Lucene search
K

3612 matches found

RedhatCVE
RedhatCVE
added 2023/08/07 5:49 a.m.52 views

CVE-2023-3978

A flaw was found in the Golang HTML package where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's web browser within the security...

6.1CVSS6.4AI score0.00843EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/07/27 12:0 a.m.5 views

HCL Technologies BigFix Mobile 跨站脚本漏洞

HCL Technologies BigFix Mobile is a Mobile Device Management MDM solution from HCL Technologies. It is designed to help businesses and organizations effectively manage and secure mobile devices, including smartphones, tablets and other mobile devices. A cross-site scripting vulnerability exists i...

6.6CVSS6.3AI score0.00217EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2023/07/04 5:17 a.m.13 views

CVE-2023-35146

A flaw was found in the Jenkins Template Workflows Plugin, where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. This flaw allows a remote, authenticated attacker to inject malicious script into a Web page, which would be executed in a victim's W...

8CVSS6.4AI score0.00752EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/06/06 2:15 a.m.5 views

CVE-2023-2546

The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. This is due to incorrect authentication checking in the 'wpusallowusertoadminbarmenu' function with the 'wpuswhoswitch' cookie value. This makes it possible for authenticated...

8.8CVSS7.2AI score0.01357EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/05 1:43 p.m.93 views

Security Bulletin: There are several vulnerabilities in AntiSamy used by IBM Maximo Asset Management (CVE-2022-28367, CVE-2022-29577)

Summary There are several vulnerabilities in AntiSamy used by IBM Maximo Asset Management . Vulnerability Details CVEID:CVE-2022-28367 DESCRIPTION: AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input for Cascading Style Sheets CSS content. A remote...

6.1CVSS6.6AI score0.01239EPSS
Exploits0Affected Software11
0day.today
0day.today
added 2023/03/27 12:0 a.m.244 views

Raspberry Pi Camera Server 1.0 Authentication Bypass Vulnerability

Exploit Title: "camp" Raspberry Pi camera server 1.0 - Authentication Bypass Exploit Author: Elias Hohl Vendor Homepage: https://github.com/patrickfuller Software Link: https://github.com/patrickfuller/camp Version: bf6af5c2e5cf713e4050c11c52dd4c55e89880b1 Tested on: Ubuntu 20.04 CVE :...

9.8CVSS9.4AI score0.49201EPSS
Exploits3
Exploit DB
Exploit DB
added 2023/03/25 12:0 a.m.187 views

"camp" Raspberry Pi camera server 1.0 - Authentication Bypass

Exploit Title: "camp" Raspberry Pi camera server 1.0 - Authentication Bypass Date: 2022-07-25 Exploit Author: Elias Hohl Vendor Homepage: https://github.com/patrickfuller Software Link: https://github.com/patrickfuller/camp Version: bf6af5c2e5cf713e4050c11c52dd4c55e89880b1 Tested on: Ubuntu 20.04...

9.8CVSS9.7AI score0.49201EPSS
Exploits3
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/24 9:7 p.m.78 views

Security Bulletin: There are several vulnerabilities in AntiSamy used by BM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-28367, CVE-2022-29577)

Summary There are several vulnerabilities in AntiSamy used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-28367 DESCRIPTION: AntiSamy is vulnerable to cross-site scripting, caused by improper validation of user-supplied input for Cascading...

6.1CVSS6.6AI score0.01239EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2023/01/17 12:0 a.m.5 views

Bricco Authenticator Plugin SQL注入漏洞

Bricco Authenticator Plugin is an open source Escenic plugin from Bricco that provides cookie-based authentication for publishing. Bricco Authenticator Plugin suffers from a SQL injection vulnerability. An attacker could exploit this vulnerability to cause sql injection...

9.8CVSS6.8AI score0.00681EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/12 9:59 p.m.36 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in Apache Tomcat (CVE-2022-34305)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in Apache Tomcat, which risks exposure of cookie-based authentication credentials. CVE-2022-34305. Apache Tomcat is used as a component in some of our TTS speech service images. Please re...

6.1CVSS6AI score0.06156EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/10/31 12:0 a.m.13 views

Password Storage Application Cross-Site Scripting Vulnerability

Password Storage Application is a password storage application. A cross-site scripting vulnerability exists in the Carlo Montero Password Storage Application, which stems from a lack of effective filtering and escaping of user-supplied data on the settings page, and can be exploited by an attacke...

5.4CVSS6.4AI score0.00591EPSS
Exploits1References1
Prion
Prion
added 2022/09/29 3:15 a.m.12 views

Cross site scripting

IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the SUPPTEMPLATEFLAG parameter in a specially-crafted URL to execute script in a victim's Web browser within the security...

5.8CVSS7.1AI score0.00931EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/22 3:2 a.m.20 views

Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input (CVE-2016-0399)

Summary IBM Maximo Asset Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the a specially-crafted URL to execute script in a victim's Web browser within the security context of the...

5.4CVSS5.5AI score0.00622EPSS
Exploits0Affected Software14
Exploit DB
Exploit DB
added 2022/09/02 12:0 a.m.59 views

WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting XSS Date: 08/08/2022 Exploit Author: saitamang, syad, yunaranyancat Vendor Homepage: wordpress.org Software Link: https://downloads.wordpress.org/plugin/netroics-blog-posts-grid.zip Version: 1.0 Tested on:...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2022/09/02 12:0 a.m.90 views

WordPress Plugin Testimonial Slider and Showcase 2.2.6 - Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin Testimonial Slider and Showcase 2.2.6 - Stored Cross-Site Scripting XSS Date: 05/08/2022 Exploit Author: saitamang , yunaranyancat , syad Vendor Homepage: https://wordpress.org Software Link: https://wordpress.org/plugins/testimonial-slider-and-showcase/ Version:...

7.4AI score
Exploits0
Prion
Prion
added 2022/08/29 4:15 p.m.20 views

Cross site scripting

HCL iNotes is susceptible to a Reflected Cross-site Scripting XSS vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser with...

5.8CVSS6.2AI score0.00553EPSS
Exploits0References1Affected Software2
Kitploit
Kitploit
added 2022/06/24 9:30 p.m.40 views

Authcov - Web App Authorisation Coverage Scanning

Web app authorisation coverage scanning. Introduction AuthCov crawls your web application using a Chrome headless browser while logged in as a pre-defined user. It intercepts and logs API requests as well as pages loaded during the crawling phase. In the next phase it logs in under a different us...

7.2AI score
Exploits0References5
CNVD
CNVD
added 2022/04/26 12:0 a.m.24 views

ASUS RT-AX88U Cross-Site Scripting Vulnerability

ASUS RT-AX88U is a wireless router from ASUS China.The ASUS RT-AX88U has a security vulnerability that could be exploited by attackers to steal a victim's cookie-based authentication credentials...

5.4CVSS3.6AI score0.00554EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2022/01/13 12:0 a.m.288 views

SalonERP 3.0.1 - 'sql' SQL Injection (Authenticated)

Exploit Title: SalonERP 3.0.1 - 'sql' SQL Injection Authenticated Exploit Author: Betul Denizler Vendor Homepage: https://salonerp.sourceforge.io/ Software Link: https://sourceforge.net/projects/salonerp/files/latest/download Version: SalonERP v3.0.1 Tested on: Ubuntu Mate 20.04 Vulnerable...

7.4AI score
Exploits0
Prion
Prion
added 2022/01/06 9:15 p.m.16 views

Input validation

Insta HMS before 12.4.10 is vulnerable to XSS because of improper validation of user-supplied input by multiple scripts. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the U...

4.3CVSS6.2AI score0.00852EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder