Lucene search
K

93 matches found

Positive Technologies
Positive Technologies
โ€ขadded 2025/09/08 12:0 a.m.โ€ข5 views

PT-2025-37744

Name of the Vulnerable Software and Affected Versions: color-string version 2.1.1 Description: The npm publishing account for color-string was compromised following a phishing attack. Version 2.1.1 was published with a malicious payload designed to redirect cryptocurrency transactions within...

8.8CVSS6.3AI score0.00378EPSS
Exploits0References15
RedhatCVE
RedhatCVE
โ€ขadded 2025/06/23 8:38 a.m.โ€ข2 views

CVE-2025-2443

An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1...

8.7CVSS7AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
โ€ขadded 2025/06/12 11:21 p.m.โ€ข5 views

CVE-2025-46887

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimโ€™s browser when they brow...

5.4CVSS5.2AI score0.003EPSS
Exploits0References1
Cvelist
Cvelist
โ€ขadded 2025/06/10 10:18 p.m.โ€ข10 views

CVE-2025-47033 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimโ€™s browser when they brow...

5.4CVSS0.00305EPSS
Exploits0References1
RedhatCVE
RedhatCVE
โ€ขadded 2025/05/23 7:35 a.m.โ€ข14 views

CVE-2024-13378

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โ€˜stylesettingsโ€™ parameter in versions 2.9.0.1 up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

5.4CVSS6AI score0.00281EPSS
Exploits0References1
RedhatCVE
RedhatCVE
โ€ขadded 2025/05/23 5:2 a.m.โ€ข10 views

CVE-2023-45740

Stored cross-site scripting vulnerability when processing profile images exists in GROWI versions prior to v4.1.3. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

5.4CVSS6AI score0.00298EPSS
Exploits0
RedhatCVE
RedhatCVE
โ€ขadded 2025/05/15 9:14 p.m.โ€ข8 views

CVE-2025-30314

Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimโ€™s browser when they browse to the page containing t...

6.1CVSS5.3AI score0.0029EPSS
Exploits0References3
Cvelist
Cvelist
โ€ขadded 2024/12/10 10:4 p.m.โ€ข17 views

CVE-2024-52992 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimโ€™s browser when they browse to the page...

5.4CVSS0.00388EPSS
Exploits0References1
The Hacker News
The Hacker News
โ€ขadded 2024/11/04 11:28 a.m.โ€ข32 views

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Oct 28 - Nov 03)

This week was a total digital dumpster fire! Hackers were like, "Let's cause some chaos!" and went after everything from our browsers to those fancy cameras that zoom and spin. You know, the ones they use in spy movies? ๐Ÿ•ต๏ธโ€โ™€๏ธ We're talking password-stealing bots, sneaky extensions that spy on you,...

9.8CVSS8.7AI score0.81973EPSS
Exploits8
NVD
NVD
โ€ขadded 2024/09/20 5:15 p.m.โ€ข18 views

CVE-2024-45489

Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however because of misconfigured Firebase ACLs, it is possible to create or update a boost using another user's ID. This installs the boost in the victim's browser and...

9.8CVSS0.01238EPSS
Exploits0References3
CNNVD
CNNVD
โ€ขadded 2024/09/19 12:0 a.m.โ€ข5 views

NetCat CMS ๅฎ‰ๅ…จๆผๆดž

NetCat CMS is a content management system from NetCat, Inc. A security vulnerability previously existed in NetCat CMS version 6.4.0.24248. An attacker could exploit the vulnerability to execute JavaScript code in a user's browser when the user visits a specific path on the site...

6.1CVSS7AI score0.00267EPSS
Exploits0References2
OSV
OSV
โ€ขadded 2023/12/15 11:15 a.m.โ€ข4 views

CVE-2023-48492

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting DOM-based XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

5.4CVSS5.7AI score0.00562EPSS
Exploits0References1
CNNVD
CNNVD
โ€ขadded 2023/09/30 12:0 a.m.โ€ข4 views

osCommerce Cross-Site Scripting Vulnerability

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...

5.4CVSS5.9AI score0.00431EPSS
Exploits1References3
CNNVD
CNNVD
โ€ขadded 2023/09/30 12:0 a.m.โ€ข3 views

osCommerce Cross-Site Scripting Vulnerability

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...

5.4CVSS5.9AI score0.00431EPSS
Exploits1References3
The Hacker News
The Hacker News
โ€ขadded 2023/03/17 10:46 a.m.โ€ข2 views

A New Security Category Addresses Web-borne Threats

In the modern corporate IT environment, which relies on cloud connectivity, global connections and large volumes of data, the browser is now the most important work interface. The browser connects employees to managed resources, devices to the web, and the on-prem environment to the cloud one. Ye...

6.5AI score
Exploits0
The Hacker News
The Hacker News
โ€ขadded 2023/01/25 1:0 p.m.โ€ข2 views

The Definitive Browser Security Checklist

Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and cloud solutions, it ...

6.8AI score
Exploits0
The Hacker News
The Hacker News
โ€ขadded 2022/01/25 12:12 p.m.โ€ข16 views

TrickBot Malware Using New Techniques to Evade Web Injection Attacks

The cybercrime operators behind the notorious TrickBot malware have once again upped the ante by fine-tuning its techniques by adding multiple layers of defense to slip past antimalware products. "As part of that escalation, malware injections have been fitted with added protection to keep...

0.3AI score
Exploits0
CNNVD
CNNVD
โ€ขadded 2021/08/02 12:0 a.m.โ€ข5 views

Cybozu Garoon ่ทจ็ซ™่„šๆœฌๆผๆดž

A cross-site scripting vulnerability exists in Scheduler in Cybozu Garoon, a portal-based OA office system from Cybozu Japan. An attacker can use this vulnerability to execute arbitrary scripts on a logged-in user's Web browser...

5.4CVSS5.7AI score0.00605EPSS
Exploits0References4
RedHat Linux
RedHat Linux
โ€ขadded 2021/06/09 2:13 p.m.โ€ข5 views

gupnp: allows DNS rebinding which could result in tricking browser into triggering actions against local UPnP services

A flaw was found in gupnp. DNS rebinding can occur when a victim's browser is used by a remote web server to trigger actions against local UPnP services including data exfiltration, data tempering, and other exploits. The highest threat from this vulnerability is to data confidentiality and...

8.1CVSS5.8AI score0.01084EPSS
Exploits0References8
NCSC
NCSC
โ€ขadded 2020/12/17 12:0 a.m.โ€ข6 views

Vulnerability fixed in Dell iDRAC

Dell has fixed a vulnerability in iDrac. A malicious person could exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser used to visit the application is visited. iDRAC is a management environment. I...

6.1CVSS6.6AI score0.00991EPSS
Exploits0
Rows per page
Query Builder