Lucene search
+L

145 matches found

Redos
Redos
added 2022/12/22 12:0 a.m.45 views

ROS-20221222-03

A vulnerability in the Moodle course management system is related to insufficient validation of user-entered data in the LTI vendor library. data in the LTI vendor's library. Exploitation of the vulnerability could allow an attacker acting remotely to send a specially crafted HTTP request and tri...

9.1CVSS6.9AI score0.01352EPSS
Exploits0
Redos
Redos
added 2022/10/13 12:0 a.m.56 views

ROS-20221013-02

The vulnerability in the Moodle course management system is related to the fact that the H5P attempted action report does not group permissions are not taken into account when displaying to non-editing teachers information about attempts/users in groups to which they should not have access. about...

9.8CVSS7.1AI score0.49102EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2022/07/29 12:0 a.m.10 views

The vulnerability of the go-getter library, related to the lack of measures to cleanse input data, allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the go-getter library is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

10CVSS7AI score0.01525EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/07/07 12:0 a.m.6 views

Apache Druid 跨站脚本漏洞

Apache Druid is the United States Apache Apache Foundation of a use of the Java language , written in column-oriented open source distributed database . Apache Druid suffers from a cross-site scripting vulnerability that stems from insufficient cleansing of user-supplied data. A remote attacker...

6.1CVSS5.8AI score0.02088EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/05 12:0 a.m.6 views

Fortinet FortiEDR 跨站脚本漏洞

Fortinet FortiEDR is a built-from-scratch endpoint security solution from US-based Fortinet. Fortinet FortiEDR suffers from a cross-site scripting vulnerability that stems from insufficient cleansing of user-supplied data. A remote attacker could exploit the vulnerability to trick a victim into...

5.4CVSS5.9AI score0.00547EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/07/05 12:0 a.m.3 views

Fortinet FortiOS 跨站脚本漏洞

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering, anti-spam, and other security features. A cross-site scripting vulnerabilit...

6.1CVSS6.4AI score0.0064EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/07/04 12:0 a.m.9 views

LiteCart 跨站脚本漏洞

LiteCart is a suite of e-commerce platforms by the individual developer T. Almroth. LiteCart suffers from a cross-site scripting vulnerability that stems from an attempt to fully cleanse user-supplied data. A remote attacker could use this vulnerability to trick a victim into following a speciall...

6.1CVSS6.4AI score0.01049EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2022/05/13 12:0 a.m.11 views

The vulnerability of the CMS system Pixelimity lies in the lack of measures to cleanse input data, allowing attackers to execute arbitrary code.

The vulnerability of the CMS system Pixelimity is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through admin/admin-ajax.php?action=installtheme remotely...

9CVSS7.5AI score0.24028EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2022/04/23 12:3 a.m.4 views

GHSA-3PQG-4RQG-PG9G Cross-site Scripting in OWASP AntiSamy

OWASP AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets CSS conten...

6.1CVSS6.3AI score0.00995EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/03/21 12:0 a.m.9 views

The vulnerability of the Kylin data processing platform, related to the lack of measures for cleaning incoming data, allows a perpetrator to execute arbitrary commands.

The vulnerability of the Kylin data processing platform is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

10CVSS8.1AI score0.88614EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/02/16 12:0 a.m.11 views

The vulnerability of the implementation of the SetWLanACLSettings() function in D-Link DIR-823-Pro wireless router software allows a hacker to execute arbitrary commands.

The vulnerability of the implementation of the SetWLanACLSettings function in D-Link DIR-823-Pro wireless router microprogramming software is related to insufficient cleaning of input data during the processing of the parameter wl0.0maclist. Exploiting this vulnerability allows a remote attacker ...

10CVSS8.1AI score0.03818EPSS
Exploits0References4Affected Software1
Redos
Redos
added 2022/02/01 12:0 a.m.33 views

ROS-20220125-14

Lxml library vulnerability is related to insufficient cleansing of user data in the cleanup program HTML in the lxml.html file. Exploitation of the vulnerability could allow an attacker acting remotely to cause a victim to click on a specially crafted link and execute arbitrary HTML code and scri...

8.2CVSS7.6AI score0.02456EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/10/05 12:0 a.m.6 views

The vulnerability of the Singularity container platform, related to the failure to cleanse input data, allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Singularity container platform relates to the failure to cleanse input data. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures...

6.8CVSS6.9AI score0.01415EPSS
Exploits0References6Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/10/05 12:0 a.m.7 views

The vulnerability of the highly efficient pglogical logical replication system, related to the failure to cleanse input data, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the highly efficient pglogical logical replication system is related to the failure to perform data cleansing on input data. Exploiting this vulnerability can allow attackers to access confidential data, compromise its integrity, and even cause service failures...

7.2CVSS6.6AI score0.0046EPSS
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2021/10/05 12:0 a.m.6 views

The vulnerability of the SECURITY DEFINER function in software for performing operations on hard disk partition management allows a hacker to access confidential data, compromise its integrity, and cause service failures. This vulnerability arises from the failure to properly cleanse input data.

The vulnerability of the SECURITY DEFINER function in software for performing operations on hard disk partition management systems is related to the lack of measures taken to protect input data. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise it...

9.8CVSS7.7AI score0.022EPSS
Exploits0References5Affected Software2
Redos
Redos
added 2021/09/08 12:0 a.m.12 views

ROS-2-828

2.828 Multiple Vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...

7.8CVSS8.3AI score0.01236EPSS
Exploits1
Redos
Redos
added 2021/09/08 12:0 a.m.19 views

ROS-2-498

2.498 Multiple Vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...

7.8CVSS8.2AI score0.01236EPSS
Exploits1
Redos
Redos
added 2021/09/08 12:0 a.m.13 views

ROS-2-982

2.982 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...

9.8CVSS8.4AI score0.1885EPSS
Exploits1
Redos
Redos
added 2021/09/08 12:0 a.m.5 views

ROS-2-2197

2.2197 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...

7.8CVSS8.3AI score0.99295EPSS
Exploits81
Redos
Redos
added 2021/09/08 12:0 a.m.25 views

ROS-2-581

2.581 Multiple Vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...

6.9AI score0.01157EPSS
Exploits0
Rows per page
Query Builder