Lucene search
K

2465 matches found

Cvelist
Cvelist
added 2021/05/28 7:58 p.m.18 views

CVE-2020-26641

A Cross Site Request Forgery CSRF vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts...

8.9AI score0.00518EPSS
Exploits1References1
CNVD
CNVD
added 2021/04/22 12:0 a.m.4 views

WordPress Larsens Calender plugin cross-site scripting vulnerability

WordPress Larsens Calender is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in WordPress Larsens Calender plugin version 1.2 and earlier versions, which can be exploited by remote attackers to execute arbitrary web scripts via the "Eintrage hinzufuge...

5.4CVSS6.7AI score0.00798EPSS
Exploits2References1
Veracode
Veracode
added 2020/07/13 3:23 a.m.9 views

Cross-site Scripting (XSS)

markdown-it-katex is vulnerable to cross-site scripting. The vulnerability exists in index.js once the parser return an error it returns katex without sanitizing as HTML tags, allowing a malicious user to inject and execute arbitrary web scripts...

2.6AI score
Exploits0
Veracode
Veracode
added 2020/06/03 2:53 a.m.9 views

Cross-site Scripting (XSS)

paypal/merchant-sdk-php is vulnerable to cross-site scriptingXSS attacks. The vulnerability exists due to insufficient filtration of user-supplied data in token HTTP GET parameter in samples/AccountAuthentication/GetAuthDetails.html.php, allowing a malicious user to inject and execute arbitrary w...

1.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.24 views

NewStart CGSL MAIN 5.04 : mailman Vulnerability (NS-SA-2019-0008)

The remote NewStart CGSL host, running version MAIN 5.04, has mailman packages installed that are affected by a vulnerability: - A cross-site scripting XSS flaw was found in mailman. An attacker, able to trick the user into visiting a specific URL, can execute arbitrary web scripts on the user's...

6.1CVSS7.1AI score0.04569EPSS
Exploits3References2
Cvelist
Cvelist
added 2019/06/20 3:46 p.m.24 views

CVE-2018-16248

b3log Solo 2.9.3 has XSS in the Input page under the "Publish Articles" menu with an ID of "articleTags" stored in the "tag" JSON field, which allows remote attackers to inject arbitrary Web scripts or HTML via a carefully crafted site name in an admin-authenticated HTTP request...

6AI score0.00996EPSS
Exploits1References1
Prion
Prion
added 2019/02/23 11:29 a.m.14 views

Cross site scripting

A reflected Cross-Site scripting XSS vulnerability in SEMCO Semcosoft 5.3 allows remote attackers to inject arbitrary web scripts or HTML via the username parameter to the Login Form...

4.3CVSS6AI score0.01046EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/04/13 12:0 a.m.5 views

Joomla! Component jDownloads Cross-Site Scripting Vulnerability

Joomla! is the U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds, site search and other functions . jDownloads is Joomla! A cross-site scripting vulnerability exists in Joomla! Component jDownloads. Allows remote attackers to...

6.1CVSS6.3AI score0.04073EPSS
Exploits4References1
NVD
NVD
added 2017/12/20 6:29 p.m.19 views

CVE-2017-12072

Cross-site scripting XSS vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter...

5.4CVSS5.2AI score0.01009EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/12/20 6:0 p.m.24 views

CVE-2017-12072

Cross-site scripting XSS vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter...

5.1AI score0.01009EPSS
Exploits0References1
OSV
OSV
added 2017/05/22 4:29 p.m.3 views

CVE-2017-2171

Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior ...

6.1CVSS6AI score0.00886EPSS
Exploits0References2
CNVD
CNVD
added 2017/04/05 12:0 a.m.20 views

Nagios Cross-Site Scripting Vulnerability

Nagios is a free and open source computer software application for monitoring systems, networks and infrastructure. Nagios suffers from a cross-site scripting vulnerability. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

6.1CVSS8.9AI score0.01788EPSS
Exploits0References1
CNVD
CNVD
added 2017/03/01 12:0 a.m.5 views

Tenable Log Correlation Engine Cross-Site Scripting Vulnerability

Tenable Log Correlation Engine a.k.a. LCE is a log correlation engine that provides log analysis and event monitoring from Tenable Network Security. A cross-site scripting vulnerability exists in versions of Tenable LCE prior to 4.8.1. A remote attacker can exploit this vulnerability to execute...

5.4CVSS6.4AI score0.00696EPSS
Exploits0References1
CNVD
CNVD
added 2016/01/26 12:0 a.m.5 views

Multiple Buffalo Products Cross-Site Scripting Vulnerabilities

Buffalo is the wireless router product of the Buffalo Group. A cross-site scripting vulnerability exists in multiple Buffalo products. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

6.1CVSS6.2AI score0.00765EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2014/06/04 12:0 a.m.48 views

Google Chrome Multiple Vulnerabilities - 01 (Jun 2014) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

7.5CVSS9.5AI score0.01954EPSS
Exploits1References4
Prion
Prion
added 2013/09/06 11:15 a.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in Coursemill Learning Management System LMS 6.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages...

4.3CVSS5.9AI score0.01012EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2012/01/26 3:55 p.m.24 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to 1 libraries/tbllinks.inc.php and...

4.3CVSS5.9AI score0.01268EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2010/08/02 12:0 a.m.21 views

SimpNews Multiple Vulnerabilities

This host is running SimpNews and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbsimpnewsmultvuln.nasl 7573 2017-10-26 09:18:50Z cfischer $ SimpNews Multiple Vulnerabilities Authors: Antu Sanadi Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net...

5CVSS0.1AI score0.0172EPSS
Exploits2References4
Prion
Prion
added 2010/05/07 6:30 p.m.15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in SemanticScuttle before 0.94.1 allow remote attackers to inject arbitrary web script or HTML via the sort parameter to index.php, and other unspecified vectors, a different issue than CVE-2008-6113. NOTE: some of these details are obtained from...

4.3CVSS6AI score0.01033EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2009/02/16 5:30 p.m.15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the WEC Discussion Forum wecdiscussion extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029...

4.3CVSS6AI score0.01033EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder