Lucene search
K

65 matches found

CNNVD
CNNVD
added 2022/05/16 12:0 a.m.4 views

Aruba ClearPass Policy Manager 跨站脚本漏洞

Aruba ClearPass Policy Manager is an application of the U.S. company Aruba to provide wireless network security access management system Aruba ClearPass Policy Manager has a cross-site scripting vulnerability, an attacker can use the vulnerability to execute JavaScript code on the client side...

6.1CVSS6.2AI score0.00513EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/05/02 12:0 a.m.4 views

MediaWiki 跨站脚本漏洞

MediaWiki is a web-based wiki engine from the MediaWiki Foundation in the United States. The product can be used to deploy internal knowledge management and content management systems.A cross-site scripting vulnerability exists in versions of MediaWiki prior to 2022-04-29, which stems from an RSS...

6.1CVSS6.4AI score0.00681EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/02/24 12:0 a.m.4 views

FUEL CMS 跨站脚本漏洞

FUEL CMS is a content management system CMS based on the Codelgniter framework. version 1.5.1 of FUEL CMS suffers from a cross-site scripting vulnerability, which stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit the vulnerability to...

5.4CVSS5.4AI score0.00479EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/12/08 12:0 a.m.6 views

DouCo DouPHP 跨站脚本漏洞

DouPHP is a lightweight enterprise content management system CMS from China DouShell Network Technology, Inc. A cross-site scripting vulnerability exists in DouPHP, which stems from a lack of data validation filtering of user-supplied and output data in /admin/cloud.php. An attacker could exploit...

6.1CVSS5.6AI score0.00562EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/06/01 12:0 a.m.7 views

The vulnerability of the virtual learning environment Moodle, related to the lack of protection for the website structure, allows a hacker to execute arbitrary HTML code and script code in the user’s browser within the context of the vulnerable website.

The vulnerability of the virtual learning environment Moodle is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary HTML code and script code in the user’s browser, within the context of the...

7.2CVSS7AI score0.00569EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2020/06/22 9:35 a.m.4 views

Cross-site Scripting (XSS)

Overview docsify is a magical documentation site generator. Affected versions of this package are vulnerable to Cross-site Scripting XSS. Docsify.js uses fragment identifiers parameters after sign to load resources from server-side .md files. Due to lack of validation here, it is possible to...

7.4CVSS5.3AI score0.045EPSS
Exploits5References2
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/20 8:47 a.m.24 views

Security Bulletin: Log Analysis is vulnerable to a client side scripting attack due to missing HTTPOnly and Secure attribute in the cookie

Summary A remote attacker is able to obtain sensitive information cause by the failure to set the HttpOnly and Secure attribute in the cookie. This allow attacker to intercept the transmission and obtain information from the cookie in clear text Vulnerability Details CVEID: CVE-2019-4214...

4.3CVSS0.6AI score0.00477EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2019/09/10 12:0 a.m.2 views

Limesurvey Information Disclosure Vulnerability (CNVD-2019-31189)

LimeSurvey formerly known as PHPSurveyor is a set of open source online questionnaire survey program from the LimeSurvey team, which supports survey program development, questionnaire distribution, and data collection. A security vulnerability exists in Limesurvey versions prior to 3.17.14. An...

7.5CVSS6.5AI score0.01387EPSS
Exploits0References1
CNVD
CNVD
added 2019/05/16 12:0 a.m.3 views

eZ Platform Admin UI Cross-Site Scripting Vulnerability

eZ Platform is an open source enterprise content management system CMS. admin UI is one of the back-end management interface . A cross-site scripting vulnerability exists in the Admin UI in eZ Platform version 2.x, which can be exploited by an attacker to execute client-side code...

6.1CVSS6.4AI score0.00846EPSS
Exploits0References1
Vulnerability Lab
Vulnerability Lab
added 2018/07/22 12:0 a.m.19 views

Barracuda Cloud ESS 2.x - Multiple XSS Web Vulnerabilities

Document Title: =============== Barracuda Cloud ESS 2.x - Multiple XSS Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=742 Barracuda Networks Security ID: BNSEC-671 Release Date: ============= 2018-07-22 Vulnerability Laboratory ID...

7.4AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:39 p.m.18 views

Security Bulletin: IBM QRadar SIEM is vulnerable to a client side scripting attack due to a missing HTTPOnly flag on a cookie. (CVE-2015-1994)

Summary One of the cookies used for user authorization is missing the HTTPOnly Attribute which allows attackers leveraging a Cross-Site Scripting vulnerability to obtain the cookie value and then perform a session hijacking attack. Vulnerability Details CVE-ID: CVE-2015-1994 Description: IBM QRad...

5CVSS0.6AI score0.01209EPSS
Exploits0Affected Software1
NVD
NVD
added 2018/05/14 11:29 p.m.16 views

CVE-2018-11090

An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerability within "ProxyPage.aspx" allows an attacker to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site...

6.1CVSS5.9AI score0.00705EPSS
Exploits1References2
Prion
Prion
added 2018/05/14 11:29 p.m.13 views

Cross site scripting

An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerability within "ProxyPage.aspx" allows an attacker to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site...

4.3CVSS5.8AI score0.00705EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2017/11/17 4:29 a.m.23 views

CVE-2017-1000236

I, Librarian version =4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site...

6.1CVSS6AI score
Exploits0References1
exploitpack
exploitpack
added 2017/05/09 12:0 a.m.42 views

I_ Librarian 4.64.7 - Command Injection Server Side Request Forgery Directory Enumeration Cross-Site Scripting

I Librarian 4.64.7 - Command Injection Server Side Request Forgery Directory Enumeration Cross-Site Scripting SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: I, Librarian PDF manager...

0.7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/05/09 12:0 a.m.68 views

I, Librarian 4.6/4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: I, Librarian PDF manager vulnerable version: =4.6 & 4.7 fixed version: 4.8 CVE number: - impact: Critical homepage:...

7.4AI score
Exploits0
CNVD
CNVD
added 2016/05/19 12:0 a.m.4 views

WP Good News Themes Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in Wordpress Good News Themes, which can be exploited by remote attackers to inject client-side scripting code...

6.4AI score
Exploits0References1
Packet Storm
Packet Storm
added 2015/03/19 12:0 a.m.20 views

Websense Data Security Cross Site Scripting

------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Websense Data Security block page ------------------------------------------------------------------------ Han Sahin, September 2014...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2014/09/02 12:0 a.m.84 views

JQuery 1.4.2 Cross Site Scripting

XSS Reflected JQuery 1.4.2 - Create object option in runtime client-side From: Mauro Risonho de Paula Assumpção Date: 02.09.2014 13:21:20 -0300 VSLA Security Advisory FIRE-XSS-Reflected-Jquery 1.4.2 2014-001: XSS Reflected JQuery 1.4.2 LEVEL: MEDIUM In our tests authorized by the customer, we can...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

Agora.CGI 3.x/4.0 Debug Mode Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3702/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, the Agora.cgi script does not adequately filter HTML tags when debug information is being output. Debug mode is not...

7.1AI score
Exploits0
Rows per page
Query Builder