Lucene search
+L

265 matches found

OSV
OSV
added 2024/02/05 8:22 p.m.58 views

GHSA-7M8G-FPRR-47FX phpMyFAQ vulnerable to stored XSS on attachments filename

Summary Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leading to allow execute JavaScript code in client side XSS Details On that snippet code of rendering the file attachments from user tables id ?" title="thema ?" id ? filename ? recordlang ? filesize ? mimetype ? The data...

6.5CVSS6.4AI score0.0088EPSS
Exploits1References6
Prion
Prion
added 2023/12/21 10:15 a.m.19 views

Cross site scripting

Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. This Javascript can be executed on the client side of any of the user who looks at the tasks in the...

4.9CVSS6AI score0.01344EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/12/21 10:15 a.m.11 views

PYSEC-2023-264

Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. This Javascript can be executed on the client side of any of the user who looks at the tasks in the...

5.4CVSS5.3AI score0.01344EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/12/14 12:0 a.m.5 views

PT-2023-27549 · Joomla · Extplorer

Name of the Vulnerable Software and Affected Versions: Extplorer component for Joomla affected versions not specified Description: A reflected XSS issue was discovered in the Extplorer component for Joomla. This issue allows for the execution of malicious scripts on the client-side, potentially...

6.1CVSS6AI score0.00405EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/05/24 12:0 a.m.4 views

PT-2023-24580

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.1.0 through 7.4.3.12 Liferay DXP versions 7.1.0 through 7.1 before fix pack 27 Liferay DXP versions 7.2.0 through 7.2 before fix pack 18 Liferay DXP versions 7.3.0 through 7.3 before update 4 Liferay DXP versions 7.4....

5.4CVSS6.2AI score0.00522EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/04/03 12:0 a.m.5 views

Progress ipswitch WS_FTP Server 跨站脚本漏洞

Progress ipswitch WSFTP Server is an FTP server software. A security vulnerability exists in Progress ipswitch WSFTP Server version 8.6.0 that originates from improper handling of user-supplied input. An attacker could exploit the vulnerability to execute malicious code and commands on the client...

6.1CVSS7.7AI score0.33112EPSS
Exploits1References4
Prion
Prion
added 2023/02/20 11:15 p.m.32 views

Cross site scripting

Erxes, an experience operating system XOS with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches...

6.8CVSS8.9AI score0.03125EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/01/11 1:15 p.m.3 views

CVE-2022-42967

Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution...

9.6CVSS5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/12/15 12:0 a.m.9 views

PT-2022-8622 · Feehicms · Feehicms

Name of the Vulnerable Software and Affected Versions: FeehiCMS version 2.0.8 Description: A Cross Site Scripting XSS issue allows remote attackers to run arbitrary code via the lang attribute of an HTML tag. This enables attackers to execute malicious scripts on the client-side, potentially...

6.1CVSS6.1AI score0.00583EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2022/12/13 3:30 p.m.13 views

Duplicate Advisory: Resque Scheduler Reflected XSS In Delayed Jobs View

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9hmq-fm33-x4xx. This link is maintained to preserve external references. Original Description Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting XSS. A remote attacker could inject javascript...

6.1CVSS7.1AI score0.00623EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2022/12/13 12:0 a.m.29 views

CVE-2022-44303

Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting XSS. A remote attacker could inject javascript code to the "schedulejob" or "args" parameter in /resque/delayed/jobs/schedulejob?args=argsid to execute javascript at client side...

6.5AI score0.00623EPSS
Exploits1References1
Hacker One
Hacker One
added 2022/11/20 10:23 a.m.6 views

MTN Group: Reflected - XSS

The Reflected XSS vulnerability was discovered on the website www.mtn.bj. The vulnerability was triggered by entering a malicious payload in the Messages section, which resulted in the execution of the payload on the client-side...

6.2AI score
Exploits0
Huntr
Huntr
added 2022/11/19 5:29 a.m.11 views

Stored cross site scripting

Hi Team, I have found a stored cross-site scripting vulnerability in the Create event section. Description What is stored cross site scripting attack? Stored XSS, occurs when user supplied input is stored and then rendered within a web page. Typical entry points for stored XSS are: message forums...

5.2AI score
Exploits0
Huntr
Huntr
added 2022/10/26 2:30 p.m.20 views

Stored Cross Site Scripting (Network Maps Editor functionality)

Description Hello Team, Hope you are doing well. I have found a stored cross-site scripting vulnerability in the network maps edit functionality. What is stored cross site scripting attack? Stored XSS, occurs when user supplied input is stored and then rendered within a web page. Typical entry...

5.2AI score
Exploits0
OSV
OSV
added 2022/09/14 11:15 a.m.8 views

CVE-2022-37140

PayMoney 3.3 is vulnerable to Client Side Remote Code Execution RCE. The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file...

8CVSS5.9AI score0.0138EPSS
Exploits2References2
OSV
OSV
added 2022/08/19 11:15 p.m.7 views

CVE-2022-35554

Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side...

6.1CVSS5.9AI score0.00444EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/07/27 12:0 a.m.5 views

PT-2022-15844 · Open Xchange · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite versions 7.10.6 and earlier Description: The issue allows for cross-site scripting XSS attacks via the appHandler in a deep link within an e-mail message. This can potentially lead to malicious script execution on the client-side...

6.1CVSS6AI score0.00606EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/07/14 12:0 a.m.5 views

IBM Engineering Lifecycle Optimization 跨站脚本漏洞

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from IBM America. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that the entire organization...

5.4CVSS5.6AI score0.00467EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.7 views

Jenkins Plugin Deployment Dashboard 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...

5.4CVSS5.6AI score0.00606EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.4 views

Admidio 跨站脚本漏洞

Admidio is an open source member management system from the Admidio team. The system supports member lists, event management, guestbooks, photo albums and downloads. A cross-site scripting vulnerability exists in Admidio version 4.1.2, which stems from the program's lack of checksum filtering of...

5.4CVSS5.6AI score0.00545EPSS
Exploits1References2
Rows per page
Query Builder