Lucene search
K

10 matches found

EUVD
EUVD
added 2026/04/21 9:31 p.m.7 views

EUVD-2026-24239

Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit...

5.1CVSS5.8AI score0.00379EPSS
Exploits0References5
ICS
ICS
added 2026/04/07 8:51 p.m.8 views

IBM Maximo Application Suite Sensitive Tokens without 'Secure' Attribute

RISK EVALUATION IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. An unauthenticated attacker can steal cookies by directing users to a malicious http:// link and snooping user traffic. 2. RECOMMENDED PRACTICES...

4.3CVSS5.9AI score0.00118EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/06 5:2 p.m.4 views

CVE-2026-34767

A flaw was found in Electron, a framework used for developing cross-platform desktop applications. This vulnerability, known as HTTP response header injection, occurs when an application reflects attacker-controlled input into a response header. A remote attacker could exploit this to inject...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References4
OSV
OSV
added 2025/09/19 1:13 p.m.5 views

OESA-2025-2319 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: curl contains an out-of-bounds read vulnerability in cookie path comparison logic. When a secure cookie is set via HTTPS and then the client is...

7.5CVSS7AI score0.01301EPSS
Exploits1References2
OSV
OSV
added 2024/06/12 7:43 p.m.2 views

GHSA-HJX6-F647-MVF9 Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components

Impact We have identified a Cross-Site Scripting XSS vulnerability within certain React components related to community members in the Invenio-Communities module. This vulnerability enables a user to inject a script tag into the Affiliations field during the account registration process. The...

6.3CVSS5.8AI score
Exploits0References6
OSV
OSV
added 2021/03/26 8:15 p.m.1 views

DEBIAN-CVE-2021-21332

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting XSS attacks. The...

8.2CVSS6.1AI score0.01221EPSS
Exploits0References1
CNVD
CNVD
added 2020/05/26 12:0 a.m.2 views

Stored Cross-site Scripting Vulnerability in the Frontend of Guojiz Web Site Navigation System

Guojiz website navigation system is a navigation website source code developed by PHP+MySQL. A stored cross-site scripting vulnerability exists in the frontend of the Guojiz web navigation system. An attacker can exploit the vulnerability to obtain sensitive information such as user cookies...

6.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2015/08/12 5:4 a.m.3 views

foreman: the _session_id cookie is issued without the Secure flag

It was found that Foreman did not set the HttpOnly flag on session cookies. This could allow a malicious script to access the session cookie...

5CVSS5.7AI score0.02222EPSS
Exploits0References4
securityvulns
securityvulns
added 2003/11/13 12:0 a.m.59 views

Corsaire Security Advisory: PeopleSoft IScript XSS issue

-- Corsaire Security Advisory -- Title: PeopleSoft IScript XSS issue Date: 04.07.03 Application: PeopleTools 8.20/8.43 and prior Environment: Various Author: Glyn Geoghegan [email protected] Audience: General distribution Reference: c030704-004 -- Scope -- The aim of this document is to...

4.3CVSS0.5AI score0.00948EPSS
Exploits0
NVD
NVD
added 2003/02/19 5:0 a.m.22 views

CVE-2002-1160

The default configuration of the pamxauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su...

7.2CVSS6.5AI score0.00431EPSS
Exploits0References9
Rows per page
Query Builder