Lucene search
+L

100 matches found

CVE
CVE
added 2024/12/30 12:31 a.m.59 views

CVE-2024-13031

The CVE-2024-13031 affects Antabot White-Jotter up to version 0.2.2. Affected component: /admin/content/editor in the Article Content Editor. Root cause: cross-site scripting due to an issue in the editor’s handling, enabling remote exploitation. The vulnerability is publicly disclosed and can be...

5.1CVSS3.5AI score0.00371EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2024/12/30 12:0 a.m.5 views

White-Jotter 代码注入漏洞

White-Jotter is an Antabot personal developer's front-end and back-end separation project using Vue+Spring Boot development, comes with a full set of development tutorials. Antabot White-Jotter 0.2.2 and earlier versions have a code injection vulnerability that originates from the component artic...

5.1CVSS4.2AI score0.00371EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/10/22 12:0 a.m.5 views

PT-2024-21326 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.3.103 Liferay DXP versions 2023.Q4.0 through 2023.Q4.2 Liferay DXP versions 2023.Q3.1 through 2023.Q3.5 Liferay DXP versions 7.4 GA through update 92 Liferay DXP versions 7.3 update 29 through update ...

8.8CVSS7.9AI score0.00342EPSS
Exploits0References11
The Hacker News
The Hacker News
added 2024/04/03 5:11 a.m.105 views

Critical Security Flaw Found in Popular LayerSlider WordPress Plugin

A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from databases, such as password hashes. The flaw, designated as CVE-2024-2879, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as a case of SQL...

9.8CVSS10AI score0.18402EPSS
Exploits1
NVD
NVD
added 2023/07/07 4:15 p.m.26 views

CVE-2023-29998

A Cross-site scripting XSS vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter...

5.4CVSS5.3AI score0.00566EPSS
Exploits1References2
CVE
CVE
added 2023/07/07 12:0 a.m.48 views

CVE-2023-29998

CVE-2023-29998 affects Gis3W g3w-suite 3.5: a Cross-site Scripting (XSS) vulnerability in the content editor where the description parameter can be exploited by remote authenticated users to inject arbitrary script/HTML and potentially gain privileges. Base CVSS v3.1: 5.4 (Medium) with network ve...

5.4CVSS5.2AI score0.00566EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/07/07 12:0 a.m.32 views

CVE-2023-29998

A Cross-site scripting XSS vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter...

5.5AI score0.00566EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/07/07 12:0 a.m.19 views

CVE-2023-29998

A Cross-site scripting XSS vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter...

5.7AI score0.00566EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/07/07 12:0 a.m.8 views

PT-2023-22510 · Unknown · Gis3W G3W-Suite

Name of the Vulnerable Software and Affected Versions: Gis3W g3w-suite version 3.5 Description: A Cross-site scripting XSS vulnerability in the content editor allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter. Recommendation...

5.4CVSS5.2AI score0.00566EPSS
Exploits1References4
OSV
OSV
added 2022/05/17 12:29 a.m.10 views

GHSA-J696-6M57-MCRV Silverstripe CMS XSS Vulnerability

SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by 1 the Insert Media option in the content editor or 2 an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017...

6.1CVSS5.9AI score0.01304EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2022/04/19 12:0 a.m.10 views

The vulnerability of the Advanced Tab for Dialogs plugin of the CKEditor editor allows a hacker to manipulate the content of the address bar.

The vulnerability of the Advanced Tab for Dialogs plugin for the CKEditor editor is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to manipulate the content of the address bar remotely...

7.1CVSS6.9AI score0.01962EPSS
Exploits0References5Affected Software9
Github Security Blog
Github Security Blog
added 2021/10/04 8:13 p.m.44 views

Cross-site Scripting in LaraCMS

LaraCMS contains a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content editor...

5.4CVSS5.1AI score0.00576EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2021/10/04 8:13 p.m.47 views

GHSA-M72G-42Q6-GVC2 Cross-site Scripting in LaraCMS

LaraCMS contains a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content editor...

5.4CVSS5.2AI score0.00576EPSS
Exploits1References3
OSV
OSV
added 2021/09/29 10:15 p.m.20 views

CVE-2020-20129

LaraCMS v1.0.1 contains a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content editor...

5.4CVSS5.5AI score
Exploits0References1
Prion
Prion
added 2021/09/29 10:15 p.m.23 views

Cross site scripting

LaraCMS v1.0.1 contains a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content editor...

3.5CVSS5.2AI score0.00576EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2021/07/05 12:0 a.m.6 views

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2021-48497)

CMS Made Simple CMSMS is an open source content management system that provides developers, programmers, and website owners with a web-based version of the development and management interface. A stored cross-site scripting vulnerability exists in CMS Made Simple version 2.2.14, which can be...

5.4CVSS6.3AI score0.00473EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/07/02 12:0 a.m.7 views

CMS Made Simple 跨站脚本漏洞

CMS Made Simple CMSMS is an open source content management system that provides developers, programmers, and website owners with a web-based version of the development and management interface. A stored cross-site scripting vulnerability exists in CMS Made Simple version 2.2.14, which can be...

5.4CVSS5.5AI score0.00473EPSS
Exploits1References1
OSV
OSV
added 2021/01/26 9:15 p.m.3 views

UBUNTU-CVE-2021-26271

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs in the Advanced Tab for Dialogs plugin...

6.5CVSS7.2AI score0.01962EPSS
Exploits0References3
Hacker One
Hacker One
added 2020/12/02 4:57 p.m.105 views

ImpressCMS: Download full backup and Cross site scripting

A backup zip file was still left on the server, which was removed. Moreover, an old unused content editor was still left and could be used by a malicious user. The unused editor has been removed as well...

1.4AI score
Exploits0
OSV
OSV
added 2020/09/10 5:15 p.m.3 views

CVE-2020-9743

AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below and 6.2 SP1-CFP20 and below are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An...

6.1CVSS6.5AI score0.01955EPSS
Exploits0References1
Rows per page
Query Builder