Lucene search
+L

32 matches found

CNNVD
CNNVD
added 2023/05/30 12:0 a.m.6 views

Zulip 跨站脚本漏洞

Zulip is a powerful open source group chat application from Zulip, Inc. for combining the immediacy of real-time chat with the productivity benefits of threaded conversations. A security vulnerability exists in Zulip version 7.0-beta1, 7.0-beta2, which stems from a problem with the tooltip of the...

8.2CVSS5.8AI score0.00617EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/05/30 12:0 a.m.6 views

PT-2023-24203 · Unknown · Zulip Server

Name of the Vulnerable Software and Affected Versions: Zulip Server versions 7.0-beta1 through 7.0-beta2 and the main development branch from May 2, 2023 and later Description: The issue is related to a cross-site scripting vulnerability in tooltips on the message feed. An attacker who can send...

8.2CVSS6AI score0.00617EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/04/27 12:0 a.m.5 views

PT-2023-23002 · H2O · H2O

Name of the Vulnerable Software and Affected Versions: H2O versions 2.3.0-beta2 and prior Description: H2O is an HTTP server. When the reverse proxy handler tries to process a certain type of invalid HTTP request, it tries to build an upstream URL by reading from an uninitialized pointer. This...

8.2CVSS7.9AI score0.00902EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2023/03/17 12:0 a.m.9 views

PT-2023-20443 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions 3.1.0.beta2 through 3.1.0.beta3 Description: Discourse is an open-source discussion platform. Editing or responding to a chat message containing malicious content could lead to a cross-site scripting attack. Recommendations...

6.5CVSS6AI score0.0035EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/03/24 12:0 a.m.9 views

PT-2022-16875 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions 2.8.2 and prior in the stable branch Discourse versions 2.9.0.beta3 and prior in the beta branch Discourse versions 2.9.0.beta3 and prior in the tests-passed branch Description: Discourse is an open source discussion...

4.3CVSS4.5AI score0.00927EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2022/03/01 12:0 a.m.6 views

PT-2022-17044 · Stepmania · Stepmania

Name of the Vulnerable Software and Affected Versions: Stepmania versions 5.1b2 and below Description: The issue allows attackers to access the entire file system through the /rootfs component in RageFile. Recommendations: For Stepmania versions 5.1b2 and below, consider restricting access to the...

9.1CVSS9.1AI score0.00985EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/04/01 12:0 a.m.8 views

PT-2021-7304 · Eclipse +2 · Eclipse Jetty +2

Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions 9.4.32 through 9.4.38 Eclipse Jetty versions 10.0.0.beta2 through 10.0.1 Eclipse Jetty versions 11.0.0.beta2 through 11.0.1 Description: The issue is related to the webapps directory in Eclipse Jetty being a symlink,...

7.8CVSS6AI score0.82371EPSS
Exploits11References102
CNVD
CNVD
added 2019/03/27 12:0 a.m.4 views

Bash Input Validation Error Vulnerability

Bash is a shell command language interpreter written for the GNU Project and running on Unix-like operating systems by American software developer Brian J. Fox. It can read and execute commands from standard input devices or files. A security vulnerability exists in versions prior to Bash...

7.8CVSS9.3AI score0.00415EPSS
Exploits0References1
OSV
OSV
added 2018/01/16 7:29 p.m.4 views

CVE-2017-8802

Cross-site scripting XSS vulnerability in Zimbra Collaboration Suite aka ZCS before 8.8.0 Beta2 might allow remote attackers to inject arbitrary web script or HTML via vectors related to the "Show Snippet" functionality...

5.4CVSS5.9AI score0.01264EPSS
Exploits2References4
CNVD
CNVD
added 2018/01/15 12:0 a.m.5 views

Zimbra Collaboration Suite Cross-Site Scripting Vulnerability

Zimbra Collaboration Suite ZCS is an open source collaboration suite from the US company Zimbra, which includes WebMail, Calendar, Address Book and more. A cross-site scripting vulnerability exists in versions of ZCS prior to 8.8.0 Beta2. A remote attacker can exploit this vulnerability to inject...

5.4CVSS6.2AI score0.01264EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2011/09/12 12:40 p.m.3 views

CVE-2009-5090

SQL injection vulnerability in editcomments.php in Bloggeruniverse Beta 2, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter and possibly other unspecified vectors...

6.8CVSS6.5AI score0.02015EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2006/04/11 12:0 a.m.7 views

VulnCheck KEV: CVE-2006-1359

Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer...

9.3CVSS6.2AI score0.68068EPSS
Exploits11References1
Rows per page
Query Builder