CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2023/08/03 9:20 p.m.•16 views

CVE-2023-20218

5.8CVSS6.2AI score0.00368EPSS

Imperva Blog•added 2023/07/10 3:27 p.m.•17 views

Imperva Offers New Features to Simplify PCI DSS Compliance

The Silent Threat of Client-Side Attacks As more transactions move online, a silent threat is lurking in the deepest, darkest shadows of websites, threatening to steal your sensitive data. This rapidly evolving threat, known as client-side attacks such as Magecart, formjacking, and online skimmin...

6.9AI score

NVD•added 2023/04/10 2:15 p.m.•17 views

CVE-2022-39048

A XSS vulnerability was identified in the ServiceNow UI page assessmentredirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks,...

6.1CVSS5.9AI score0.01089EPSS

Prion•added 2023/04/10 2:15 p.m.•9 views

Cross site scripting

5.8CVSS5.8AI score0.01089EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2023/04/10 12:0 a.m.•6 views

CVE-2022-39048 Cross-Site Scripting (XSS) vulnerability in ServiceNow UI page assessment_redirect

6.1CVSS5.8AI score0.01089EPSS

CVE•added 2023/04/10 12:0 a.m.•77 views

CVE-2022-39048

ServiceNow UI cross-site scripting (CVE-2022-39048) affects the assessment_redirect page. The vulnerability allows an authenticated user to be exploited via a crafted URL that injects JavaScript in the sysparm_survey_url parameter, enabling client-side attacks such as phishing and potential CSRF ...

6.1CVSS5.9AI score0.01089EPSS

Exploits0References2Affected Software1

Cvelist•added 2023/04/10 12:0 a.m.•21 views

CVE-2022-39048 Cross-Site Scripting (XSS) vulnerability in ServiceNow UI page assessment_redirect

6.1CVSS6AI score0.01089EPSS

Talos•added 2022/12/21 12:0 a.m.•42 views

Ghost unauthorized newsletter modification vulnerability

Talos Vulnerability Report TALOS-2022-1624 Ghost unauthorized newsletter modification vulnerability December 21, 2022 CVE Number CVE-2022-41654 SUMMARY An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted...

9.6CVSS5AI score0.18914EPSS

Exploits1

Imperva Blog•added 2022/11/03 12:15 p.m.•13 views

From Online Fraud to DDoS and API Abuse: The State of Security Within eCommerce in 2022

What are the biggest cybersecurity threats affecting online retailers today? The State of Security Within eCommerce in 2022 Report from Imperva is now available and answers that question. For this report, Imperva’s cybersecurity experts analyzed 12 months of data, collected from our global networ...

0.3AI score

Imperva Blog•added 2022/09/12 2:11 p.m.•16 views

PCI DSS Tackles Client-Side Attacks: Everything You Need to Know About Complying With PCI 6.4.3

Client-side attacks often referred to as Magecart attacks have been around since as early as 2015 and dramatically gained in popularity when the global pandemic accelerated digital transformation, by driving more people and data online. Now the fight against these attacks is stepping up a notch...

0.1AI score

Tenable Nessus•added 2022/05/18 12:0 a.m.•25 views

HTTP Parameter Pollution

An HTTP Parameter Pollution HTTP exploits the possibility of including several parameters with the same name in an HTTP request or by including a new encoded parameter. Depending on the web server, its parameters will be parsed in a different way i.e. parsing only the first/last occurrence of the...

7.2AI score

Tenable Nessus•added 2022/04/21 12:0 a.m.•13 views

OpenAPI Missing MIME Types

OpenAPI specification is an API description format for REST APIs. An OpenAPI file is written in YAML or JSON and describes all the API properties like the available endpoints with the related operations or the authentication methods. The consumes field defines the expected data types for POST, PU...

7.8AI score

Hacker One•added 2022/04/09 10:59 a.m.•25 views

TikTok: Stored XSS Payload when sending videos

A Cross-Site Scripting XSS payload was found via the text used when sending videos to a friend, which could have resulted in session hijacking, user impersonation, or client-side attacks. We thank aidilarf2000 for reporting this to our team. Don't forget Vacation and Have Fun.. Write up :...

1AI score

CNVD•added 2021/12/01 12:0 a.m.•6 views

Business-Dna Solution GmbH TopEase File Upload Vulnerability

Business-Dna Solution GmbH TopEase is a "Transformational Risk" solution from Business-Dna Solution GmbH, Switzerland. It is used to manage complex projects and initiatives comprehensively, simply, quickly and securely. A file upload vulnerability exists in Business-Dna Solution GmbH TopEase, whi...

8.8CVSS6.7AI score0.01021EPSS

OSV•added 2021/11/30 12:15 p.m.•2 views

CVE-2021-42123

Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 in the File Upload Functions allows an authenticated remote attacker with Upload privileges to upload files with any file type, enabling client-side attacks...

8.8CVSS7.4AI score

Prion•added 2021/11/30 12:15 p.m.•8 views

Unrestricted file upload

Unrestricted File Upload in Web Applications operating on Business-DNA Solutions GmbHâ€™s TopEaseÂ® Platform Version = 7.1.27 in the File Upload Functions allows an authenticated remote attacker with Upload privileges to upload files with any file type, enabling client-side attacks...

6.5CVSS8.5AI score0.01021EPSS

Exploits0References1Affected Software1

Cvelist•added 2021/11/30 11:28 a.m.•13 views

CVE-2021-42123 Missing Upload Filter in TopEase

7.3CVSS8.8AI score0.01021EPSS

CNNVD•added 2021/11/30 12:0 a.m.•2 views

Business-Dna Solution GmbH TopEase 代码问题漏洞

8.8CVSS5.6AI score0.01021EPSS

Imperva Blog•added 2021/11/11 2:51 p.m.•16 views

Wake up and smell the Javascript – website supply chain puts online retail at risk

There are more than 1.8 billion websites online today, and almost 98% of them are powered by JavaScript. There’s a good reason for this: JavaScript’s flexibility and portability enable the rich online functionality we’ve all come to know and love. But what happens when that same functionality...

7.2AI score