Lucene search
K

4774 matches found

Cvelist
Cvelist
added 2020/03/05 6:45 p.m.32 views

CVE-2020-4082

The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting...

5.6AI score0.0066EPSS
Exploits1References1
Symantec
Symantec
added 2020/01/14 12:0 a.m.44 views

SAP NetWeaver Process Integration CVE-2020-6305 Cross Site Scripting Vulnerability

Description SAP NetWeaver Process Integration is prone to an cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...

1.2AI score0.00654EPSS
Exploits0References2Affected Software1
Symantec
Symantec
added 2020/01/11 12:0 a.m.42 views

oVirt Engine CVE-2019-19336 Cross Site Scripting Vulnerability

Description oVirt Engine is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the...

6.8AI score0.00941EPSS
Exploits0References1Affected Software1
Symantec
Symantec
added 2020/01/08 12:0 a.m.27 views

Cisco Crosswork Change Automation CVE-2019-16024 Cross Site Scripting Vulnerability

Description Cisco Crosswork Change Automation is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...

0.2AI score0.00801EPSS
Exploits0References1Affected Software1
Symantec
Symantec
added 2020/01/06 12:0 a.m.34 views

Fortinet FortiAuthenticator CVE-2019-16154 Cross Site Scripting Vulnerability

Description Fortinet FortiAuthenticator is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...

1AI score0.00698EPSS
Exploits0References1Affected Software1
Symantec
Symantec
added 2019/12/17 12:0 a.m.30 views

Multiple Jenkins Plugins Multiple Security Vulnerabilities

Description Jenkins plugins are prone to the following vulnerabilities: 1. Multiple information-disclosure vulnerabilities. 2. Multiple cross-site request forgery vulnerabilities. 3. Multiple HTML-injection vulnerabilities. 4. An XML External Entity injection vulnerability An attacker may...

0.2AI score
Exploits0References1Affected Software17
Symantec
Symantec
added 2019/12/13 12:0 a.m.123 views

WordPress Prior to 5.3.1 Multiple Security Vulnerabilities

Description WordPress is prone to multiple security vulnerabilities. An attacker may leverage these issues to bypass certain security restrictions and perform unauthorized actions or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...

7.5AI score
Exploits0References1Affected Software1
Symantec
Symantec
added 2019/12/10 12:0 a.m.36 views

Microsoft Skype for Business Server CVE-2019-1490 Spoofing Vulnerability

Description Microsoft Skype for Business Server are prone to a spoofing vulnerability. An attacker can exploit this issue to conduct spoofing attacks, execute arbitrary script code in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials an...

0.3AI score0.01432EPSS
Exploits0Affected Software1
Symantec
Symantec
added 2019/12/02 12:0 a.m.35 views

IBM Cloud Pak System CVE-2019-4098 Cross Site Scripting Vulnerability

Description IBM Cloud Pak System is prone to an cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication...

0.9AI score0.00561EPSS
Exploits0Affected Software1
NVD
NVD
added 2019/11/26 12:15 a.m.26 views

CVE-2019-11290

Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well...

8.8CVSS7.8AI score0.01277EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/11/25 11:56 p.m.28 views

CVE-2019-11290 Cloud Foundry UAA logs query parameters in tomcat access file

Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. If the query parameters are used to provide authentication, ie. credentials, then they will be logged as well...

8.8CVSS7.5AI score0.01277EPSS
Exploits0References1
Symantec
Symantec
added 2019/11/20 12:0 a.m.23 views

Cisco Unified Communications Domain Manager CVE-2019-15968 HTML Injection Vulnerability

Description Cisco Unified Communications Domain Manager is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing...

5.6AI score0.00633EPSS
Exploits0References1
Symantec
Symantec
added 2019/10/28 12:0 a.m.13 views

WebKit Cross Site Scripting and Multiple Memory Corruption Vulnerabilities

Description WebKit is prone to a cross-site scripting vulnerability and multiple memory-corruption vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or execute arbitrary code in the...

1AI score
Exploits0References1Affected Software5
ThreatPost
ThreatPost
added 2019/10/08 12:44 p.m.300 views

APT Groups Exploiting Flaws in Unpatched VPNs, Officials Warn

State-sponsored advanced persistent threat APT groups are using flaws in outdated VPN technologies from Palo Alto Networks, Fortinet and Pulse Secure to carry out cyber attacks on targets in the United States and overseas, warned U.S. and U.K. officials. The National Security Agency NSA issued a...

7.5CVSS9.2AI score0.99999EPSS
Exploits57References13
Symantec
Symantec
added 2019/10/02 12:0 a.m.62 views

Eclipse Mojarra CVE-2019-17091 Cross Site Scripting Vulnerability

Description Eclipse Mojarra is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may all...

0.2AI score0.02469EPSS
Exploits1References3Affected Software3
Symantec
Symantec
added 2019/09/10 12:0 a.m.31 views

Microsoft Team Foundation Server CVE-2019-1305 Cross Site Scripting Vulnerability

Description Microsoft Team Foundation Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...

6.4AI score0.01432EPSS
Exploits0Affected Software2
Symantec
Symantec
added 2019/09/10 12:0 a.m.56 views

Microsoft Office SharePoint CVE-2019-1262 Cross Site Scripting Vulnerability

Description Microsoft Office SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...

6.3AI score0.02794EPSS
Exploits5Affected Software1
Packet Storm
Packet Storm
added 2019/09/05 12:0 a.m.216 views

WordPress API Bearer Auth 20181229 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Api bearer auth 20181229 Api bearer auth is prone to a reflected cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary scri...

0.1AI score
Exploits0
0day.today
0day.today
added 2019/09/05 12:0 a.m.38 views

WordPress Portrait-Archiv.com Photostore 5.0.4 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications WordPress Portrait-Archiv.com Photostore 5.0.4 Cross Site Scripting Vulnerability Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Portrait-Archiv.com Photostore 5.0.4 Portrait-Archiv.com is prone to a reflected...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/09/03 12:0 a.m.232 views

WordPress Portrait-Archiv.com Photostore 5.0.4 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Portrait-Archiv.com Photostore 5.0.4 Portrait-Archiv.com is prone to a reflected cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execut...

7AI score
Exploits0
Rows per page
Query Builder