Lucene search
K

12 matches found

CNNVD
CNNVD
added 2026/02/03 12:0 a.m.7 views

Open eClass 跨站脚本漏洞

Open eClass is an open-source e-classroom system developed by the Greek Universities Network. Versions of Open eClass prior to 4.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from reflective cross-site scripts, which could allow remote attackers to execute arbitrary...

6.1CVSS5.9AI score0.0018EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.5 views

Nagios Fusion 安全漏洞

Nagios Fusion is a centralized monitoring and visualization platform from the US-based Nagios, Inc. A security vulnerability exists in Nagios Fusion versions prior to 4.2.0, which stems from a failure to clear user input when adding or configuring Email Settings, and could lead to a stored...

6.2CVSS5.9AI score0.00915EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/23 3:13 p.m.5 views

CVE-2025-62058

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through 4.2.0...

6.5CVSS6.5AI score0.0016EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/17 6:33 p.m.2 views

CVE-2025-34281 Stored Cross-Site Scripting (XSS) in ThingsBoard

ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting XSS vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if t...

6.2CVSS5.4AI score0.00345EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/03 12:0 a.m.7 views

PT-2025-14792

Name of the Vulnerable Software and Affected Versions API Platform Core versions prior to 4.0.22 Description The issue allows bypassing configured security on an operation using the Relay special node type in hypermedia-driven REST and GraphQL APIs. Recommendations For versions prior to 4.0.22,...

7.5CVSS6.6AI score0.00439EPSS
Exploits0References18
Cvelist
Cvelist
added 2025/03/06 1:9 p.m.12 views

CVE-2025-0877 XSS in AtaksAPP's Reservation Management System

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in AtaksAPP Reservation Management System allows Cross-Site Scripting XSS. This issue affects Reservation Management System: before 4.2.3...

4.7CVSS0.00276EPSS
Exploits0References2
OSV
OSV
added 2022/11/15 9:15 p.m.5 views

CVE-2020-12507

In s::can moni::tools before version 4.2 an authenticated attacker could get full access to the database through SQL injection. This may result in loss of confidentiality, loss of integrity and DoS...

8.8CVSS5.8AI score0.00689EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/07 12:0 a.m.6 views

PT-2022-8327 · Unknown · S::Can Moni::Tools

Name of the Vulnerable Software and Affected Versions: s::can moni::tools versions prior to 4.2 Description: The issue allows an unauthenticated attacker to obtain any file from the device through path traversal in the camera-file module. Recommendations: For versions prior to 4.2, update to...

7.5CVSS7.5AI score0.00785EPSS
Exploits0References2
OSV
OSV
added 2020/02/12 2:15 a.m.3 views

DEBIAN-CVE-2014-6262

Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted third argument to the rrdtool.graph function, aka ZEN-15415...

7.5CVSS8AI score0.07247EPSS
Exploits0References1
CNVD
CNVD
added 2019/10/09 12:0 a.m.3 views

SAP BusinessObjects Business Intelligence Stored Cross-Site Scripting Vulnerability (CNVD-2019-34406)

SAP BusinessObjects Business Intelligence is a reporting and analytics business intelligence BI platform for enterprise users. A stored cross-site scripting vulnerability exists in SAP BusinessObjects Business Intelligence versions prior to 4.2. The vulnerability stems from the product's inabilit...

5.4CVSS6AI score0.00526EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/24 12:0 a.m.3 views

Pexip Infinity Remote Code Execution Vulnerability

Pexip Infinity is a virtual videoconferencing cloud collaboration platform from Pexip Norway. The platform works with standard protocol H.323, SIP based videoconferencing endpoints and videoconferencing infrastructures and is characterized by WAN bandwidth savings. A security vulnerability exists...

9.8CVSS7.3AI score0.03522EPSS
Exploits0References1
OSV
OSV
added 2017/04/21 2:59 p.m.2 views

CVE-2016-1194

Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service...

6.5CVSS5.8AI score
Exploits0References3
Rows per page
Query Builder