Cisco...

6.1CVSS6.6AI score0.00868EPSS
Exploits0References1
Rows per page
Query Builder