Lucene search
K

8 matches found

Veracode
Veracode
added 2019/05/02 4:54 a.m.35 views

Information Disclosure

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

6.5CVSS7.8AI score0.10893EPSS
Exploits5References18Affected Software3
Veracode
Veracode
added 2018/11/08 2:32 a.m.13 views

Cross-site Scripting (XSS)

simplemde is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of the values of img and label, allowing XSS attacks...

6.1CVSS5.5AI score0.00788EPSS
Exploits1References1Affected Software1
Veracode
Veracode
added 2018/08/30 8:37 a.m.9 views

Cross-site Scripting (XSS)

EWSoftware.SHFB is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize parameters passed through the URL, allowing a malicious user to inject and execute arbitrary Javascript...

6.1AI score
Exploits0
Prion
Prion
added 2015/01/02 8:59 p.m.15 views

Sql injection

SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting XSS attacks by creating a file that generates an error...

7.5CVSS7.3AI score0.01284EPSS
Exploits9References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/05/22 12:0 a.m.23 views

Ubuntu 14.04 LTS : lxml vulnerability (USN-2217-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2217-1 advisory. It was discovered that the lxml.html.clean module incorrectly stripped control characters. An attacked could potentially exploit this to conduct cross-site...

6.1CVSS5.9AI score0.06333EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2013/12/13 6:0 p.m.39 views

CVE-2013-4568

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting XSS attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression"...

4.3CVSS5.9AI score0.02098EPSS
Exploits0
OpenVAS
OpenVAS
added 2009/10/19 12:0 a.m.37 views

Mandrake Security Advisory MDVSA-2009:265 (egroupware)

The remote host is missing an update to egroupware announced via advisory MDVSA-2009:265. OpenVAS Vulnerability Test $Id: mdksa2009265.nasl 6587 2017-07-07 06:35:35Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:265 egroupware Authors: Thomas Reinke Copyright: Copyright c 2009...

4.3CVSS0.9AI score0.10503EPSS
Exploits3
NVD
NVD
added 2006/09/27 11:7 p.m.19 views

CVE-2006-5037

MySource Matrix after 3.8 allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the sqcontentsrc parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting XSS attacks. NOTE: the researcher reports that "The vendor...

6.8CVSS5.8AI score0.01251EPSS
Exploits0References4
Rows per page
Query Builder