Lucene search
+L

149 matches found

CNNVD
CNNVD
added 2022/01/03 12:0 a.m.7 views

WordPress plugin Booking Calendar 跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Booking Calendar. The vulnerability stems from the program not cleaning and...

6.1CVSS5.3AI score0.008EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/11/30 12:0 a.m.5 views

Zoho ManageEngine SupportCenter Plus 跨站脚本漏洞

ZOHO ManageEngine SupportCenter Plus is a web-based customer support software from ZOHO, Inc. A cross-site scripting vulnerability exists in ZOHO ManageEngine SupportCenter Plus, which stems from the product's failure to validate user identities and could be exploited by attackers to obtain a...

6.1CVSS5.9AI score0.02745EPSS
Exploits0References4
CNVD
CNVD
added 2021/09/04 12:0 a.m.36 views

WordPress Easy Social Icons Cross-Site Scripting Vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Easy Social Icons plugin is a WordPress open source application plugin. WordPress Easy Social Icons plugin in...

6.1CVSS2.1AI score0.0236EPSS
Exploits2References1
CNVD
CNVD
added 2021/09/03 12:0 a.m.17 views

WordPress underConstruction cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the erection of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress underConstruction plugin in version 1.18...

6.1CVSS1.6AI score0.02335EPSS
Exploits1References1
CNVD
CNVD
added 2021/08/07 12:0 a.m.9 views

ZTE ZXIPTV Cross-Site Scripting Vulnerability

ZTE ZXIPTV is a set-top box from ZTE ZTE. A cross-site scripting vulnerability exists in ZTE ZXIPTV EASP version 5.06.04.09, which stems from the application's lack of validation of user input data and filtering of input data. The vulnerability can be exploited by an attacker to trick a user into...

6.1CVSS6.3AI score0.00581EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/07 12:0 a.m.21 views

JetBrains YouTrack Cross-Site Scripting Vulnerability (CNVD-2022-09231)

JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. A cross-site scripting vulnerability exists in versions of JetBrains YouTrack prior to 2021.2.17925, which stems from the lack of proper validation of client-side data in the web...

5.4CVSS3.3AI score0.0062EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/05 12:0 a.m.18 views

IBM API Connect Cross-Site Scripting Vulnerability (CNVD-2021-88200)

IBM API Connect is an integrated solution for managing the API lifecycle from IBM USA. The product supports creating, running, managing and securing APIs, microservices and more. A cross-site scripting vulnerability exists in IBM API Connect. The vulnerability stems from the lack of proper...

5.4CVSS5.2AI score0.00495EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/07/25 12:0 a.m.3 views

NCH Quorum 跨站脚本漏洞

NCH Quorum is a teleconference server software. It can turn any computer into a conference call server. A cross-site scripting vulnerability exists in NCH Quorum, which could be exploited by attackers to steal cookie-based authentication credentials from victims...

5.4CVSS5.2AI score0.00589EPSS
Exploits1References3
CNVD
CNVD
added 2021/07/20 12:0 a.m.27 views

WordPress W3 Total Cache plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. A cross-site scripting vulnerability exists in the WordPress plugin W3 Total Cache in versions prior to 2.1.4, which stems from a lack of validation of client-side data in the "extension" parameter of t...

6.1CVSS2.1AI score0.01905EPSS
Exploits2References1
CNVD
CNVD
added 2021/07/16 12:0 a.m.30 views

Advantech R-SeeNet Cross-Site Scripting Vulnerability

Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.A cross-site scripting vulnerability exists in Advantech R-SeeNet, which stems from the lack ...

9.6CVSS2.7AI score0.63415EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/07 12:0 a.m.23 views

Joomla! Cross-site scripting vulnerability (CNVD-2021-53938)

A cross-site scripting vulnerability exists in versions 3.0.0 to 3.9.27, which could be exploited to lure users into clicking on and executing client-side code to steal user cookie credentials...

6.1CVSS3.7AI score0.00842EPSS
Exploits0References1
CNVD
CNVD
added 2021/03/04 12:0 a.m.10 views

Apache Ambari Cross-Site Scripting Vulnerability (CNVD-2021-14760)

Apache Ambari is an open source Apache application. Provides software developed to configure, manage and monitor Apache Hadoop clusters to simplify Hadoop management. A cross-site scripting vulnerability exists in Apache Ambari 2.7.4, which stems from the input in the view is not effectively...

6.1CVSS6AI score0.02864EPSS
Exploits0References1
CNVD
CNVD
added 2021/03/04 12:0 a.m.10 views

GLPI Cross-Site Scripting Vulnerability (CNVD-2021-17777)

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

6.8CVSS5.9AI score0.0065EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/03/02 12:0 a.m.7 views

Apache Ambari 跨站脚本漏洞

Apache Ambari is an open source Apache application. Provides software developed to configure, manage and monitor Apache Hadoop clusters to simplify Hadoop management. A cross-site scripting vulnerability exists in Apache Ambari 2.7.4, which stems from the input in the view is not effectively...

6.1CVSS5.4AI score0.02864EPSS
Exploits0References3
CNVD
CNVD
added 2020/12/31 12:0 a.m.8 views

Twitter TwitterServer Cross-Site Scripting Vulnerability

Twitter TwitterServer is a Scala-based software for building Twitter servers. The software can be used to build a Twitter server through the template, in addition to the server can be managed, monitoring. A cross-site scripting vulnerability exists in Twitter TwitterServer versions prior to 20.12...

5.4CVSS5.2AI score0.87622EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/12/29 12:0 a.m.7 views

Twitter TwitterServer 跨站脚本漏洞

Twitter TwitterServer is a Scala-based software for building Twitter servers. The software can be used to build a Twitter server through the template, in addition to the server can be managed, monitoring. A cross-site scripting vulnerability exists in Twitter TwitterServer versions prior to 20.12...

5.4CVSS5.7AI score0.87622EPSS
Exploits0References4
Hacker One
Hacker One
added 2020/05/17 1:27 a.m.44 views

Starbucks: Singapore - Account Takeover via IDOR

ko2sec discovered that an alternate site shared database and cookie credentials with card.starbucks.com.sg. By exploiting an endpoint on the alternate site, ko2sec was able to copy a PHPSESSID cookie value from that site over to card.starbucks.com.sg and then see user information, update the...

2AI score
Exploits0
CNVD
CNVD
added 2020/04/28 12:0 a.m.2 views

Unspecified Vulnerability in Rukovoditel

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management , customer relationship management and other functions . A security vulnerability exists in Rukovoditel version 2.5.2, which stems from the program storing user...

5.3CVSS6.9AI score0.01103EPSS
Exploits1References1
CNVD
CNVD
added 2020/02/07 12:0 a.m.63 views

Cisco Digital Network Architecture Center Cross-Site Scripting Vulnerability (CNVD-2020-04518)

Cisco Digital Network Architecture Center DNA Center is a set of digital network architecture solutions from the U.S. company Cisco Cisco. The program can extend and protect devices, applications, etc. within the network. A cross-site scripting vulnerability exists in Cisco Digital Network...

5.4CVSS6.3AI score0.0312EPSS
Exploits4References1
CNVD
CNVD
added 2019/10/15 12:0 a.m.0 views

Intelbras Router WRN150 Cross-Site Scripting Vulnerability

The Intelbras Router WRN150 is a wireless router from Intelbras Brazil. A cross-site scripting vulnerability exists in the Intelbras Router WRN150. An attacker can exploit the vulnerability to execute arbitrary script code in the context of the affected site. This allows an attacker to steal...

6.8AI score
Exploits0References1
Rows per page
Query Builder