Lucene search
K

27 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-21454

Malware in sbrugna...

6.1CVSS6.3AI score0.007EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/22 8:59 p.m.8 views

CVE-2021-20843

Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted...

5.4CVSS6.7AI score0.00671EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.17 views

RHEL 7 : rest (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - RESTEasy: Insufficient use of random values in RESTEasy async jobs could lead to loss of data...

7.5CVSS7.1AI score0.04913EPSS
Exploits0References4
OSV
OSV
added 2022/08/30 9:26 a.m.5 views

USN-5585-1 jupyter-notebook vulnerabilities

It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack of Content Security Policy in Nbconvert to perform cross-site scripting XSS attacks on the notebook server. This issue only affected Ubuntu 18.04 LTS. CVE-2018-19351 It...

7.5CVSS6.5AI score0.01741EPSS
Exploits1References9
OSV
OSV
added 2022/05/17 2:49 a.m.42 views

GHSA-9XFC-J5MF-9W5P JacksonJsonpInterceptor susceptible to cross-site script inclusion (XSSI) attack

JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion XSSI attack...

6.1CVSS6.1AI score0.01315EPSS
Exploits0References3
CVE
CVE
added 2021/11/24 8:25 a.m.53 views

CVE-2021-20843

The CVE-2021-20843 affects Yamaha routers (RTX830, NVR510, NVR700W, RTX1210). Root cause: Cross-site script inclusion in the Web GUI that can allow an authenticated user to alter settings via a crafted page. Verified fixes are firmware updates: RTX830 Rev.15.02.20; NVR510 Rev.15.01.21; NVR700W Re...

5.4CVSS5.2AI score0.00671EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2021/10/13 9:15 a.m.18 views

CVE-2021-20797

Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. This issue occurs only when using Mozilla Firefox...

5.4CVSS0.00588EPSS
Exploits0References2
Prion
Prion
added 2021/10/13 9:15 a.m.16 views

Cross site scripting

Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. This issue occurs only when using Mozilla Firefox...

3.5CVSS5.8AI score0.00588EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/10/13 8:30 a.m.59 views

CVE-2021-20797

CVE-2021-20797 is a cross-site script inclusion vulnerability in the Cybozu Remote Service management UI (CWE-829) affecting Cybozu Remote Service versions around 3.1.8 (and 3.1.9 per related documentation). The issue allows a remote authenticated attacker to obtain information stored in the prod...

5.4CVSS5.8AI score0.00588EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/10/13 8:30 a.m.17 views

CVE-2021-20797

Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. This issue occurs only when using Mozilla Firefox...

6.2AI score0.00588EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/09/30 12:0 a.m.78 views

JVN#52694228: Multiple vulnerabilities in Cybozu Remote Service

Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-525 Cross-site request forgery vulnerability in the management screen CWE-352 - CVE-2021-20795 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N| Base Score:...

8.8CVSS7AI score0.01468EPSS
Exploits0
Amazon
Amazon
added 2021/01/07 12:0 a.m.89 views

Important: thunderbird

Issue Overview: When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function took a variable amount of time depending on the content of the underlying image. This resulted in potential cross-origin information exposure of image content through timi...

9.3CVSS9.1AI score0.0245EPSS
Exploits1
Prion
Prion
added 2020/12/09 1:15 a.m.13 views

Design/Logic Flaw

Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox 83, Firefox ESR 78.5,...

4.3CVSS6.1AI score0.01307EPSS
Exploits0References4Affected Software3
Cvelist
Cvelist
added 2020/12/09 12:22 a.m.15 views

CVE-2020-26958

Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox 83, Firefox ESR 78.5,...

6.7AI score0.01307EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2020/12/09 12:22 a.m.35 views

CVE-2020-26958

Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox 83, Firefox ESR 78.5,...

6.1CVSS7.6AI score0.01307EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2020/12/09 12:22 a.m.36 views

CVE-2020-26958

Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox 83, Firefox ESR 78.5,...

6.1CVSS6.9AI score0.01307EPSS
Exploits0
OSV
OSV
added 2020/11/25 3:15 a.m.6 views

CVE-2020-29072

A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction opening a link and successful exploitation could lead to encrypted e-mail content leakage via messages/sent?format=js and popup?format=js...

6.1CVSS6.3AI score0.007EPSS
Exploits1References2
Prion
Prion
added 2020/11/25 3:15 a.m.18 views

Cross site scripting

A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction opening a link and successful exploitation could lead to encrypted e-mail content leakage via messages/sent?format=js and popup?format=js...

4.3CVSS6AI score0.007EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/11/25 2:47 a.m.21 views

CVE-2020-29072

A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction opening a link and successful exploitation could lead to encrypted e-mail content leakage via messages/sent?format=js and popup?format=js...

6.1AI score0.007EPSS
Exploits1References2
CVE
CVE
added 2020/11/25 2:47 a.m.76 views

CVE-2020-29072

LiquidFiles versions prior to 3.3.19 have a Cross-Site Script Inclusion vulnerability in client-side code. Exploitation requires user interaction (opening a link) and could lead to leakage of encrypted e-mail content via messages/sent?format=js and popup?format=js. Affected product: LiquidFiles p...

6.1CVSS6AI score0.007EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder