Lucene search
K

83 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:58 a.m.8 views

CVE-2023-6458

Mattermost webapp fails to validate route parameters in//channels/ allowing an attacker to perform a client-side path traversal...

9.8CVSS9.3AI score0.00643EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 12:40 a.m.8 views

CVE-2022-40849

ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting XSS. An attacker who successfully exploited this vulnerability could inject a Persistent XSS payload in the Slideshow Management section that execute arbitrary JavaScript code on the client side, e.g., to steal the administrator's...

5.4CVSS5.7AI score0.00394EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:8 p.m.5 views

CVE-2022-3513

An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A specially crafted payload could lead to a reflected XSS on the client side which allows attackers to...

6.1CVSS5.8AI score0.00743EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:16 p.m.7 views

CVE-2020-13262

Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link...

6.1CVSS6.9AI score0.00871EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/05/21 9:1 a.m.18 views

Researchers Expose PWA JavaScript Attack That Redirects Users to Adult Scam Apps

Cybersecurity researchers have discovered a new campaign that employs malicious JavaScript injections to redirect site visitors on mobile devices to a Chinese adult-content Progressive Web App PWA scam. "While the payload itself is nothing new yet another adult gambling scam, the delivery method...

7.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/16 2:50 p.m.12 views

CVE-2024-49705

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise DoS attacks. An attacker might trick a user into using an URL with a d parameter set to an unhandled value. All the subsequent requests will not be accepted as the server returns an error...

5.3CVSS6AI score0.00269EPSS
Exploits0References1
CVE
CVE
added 2025/04/14 12:5 p.m.80 views

CVE-2024-49705

Technical details are not publicly provided in the supplied documents. Monitor for updates.

6.5CVSS6.4AI score0.00269EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/12/16 9:31 a.m.9 views

GHSA-69PR-78GV-7C6H Mattermost Improper Validation of Specified Type of Input vulnerability

Mattermost versions 10.1.x = 10.1.2, 10.0.x = 10.0.2, 9.11.x = 9.11.4, 9.5.x = 9.5.12 fail to properly validate the type of callProps which allows a user to cause a client side webapp and mobile DoS to users of particular channels, by sending a specially crafted post...

6.5CVSS6.3AI score0.00592EPSS
Exploits0References3
NVD
NVD
added 2024/12/16 8:15 a.m.31 views

CVE-2024-54083

Mattermost versions 10.1.x = 10.1.2, 10.0.x = 10.0.2, 9.11.x = 9.11.4, 9.5.x = 9.5.12 fail to properly validate the type of callProps which allows a user to cause a client side webapp and mobile DoS to users of particular channels, by sending a specially crafted post...

6.5CVSS0.00592EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/10/30 12:0 a.m.17 views

F5 Networks BIG-IP : Diffie-Hellman key exchange protocol vulnerability (K000148343)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000148343 advisory. Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is...

7.5CVSS6.9AI score0.01083EPSS
Exploits0References2
OSV
OSV
added 2024/08/26 6:15 a.m.3 views

UBUNTU-CVE-2024-41996

Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers from the client side to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource...

7.5CVSS6.8AI score0.01083EPSS
Exploits0References6
Kitploit
Kitploit
added 2024/05/04 12:30 p.m.34 views

JS-Tap - JavaScript Payload And Supporting Software To Be Used As XSS Payload Or Post Exploitation Implant To Monitor Users As They Use The Targeted Application

JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScript payloads in clients. Changelogs Major changes are documented in the project Announcements:...

5.9AI score
Exploits0References2
OSV
OSV
added 2024/03/06 11:15 a.m.14 views

BIT-GITLAB-2022-2500

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side...

5.4CVSS5.2AI score0.00595EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 11:14 a.m.15 views

BIT-GITLAB-2022-3265

A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perfo...

7.3CVSS5.7AI score0.86326EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/06/07 12:0 a.m.9 views

CVE-2023-2442

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A specially crafted merge request could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of...

8.7CVSS5.8AI score0.96058EPSS
Exploits0References3
Huntr
Huntr
added 2023/03/22 6:58 p.m.23 views

Cross site scripting on the login page

Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. URL...

5.8CVSS6AI score0.0109EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2023/03/09 12:0 a.m.7 views

CVE-2023-0050

An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to...

8.7CVSS8.1AI score0.9242EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/03/08 12:0 a.m.6 views

CVE-2022-4007

A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behal...

5.4CVSS5.9AI score0.0055EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/07 12:0 a.m.5 views

GitLab 跨站脚本漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. GitLab suffers from a security vulnerability that stems from a specially craft...

8.7CVSS6.7AI score0.9242EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2023/02/21 6:46 p.m.186 views

K25126370: Apache HTTPD vulnerability CVE-2019-10098

Security Advisory Description In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. CVE-2019-10098 Impact An attacker can abuse thi...

6.1CVSS6.5AI score0.73981EPSS
Exploits1Affected Software14
Rows per page
Query Builder