Lucene search
K

202 matches found

OSV
OSV
added 2021/08/09 10:15 a.m.4 views

CVE-2021-37212

The bulletin function of Flygo contains Insecure Direct Object Reference IDOR vulnerability. After being authenticated as a general user, remote attackers can manipulate the bulletin ID in specific Url parameters and access and modify bulletin particular content...

5.4CVSS6.1AI score0.00641EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/07/28 12:0 a.m.14 views

Check MK < 1.6.0p25, 2.0.x < 2.0.0p4 XSS Vulnerability

Check MK is prone to a cross-site scripting XSS vulnerability in the management web console. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CP...

5.4CVSS5.5AI score0.0172EPSS
Exploits2References1
UbuntuCve
UbuntuCve
added 2021/07/26 6:15 p.m.29 views

CVE-2021-36563

The CheckMK management web console versions 1.5.0 to 2.0.0 does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser such as JavaScript or other client-side scripts, the XSS...

5.4CVSS6.3AI score0.0172EPSS
Exploits2References6
OSV
OSV
added 2021/06/16 4:15 p.m.16 views

CVE-2020-35759

bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content Locally/Remotely...

6.5CVSS6.8AI score
Exploits0References1
CNVD
CNVD
added 2021/03/02 12:0 a.m.9 views

IBM Monitoring File Tampering Vulnerability

IBM Monitoring is an application service from IBM USA. It provides a cloud monitoring feature. IBM Monitoring suffers from a file tampering vulnerability that allows an authenticated user to modify HTML content by sending a specially crafted HTTP request to the APM UI. No detailed vulnerability...

4.3CVSS6.2AI score0.00661EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/01/13 9:20 p.m.33 views

CVE-2021-1127 Cisco Enterprise NFV Infrastructure Software Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to improper input...

5.4CVSS5.4AI score0.00614EPSS
Exploits0References1
NVD
NVD
added 2020/12/22 5:15 p.m.30 views

CVE-2019-11786

Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to modify translated terms, which may lead to arbitrary content modification on translatable elements...

4.3CVSS4.5AI score0.00692EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/12/22 5:15 p.m.23 views

CVE-2019-11786

Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to modify translated terms, which may lead to arbitrary content modification on translatable elements...

4.3CVSS6.4AI score0.00692EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/12/22 4:25 p.m.30 views

CVE-2019-11786

Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to modify translated terms, which may lead to arbitrary content modification on translatable elements...

4.3CVSS4.5AI score0.00692EPSS
Exploits0References1
CVE
CVE
added 2020/12/22 4:25 p.m.50 views

CVE-2019-11786

CVE-2019-11786 affects Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, where improper access control allows remote authenticated users to modify translated terms, potentially causing arbitrary content changes on translatable elements. The issue is confirmed across multiple s...

4.3CVSS4.5AI score0.00692EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2020/12/22 4:25 p.m.46 views

CVE-2019-11786

Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to modify translated terms, which may lead to arbitrary content modification on translatable elements...

4.3CVSS4.5AI score0.00692EPSS
Exploits0
OSV
OSV
added 2020/12/14 9:15 p.m.5 views

CVE-2019-19284

A vulnerability has been identified in XHQ All Versions 6.1. The web interface could allow Cross-Site Scripting XSS attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users...

5.4CVSS5.7AI score0.00515EPSS
Exploits0References1
OSV
OSV
added 2020/12/14 9:15 p.m.4 views

CVE-2019-19286

A vulnerability has been identified in XHQ All Versions 6.1. The web interface could allow SQL injection attacks if an attacker is able to modify content of particular web pages...

7.2CVSS5.7AI score0.00886EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2020/11/30 12:0 a.m.21 views

Coremail XT <= 5.0 XSS Vulnerability

Coremail XT is prone to a cross-site scripting XSS vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

6.1CVSS6.4AI score0.01081EPSS
Exploits0
Cvelist
Cvelist
added 2020/10/16 5:10 a.m.38 views

CVE-2020-26584

An issue was discovered in Sage DPW 202006x before 202006002. The search field "Kurs suchen" on the page Kurskatalog is vulnerable to Reflected XSS. If the attacker can lure a user into clicking a crafted link, he can execute arbitrary JavaScript code in the user's browser. The vulnerability can ...

6.4AI score0.00921EPSS
Exploits1References3
OSV
OSV
added 2020/10/15 2:15 a.m.1 views

CVE-2020-6368

SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to...

5.4CVSS6.3AI score
Exploits0References2
OSV
OSV
added 2020/09/24 4:1 p.m.2 views

USN-4536-1 spip vulnerabilities

Youssouf Boulouiz discovered that SPIP incorrectly handled login error messages. A remote attacker could potentially exploit this to conduct cross-site scripting XSS attacks. CVE-2019-16392 Gilles Vincent discovered that SPIP incorrectly handled password reset requests. A remote attacker could...

8.8CVSS7.1AI score0.07538EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2020/09/08 12:0 a.m.2 views

PT-2020-4023 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: A cross-site-scripting XSS issue exists due to improper sanitization of specially crafted web requests. An attacker could exploit this by sending a crafted request,...

5.4CVSS5.7AI score0.01627EPSS
Exploits0References5
CNVD
CNVD
added 2020/03/20 12:0 a.m.3 views

Unspecified Vulnerability in NETSAS Enigma NMS (CNVD-2020-18992)

NETSAS Enigma NMS is a suite of network management and monitoring tools from NETSAS Australia. A security vulnerability exists in NETSAS Enigma NMS server 65.0.0 and earlier versions. The vulnerability can be exploited by an attacker to gain access to the system, read sensitive data and create,...

8.8CVSS6.8AI score0.00994EPSS
Exploits1References1
NVD
NVD
added 2020/03/19 6:15 p.m.22 views

CVE-2019-16061

A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are granted weak world-readable and world-writable permissions, allowing any low privileged user with access to the system to read sensitive data e.g., .htpasswd and create/modify/delete content e.g., under /var/www/html/docs with...

8.8CVSS8.5AI score0.00994EPSS
Exploits1References1
Rows per page
Query Builder