Lucene search
K

345 matches found

WPVulnDB
WPVulnDB
added 2023/01/30 12:0 a.m.14 views

PrivateContent < 8.4.4 - Brute Force Protection Bypass

The plugin checks whether an IP is blocked or not via client-side validation, allowing attackers to bypass such protection via crafted requests...

5.3CVSS5.7AI score0.00734EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2022/10/31 12:0 a.m.22 views

Tenable Nessus < 10.4.0 Multiple Vulnerabilities (TNS-2022-21)

Tenable Nessus is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessus"; ifdescripti...

6.5CVSS7.1AI score0.44515EPSS
Exploits5References1
Tenable Product Security Advisories
Tenable Product Security Advisories
added 2022/10/27 2:48 p.m.47 views

[R2] Nessus Version 10.4.0 Fixes Multiple Vulnerabilities

R2 Nessus Version 10.4.0 Fixes Multiple Vulnerabilities Arnie Cabral Thu, 10/27/2022 - 10:48 Nessus leverages third-party software to help provide underlying functionality. Several of the third-party components select2.js, jQuery UI were found to contain vulnerabilities, and updated versions have...

3.1AI score0.00775EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2022/10/25 1:42 p.m.5 views

google-oauth-client: Token signature not verified

A flaw was found in Google OAuth Java client's IDToken verifier, where it does not verify if the token is properly signed. This issue could allow an attacker to provide a compromised token with a custom payload that will pass the validation on the client side, allowing access to information outsi...

8.7CVSS5.8AI score0.00287EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2022/10/17 12:0 a.m.242 views

Garage Management System 1.0 Cross Site Scripting

Exploit Title: Garage Management System 1.0 - 'categoriesName' - Stored XSS Date: 18-09-2022 Exploit Author: Sam Wallace Software Link: https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html Version: 1.0 Tested on: Debian CVE : CVE-2022-41358 Summary:...

5.8AI score0.0292EPSS
Exploits4
wpexploit
wpexploit
added 2022/09/06 12:0 a.m.416 views

Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Stored XSS

The plugin does not sanitise and escape some of the reservation user inputs, allowing unauthenticated attackers to perform Cross-Site Scripting attacks logged in admin viewing the malicious reservation made As unauthenticated, make a reservation ie on a page where the reservationform is embed and...

6.1CVSS0.3AI score0.83373EPSS
Exploits2
CNNVD
CNNVD
added 2022/07/29 12:0 a.m.3 views

WordPress plugin floating-div 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

4.8CVSS5.1AI score0.00463EPSS
Exploits0References3
NVD
NVD
added 2022/07/18 6:15 p.m.18 views

CVE-2021-29799

IBM Engineering Requirements Quality Assistant On-Premises All versions could allow an authenticated user to obtain sensitive information due to improper client side validation. IBM X-Force ID: 203738...

6.5CVSS0.00729EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/07/18 5:0 p.m.19 views

CVE-2021-29799

IBM Engineering Requirements Quality Assistant On-Premises All versions could allow an authenticated user to obtain sensitive information due to improper client side validation. IBM X-Force ID: 203738...

6.5CVSS6.1AI score0.00729EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/07/07 2:19 p.m.3 views

google-oauth-client: Token signature not verified

A flaw was found in Google OAuth Java client's IDToken verifier, where it does not verify if the token is properly signed. This issue could allow an attacker to provide a compromised token with a custom payload that will pass the validation on the client side, allowing access to information outsi...

8.7CVSS5.8AI score0.00287EPSS
Exploits0References5
NVD
NVD
added 2022/05/03 4:15 p.m.26 views

CVE-2021-22573

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation ...

8.7CVSS0.00287EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2022/05/03 3:45 p.m.43 views

CVE-2021-22573

The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation ...

8.7CVSS7.8AI score0.00287EPSS
Exploits0
Prion
Prion
added 2022/04/18 6:15 p.m.12 views

Cross site scripting

The WP Downgrade WordPress plugin before 1.2.3 only perform client side validation of its "WordPress Target Version" settings, but does not sanitise and escape it server side, allowing high privilege users such as admin to perform Cross-Site attacks even when the unfilteredhtml capability is...

3.5CVSS4.9AI score0.04782EPSS
Exploits4References2Affected Software1
CNNVD
CNNVD
added 2022/03/29 12:0 a.m.5 views

RSA Archer 跨站脚本漏洞

RSA Archer is an enterprise IT governance and compliance governance product from RSA UK.A cross-site scripting vulnerability exists in Archer versions 6.x inclusive through 6.10 inclusive, which stems from the lack of proper validation of client-side data by WEB applications. A remote attacker...

6.5CVSS5.3AI score0.00546EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/03/29 12:0 a.m.3 views

Sourcecodester Hospital Patient Records Management System 跨站脚本漏洞

Sourcecodester Hospital Patient Records Management System is a Web-based application that provides an automated platform for hospitals to store and manage their patient records. A cross-site scripting vulnerability exists in version 1.0, which stems from the lack of proper validation of client-si...

5.4CVSS5.5AI score0.00487EPSS
Exploits1References4
WPVulnDB
WPVulnDB
added 2022/03/15 12:0 a.m.15 views

Easy Social Icons < 3.2.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its saved settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed. 3.1.3 added some escaping, but data was output elsewhere PoC Put the...

1.2AI score
Exploits0Affected Software1
CNNVD
CNNVD
added 2022/03/02 12:0 a.m.5 views

Zulip 跨站脚本漏洞

Zulip is a powerful open source group chat application from the Zulip team. Used to combine the immediacy of real-time chat with the productivity benefits of threaded conversations, Zulip suffers from a cross-site scripting vulnerability that stems from the WEB application's lack of proper...

5.4CVSS5.5AI score0.00563EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/02/26 12:0 a.m.3 views

Microweber 跨站脚本漏洞

Microweber is an online store management system from the Microweber community in the United States that provides drag-and-drop functionality. The system includes modules for adding products, images, etc. A cross-site scripting vulnerability exists in Microweber, which stems from the lack of prope...

4.8CVSS5.5AI score0.00613EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/02/16 9:5 p.m.28 views

CVE-2022-24984

Forms generated by JQueryForm.com before 2022-02-05 if file-upload capability is enabled allow remote unauthenticated attackers to upload executable files and achieve remote code execution. This occurs because file-extension checks occur on the client side, and because not all executable content...

8.7AI score0.02596EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/02/15 12:0 a.m.3 views

Burden 跨站脚本漏洞

Josh Fradley Burden is a full-featured task management application written in Php by the individual developer Josh Fradley in Spain. Burden suffers from a security vulnerability that stems from the WEB application's lack of proper validation of client-side data. An attacker can exploit the...

6.1CVSS6.4AI score0.00775EPSS
Exploits1References3
Rows per page
Query Builder