Lucene search
K

63 matches found

Vulnrichment
Vulnrichment
added 2023/04/24 12:0 a.m.9 views

CVE-2023-26060

An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult t...

6.8CVSS8.8AI score0.0059EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/04/24 12:0 a.m.32 views

CVE-2023-26060

An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult t...

6.8CVSS9AI score0.0059EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/04/03 12:0 a.m.15 views

CVE-2022-27665

Reflected XSS via AngularJS sandbox escape expressions exists in Progress Ipswitch WSFTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add fold...

7.1AI score0.33112EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/04/03 12:0 a.m.51 views

CVE-2022-27665

Reflected XSS via AngularJS sandbox escape expressions exists in Progress Ipswitch WSFTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add fold...

7.2AI score0.33112EPSS
Exploits1References3
Fortinet
Fortinet
added 2023/02/16 12:0 a.m.85 views

FortiAnalyzer - XSS vulnerability due to AngularJS Client-Side Template injection

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiAnalyzer may allow a remote unauthenticated attacker to perform a stored cross site scripting XSS attack via the URL parameter observed in the FortiWeb attack event logview in FortiAnalyzer...

5.8CVSS5.9AI score0.00668EPSS
Exploits0Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2022/11/21 12:0 a.m.22 views

(Pwn2Own) Microsoft Teams chat Client-Side Template Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Teams. No user interaction is required if the attacker and target are in the same Teams organization. The specific flaw exists within the rendering of chat messages. Crafted data in a chat...

6.3CVSS3.5AI score
Exploits0References1
NVD
NVD
added 2022/01/13 9:15 a.m.27 views

CVE-2022-22112

In DayByDay CRM, versions 1.1 through 2.2.1 latest suffer from an application-wide Client-Side Template Injection CSTI. A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser...

5.4CVSS0.00616EPSS
Exploits1References2
Prion
Prion
added 2022/01/13 9:15 a.m.21 views

Design/Logic Flaw

In DayByDay CRM, versions 1.1 through 2.2.1 latest suffer from an application-wide Client-Side Template Injection CSTI. A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser...

3.5CVSS5.9AI score0.00616EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/01/13 8:35 a.m.33 views

CVE-2022-22112 DayByDay CRM - Application-Wide Client-Side Template Injection (CSTI)

In DayByDay CRM, versions 1.1 through 2.2.1 latest suffer from an application-wide Client-Side Template Injection CSTI. A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser...

5.4CVSS6.1AI score0.00616EPSS
Exploits1References2
OSV
OSV
added 2022/01/13 8:35 a.m.26 views

CVE-2022-22112 DayByDay CRM - Application-Wide Client-Side Template Injection (CSTI)

In DayByDay CRM, versions 1.1 through 2.2.1 latest suffer from an application-wide Client-Side Template Injection CSTI. A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser...

5.4CVSS6.3AI score0.00616EPSS
Exploits1References4
CVE
CVE
added 2022/01/13 8:35 a.m.95 views

CVE-2022-22112

CVE-2022-22112 affects DayByDay CRM, versions 1.1–2.2.1. The issue is an application-wide Client-Side Template Injection (CSTI) that allows a low-privileged attacker to input template payloads at multiple locations to execute JavaScript in the client browser. The primary sources describe the vuln...

5.4CVSS5.8AI score0.00616EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/01/07 10:0 p.m.6 views

CVE-2022-22112

In DayByDay CRM, versions 1.1 through 2.2.1 latest suffer from an application-wide Client-Side Template Injection CSTI. A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser...

5.4CVSS6.2AI score0.00616EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2021/05/12 5:15 p.m.17 views

CVE-2021-30214

Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter...

5.4CVSS0.23795EPSS
Exploits1References1
Prion
Prion
added 2021/05/12 5:15 p.m.13 views

Design/Logic Flaw

Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter...

3.5CVSS5.7AI score0.23795EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/05/12 4:18 p.m.21 views

CVE-2021-30214

Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter...

5.9AI score0.23795EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/06/25 7:35 p.m.22 views

CVE-2020-9437

SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS...

5.4AI score0.00981EPSS
Exploits0References3
NVD
NVD
added 2020/01/17 6:15 p.m.19 views

CVE-2019-17127

A Stored Client Side Template Injection CSTI with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation...

6.1CVSS6.3AI score0.0186EPSS
Exploits0References2
NVD
NVD
added 2020/01/17 6:15 p.m.21 views

CVE-2019-17125

A Reflected Client Side Template Injection CSTI with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS...

6.1CVSS6.3AI score0.0152EPSS
Exploits0References2
OSV
OSV
added 2020/01/17 6:15 p.m.6 views

CVE-2019-17125

A Reflected Client Side Template Injection CSTI with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS...

6.1CVSS5.8AI score0.0152EPSS
Exploits0References2
OSV
OSV
added 2020/01/17 6:15 p.m.6 views

CVE-2019-17127

A Stored Client Side Template Injection CSTI with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation...

6.1CVSS6.4AI score0.0186EPSS
Exploits0References2
Rows per page
Query Builder