Lucene search
K

72 matches found

Cvelist
Cvelist
added 2025/06/26 2:22 a.m.10 views

CVE-2025-5929 The Countdown <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via clientId Parameter

The The Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘clientId’ parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...

6.4CVSS0.00198EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 4:44 a.m.10 views

CVE-2023-22601

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An unauthorized user could calculate this...

10CVSS6.7AI score0.00563EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:18 p.m.7 views

CVE-2020-13821

An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet sent to the Broker is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the...

5.4CVSS6.8AI score0.00532EPSS
Exploits0
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.214 views

ISC DHCP Zero Length ClientID Denial of Service Module

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ISC DHCP Zero Length ClientID Denial of Service Module', 'Description' = %q This module performs a Denial of Service Attack against the ISC DHCP...

5CVSS6.9AI score0.76412EPSS
Exploits7
Hacker One
Hacker One
added 2024/01/25 1:29 p.m.39 views

U.S. Dept Of Defense: Improper Authentication (Login without Registration with any user) at ████

The ████ system was vulnerable to an improper authentication issue. Attackers could log in as any user without registration by exploiting the signin parameter in the ██████████ endpoint. This allowed them to authenticate and change the session of a victim to any other user...

7.2AI score
Exploits0
OSV
OSV
added 2023/08/02 1:15 p.m.6 views

CVE-2023-26446

The users clientID at "application passwords" was not sanitized or escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker woul...

5.4CVSS5.8AI score0.00558EPSS
Exploits0References4
NVD
NVD
added 2023/08/02 1:15 p.m.25 views

CVE-2023-26446

The users clientID at "application passwords" was not sanitized or escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker woul...

5.4CVSS5.5AI score0.00558EPSS
Exploits0References4
Prion
Prion
added 2023/08/02 1:15 p.m.22 views

Code injection

The users clientID at "application passwords" was not sanitized or escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker woul...

4.9CVSS5.6AI score0.00558EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/08/02 12:23 p.m.30 views

CVE-2023-26446

The users clientID at "application passwords" was not sanitized or escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker woul...

5.4CVSS5.8AI score0.00558EPSS
Exploits0References4
CVE
CVE
added 2023/08/02 12:23 p.m.2504 views

CVE-2023-26446

CVE-2023-26446 concerns Open-Xchange AppSuite, where the user-controlled clientID value used in the I/O flow for application passwords was not sanitized/escaped before being inserted into the DOM, enabling potential cross-site scripting that could compromise the victim’s session or trigger action...

5.4CVSS5.5AI score0.00558EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/02 12:0 a.m.5 views

PT-2023-20638 · Ox Software Gmbh +1 · Ox App Suite +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue arises from the lack of sanitization or escaping of the user's clientID at "application passwords" before it is added to the DOM. This allows...

5.4CVSS5.4AI score0.00558EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2023/05/22 12:0 a.m.7 views

The vulnerability of InHand Networks InRouter 302 and InRouter 615’s microprogramming software, which stems from the use of insufficiently random values, allows attackers to execute arbitrary code.

The vulnerability of InHand Networks InRouter 302 and InRouter 615 microprogrammed software lies in the use of insufficiently random values. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using the MQTT ClientID parameter...

10CVSS8.4AI score0.00563EPSS
Exploits0References5Affected Software2
Vulnrichment
Vulnrichment
added 2023/01/12 10:34 p.m.7 views

CVE-2023-22601

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An unauthorized user could calculate this...

10CVSS9.4AI score0.00563EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/10/06 12:0 a.m.40 views

FlyteAdmin 信任管理问题漏洞

FlyteAdmin is a control plane for Flyte open source. Responsible for managing entities tasks, workflows, startup plans and managing workflow execution. An information disclosure vulnerability exists in Flyte FlyteAdmin versions prior to 1.1.44, which stems from the fact that users who enable the...

7.5CVSS6.2AI score0.0067EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2021/03/05 12:0 a.m.253 views

CatDV 9.2 Authentication Bypass

Exploit Title: CatDV 9.2 - RMI Authentication Bypass Date: 3/1/2021 Exploit Author: Christopher Ellis, Nick Gonella, Workday Inc. Vendor Homepage: https://catdv.com/ Software Link: https://www.squarebox.com/download/CatDVServer9.2.0.exe Version: 9.2 and lower Tested on: Windows, Mac import...

0.5AI score
Exploits0
OSV
OSV
added 2020/09/22 4:22 p.m.5 views

OPENSUSE-SU-2020:1505-1 Security update for libetpan

This update for libetpan fixes the following issues: Update to 1.9.4 boo1174579, CVE-2020-15953: Bugfixes on QUOTA Varios warning fixes & build fixes Update to version 1.9.3 Added IMAP CLIENTID / SMTP CLIENTID support Use Cyrus SASL 2.1.27 Update to version 1.9.2 Support of TLS SNI LMDB for cache...

7.4CVSS7.5AI score0.02393EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/09/21 12:0 a.m.22 views

openSUSE Security Update : libetpan (openSUSE-2020-1454)

This update for libetpan fixes the following issues : Update to 1.9.4 boo1174579, CVE-2020-15953 : - Bugfixes on QUOTA - Varios warning fixes & build fixes Update to version 1.9.3 - Added IMAP CLIENTID / SMTP CLIENTID support - Use Cyrus SASL 2.1.27 Update to version 1.9.2 - Support of TLS SNI -...

7.4CVSS7.7AI score0.02393EPSS
Exploits1References2
OPENSUSE Linux
OPENSUSE Linux
added 2020/09/19 12:0 a.m.47 views

Security update for libetpan (moderate)

openSUSE Security Update: Security update for libetpan Announcement ID: openSUSE-SU-2020:1454-1 Rating: moderate References: 1174579 Cross-References: CVE-2020-15953 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for libetpa...

7.4CVSS7.5AI score0.02393EPSS
Exploits1References1
OSV
OSV
added 2019/11/06 9:15 p.m.26 views

CVE-2019-12419

Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId paramet...

9.8CVSS6.5AI score0.13836EPSS
Exploits0References14
Prion
Prion
added 2019/11/06 9:15 p.m.15 views

Design/Logic Flaw

Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId paramet...

7.5CVSS9.1AI score0.13836EPSS
Exploits0References14Affected Software5
Rows per page
Query Builder