Lucene search
K

174 matches found

Cvelist
Cvelist
added 2015/06/15 2:0 p.m.21 views

CVE-2015-4378

Cross-site scripting XSS vulnerability in the Crumbs module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with the "Administer Crumbs" permission to inject arbitrary web script or HTML via a custom breadcrumb separator...

5.3AI score0.00949EPSS
Exploits0References3
Atlassian
Atlassian
added 2015/03/15 10:56 p.m.17 views

Restricted blog post visible in the month summary page

Steps to reproduce: 1. create a new blog post, and restrict it to yourself 2. log in as another user and go to Blogs in sidebar 3. blog is not visible in the blogs summary page 4. click a visible blog in the same month 5. click the month link in the breadcrumb 5. restricted blog title and excerpt...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/03/15 10:56 p.m.33 views

Restricted blog post visible in the month summary page

Steps to reproduce: 1. create a new blog post, and restrict it to yourself 2. log in as another user and go to Blogs in sidebar 3. blog is not visible in the blogs summary page 4. click a visible blog in the same month 5. click the month link in the breadcrumb 5. restricted blog title and excerpt...

0.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/03/15 10:56 p.m.26 views

Restricted blog post visible in the month summary page

Steps to reproduce: 1. create a new blog post, and restrict it to yourself 2. log in as another user and go to Blogs in sidebar 3. blog is not visible in the blogs summary page 4. click a visible blog in the same month 5. click the month link in the breadcrumb 5. restricted blog title and excerpt...

0.9AI score
Exploits0
OSV
OSV
added 2014/11/28 3:59 p.m.11 views

CVE-2014-7850

Cross-site scripting XSS vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation...

5.4AI score
Exploits0References3
OSV
OSV
added 2014/11/28 3:59 p.m.1 views

DEBIAN-CVE-2014-7850

Cross-site scripting XSS vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation...

4.3CVSS6AI score0.01864EPSS
Exploits0References1
NVD
NVD
added 2014/11/28 3:59 p.m.20 views

CVE-2014-7850

Cross-site scripting XSS vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation...

4.3CVSS7.1AI score0.01864EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2014/11/28 3:59 p.m.26 views

CVE-2014-7850

Cross-site scripting XSS vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation...

4.3CVSS6.9AI score0.01864EPSS
Exploits0References2
Prion
Prion
added 2014/11/28 3:59 p.m.25 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation...

4.3CVSS6.1AI score0.01864EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2014/11/28 3:59 p.m.3 views

UBUNTU-CVE-2014-7850

Cross-site scripting XSS vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation...

4.3CVSS6.9AI score0.01864EPSS
Exploits0References3
Cvelist
Cvelist
added 2014/11/28 3:0 p.m.29 views

CVE-2014-7850

Cross-site scripting XSS vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation...

5.5AI score0.01864EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2014/11/28 3:0 p.m.40 views

CVE-2014-7850

Cross-site scripting XSS vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation...

4.3CVSS5.9AI score0.01864EPSS
Exploits0
NVD
NVD
added 2014/06/20 2:55 p.m.16 views

CVE-2014-4505

Cross-site scripting XSS vulnerability in the Easy Breadcrumb module 7.x-2.x before 7.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.7AI score0.01161EPSS
Exploits0References4
Prion
Prion
added 2014/06/20 2:55 p.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Easy Breadcrumb module 7.x-2.x before 7.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.1AI score0.01161EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2014/06/20 2:0 p.m.22 views

CVE-2014-4505

Cross-site scripting XSS vulnerability in the Easy Breadcrumb module 7.x-2.x before 7.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.7AI score0.01161EPSS
Exploits0References4
CVE
CVE
added 2014/06/20 2:0 p.m.37 views

CVE-2014-4505

The CVE-2014-4505 entry applies to the Drupal contributed module Easy Breadcrumb (7.x-2.x) prior to 7.x-2.10. Root cause: the module does not properly sanitize user-supplied values, enabling cross-site scripting (XSS). Impact: remote attackers could inject arbitrary script/HTML via unspecified ve...

4.3CVSS5.9AI score0.01161EPSS
Exploits0References4Affected Software1
Drupal
Drupal
added 2014/06/18 12:0 a.m.16 views

SA-CONTRIB-2014-063 - Easy Breadcrumb - Cross Site Scripting (XSS)

The Easy Breadcrumb module generates breadcrumbs from path aliases. This module does not properly sanitize user-supplied values creating a Cross Site Scripting XSS vulnerability. CVE identifiers issued CVE-2014-4505 Versions affected Easy breadcrumbs 7.x-2.x versions prior to 7.x-2.10. Drupal cor...

4.3CVSS5.7AI score0.01161EPSS
Exploits0References12
NVD
NVD
added 2012/06/27 12:55 a.m.19 views

CVE-2012-2705

The filtertitles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting XSS attacks via the title parameter...

2.1CVSS5.5AI score0.01607EPSS
Exploits0References8
Prion
Prion
added 2012/06/27 12:55 a.m.11 views

Cross site scripting

The filtertitles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting XSS attacks via the title parameter...

2.1CVSS5.7AI score0.01607EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2012/06/27 12:0 a.m.21 views

CVE-2012-2705

The filtertitles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting XSS attacks via the title parameter...

5.5AI score0.01607EPSS
Exploits0References8
Rows per page
Query Builder