Lucene search
K

62 matches found

Vulnrichment
Vulnrichment
added 2023/05/30 12:0 a.m.10 views

CVE-2023-23956

A user can supply malicious HTML and JavaScript code that will be executed in the client browser...

6.7AI score0.03083EPSS
Exploits3References2
CNNVD
CNNVD
added 2023/05/30 12:0 a.m.33 views

Broadcom Symantec SiteMinder 跨站脚本漏洞

Broadcom Symantec SiteMinder is an identity provider and federation system from Broadcom, Inc. It provides access to web applications and portals. A security vulnerability exists in Broadcom Symantec SiteMinder version 12.52. An attacker could exploit this vulnerability to execute malicious HTML...

6.1CVSS5.9AI score0.03083EPSS
Exploits3References4
F5 Networks
F5 Networks
added 2023/02/21 6:55 p.m.301 views

K24383845: Bootstrap vulnerability CVE-2019-8331

Security Advisory Description In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. CVE-2019-8331 Impact An attacker can inject a malicious script into a client browser. Additionally, an attacker can trick a user into running maliciou...

6.1CVSS6.4AI score0.1686EPSS
Exploits1Affected Software13
NVD
NVD
added 2023/01/26 9:18 p.m.15 views

CVE-2023-23949

An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser...

8.1CVSS5.5AI score0.00564EPSS
Exploits0References1
CVE
CVE
added 2023/01/24 12:0 a.m.62 views

CVE-2023-23949

CVE-2023-23949 is described across multiple sources as a client-side cross-site scripting vulnerability triggered by an authenticated user supplying malicious HTML/JavaScript, leading to code execution in the victim’s browser. Connected document detail confirms the affected product is Symantec Id...

8.1CVSS5.5AI score0.00564EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2023/01/24 12:0 a.m.6 views

CVE-2023-23949

An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser...

7AI score0.00564EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/24 12:0 a.m.21 views

CVE-2023-23949

An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser...

5.8AI score0.00564EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2022/12/14 12:30 p.m.19 views

Why PCI DSS 4.0 Should Be on Your Radar in 2023

Protecting customer data is critical for any business accepting online payment information. The Payment Card Industry Data Security Standard PCI DSS, created by leading credit card companies, establishes best practices for protecting consumers' information. By adhering to these standards,...

7.3AI score
Exploits0
OSV
OSV
added 2022/12/10 12:30 a.m.31 views

GHSA-X87M-36G7-6MPW Yii2 Gii Cross-site Scripting vulnerability

Some fields like Message Category requires I18N enabled in Model Generator, CRUD Generator or Form Generator, Author Name in Extension Generator, etc. are being cached without sanitisation of their contents when the Preview button is pressed. This leads to possibility of injecting malicious...

5.4CVSS5.3AI score0.00607EPSS
Exploits1References4
CVE
CVE
added 2022/04/26 8:5 p.m.72 views

CVE-2022-28450

CVE-2022-28450 affects nopCommerce 4.50.1. It is a Cross-Site Scripting vulnerability in the forum “Text” parameter when creating a new post, caused by insufficient data validation/filtering of user-supplied data. This permits execution of arbitrary JavaScript in the victim’s browser. The provide...

5.4CVSS5.5AI score0.00681EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2022/04/26 8:5 p.m.16 views

CVE-2022-28450

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS via the "Text" parameter forums when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser...

5.4CVSS6.4AI score0.00681EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/04/12 4:28 p.m.16 views

CVE-2022-27139

An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploadin...

8.2AI score0.0379EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/11/09 12:0 a.m.5 views

多款HP产品跨站脚本漏洞

The HP Color LaserJet Pro M280-M281 and others are products of Hewlett-Packard HP in the U.S.A. The HP Color LaserJet Pro M280-M281 is a printer.The HP Color LaserJet CM4540 MFP CC419A is a multifunction printer.The Hp Color LaserJet Cm4540 Mfp and others are products of Hewlett-Packard Hp USA.Hp...

6.1CVSS6AI score0.00648EPSS
Exploits0References3
OSV
OSV
added 2021/06/07 10:15 p.m.21 views

CVE-2021-32671

Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 our last beta before v1.0.0 and was not noticed or documented. This allowed for any user to type...

10CVSS9.4AI score0.39738EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2021/06/01 9:20 p.m.4 views

@aws-crypto/example-browser (>=0.1.0-preview.1 <=0.1.0-preview.5), @aws-crypto/integration-browser (>=0.2.0-preview.1 <=0.2.0-preview.5) potentially affected by unknown CVE via @aws-crypto/client-browser (=0.1.0-preview.5)

@aws-crypto/client-browser NPM version =0.1.0-preview.5 is affected by a known vulnerability. The following packages have a transitive dependency on @aws-crypto/client-browser and may be impacted: - @aws-crypto/example-browser =0.1.0-preview.1, =0.2.0-preview.1, =0.2.0-preview.5 Source cves:...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2021/04/16 7:52 p.m.46 views

JavaScript execution via malicious molfiles (XSS)

Impact The viewer plugin implementation of renders molfile data directly inside a tag without any escaping. Arbitrary JavaScript code can thus be executed in the client browser via crafted molfiles. Patches Patched in v0.3.0: Molfile data is now rendered as value of a hidden tag and escaped via...

6.1CVSS2.5AI score0.00566EPSS
Exploits0References4Affected Software1
Hacker One
Hacker One
added 2020/11/12 10:41 p.m.12 views

U.S. Dept Of Defense: Reflected Xss in [██████]

Description: Reflected XSS in █████████ due to unsanitized single quote '. Impact An attacker could execute arbitrary javascript, and perform malicious actions ! Step-by-step Reproduction Instructions 1. Used payload: simo%27onfocus=%27confirmdocument.domain%27name=%27simo%27simo 2. Visit the url...

0.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/12/31 12:0 a.m.146 views

F5 Networks BIG-IP : Bootstrap vulnerability (K24383845)

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. CVE-2019-8331 Impact An attacker can inject a malicious script into a client browser. Additionally, an attacker can trick auser into running malicious code. C Tenable, Inc. The...

6.1CVSS6.7AI score0.1686EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2019/03/21 12:0 a.m.6 views

PT-2019-7202 · Schneider Electric · Modicon Bmxnoe0110 +6

Name of the Vulnerable Software and Affected Versions: Schneider Electric Modicon BMXNOC0401 Schneider Electric Modicon BMXNOE0100 Schneider Electric Modicon BMXNOE0110 Schneider Electric Modicon BMXNOE0110H Schneider Electric Modicon BMXNOR0200H Schneider Electric Modicon BMXP342020 Schneider...

5.4CVSS6.4AI score0.0056EPSS
Exploits0References2
CNVD
CNVD
added 2018/01/25 12:0 a.m.5 views

Routers2 Cross-Site Scripting Vulnerability

Routers2 is a front-end routing tool. A cross-site scripting vulnerability exists in Routers2 version 2.24. A remote attacker can exploit this vulnerability to inject malicious script into a client browser...

4.7CVSS6.3AI score0.02121EPSS
Exploits5References1
Rows per page
Query Builder