Lucene search
K

233 matches found

CNVD
CNVD
added 2022/04/21 12:0 a.m.20 views

Veritas NetBackup Cross-Site Scripting Vulnerability

Veritas NetBackup is a storage service used by Veritas, Inc. to provide backup and recovery capabilities for enterprise environments. Veritas NetBackup OpsCenter Analytics version 9.1 is vulnerable to a cross-site scripting vulnerability caused by a failure to effectively escape and filter the...

3.5CVSS5.5AI score0.00438EPSS
Exploits0Affected Software1
NVD
NVD
added 2022/04/18 6:15 p.m.33 views

CVE-2022-0994

The Hummingbird WordPress plugin before 3.3.2 does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS0.0275EPSS
Exploits4References1
CNVD
CNVD
added 2022/03/18 12:0 a.m.33 views

Rapid7 Nexpose has an unspecified vulnerability (CNVD-2022-21218)

Rapid7 Nexpose is a set of vulnerability management software from Rapid7, Inc. that can use the scan results to deeply probe the network. The software supports scanning configuration environments for errors, vulnerabilities, malware, etc. Rapid7 Nexpose 6.6.129 and previous versions have a securi...

6.1CVSS3.1AI score0.0041EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/02/28 9:7 a.m.21 views

CVE-2022-23987 WS Form < 1.8.176 - Admin+ Stored Cross-Site Scripting

The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanitise and escape their Form Name, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5AI score0.00588EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/02/28 9:6 a.m.30 views

CVE-2021-24898 EditableTable <= 0.1.4 - Admin+ Stored Cross-Site Scripting

The EditableTable WordPress plugin through 0.1.4 does not sanitise and escape any of the Table and Column fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5AI score0.00588EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2022/02/21 12:0 a.m.14 views

SEO 301 Meta <= 1.9.1 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the Request or Destination settings of the plugin: "...

4.8CVSS3.3AI score0.00588EPSS
Exploits2Affected Software1
Veracode
Veracode
added 2022/01/20 4:41 a.m.20 views

Cross-Site Scripting (XSS)

orchardcore is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the special characters before it output to the front end, allowing an attacker to inject and execute malicious javascript on victim's browser...

5.4CVSS5.3AI score0.00642EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2022/01/06 8:50 a.m.8 views

CVE-2021-36739 XSS vulnerability in the MVCBean JSP portlet maven archetype

The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting XSS attacks...

5.9AI score0.02327EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/23 12:0 a.m.15 views

Unspecified Vulnerability in BlogCMS

BlogCMS is a PHP and MySQL based blogging system by the individual developer Pramod Mahato in India. A security vulnerability exists in BlogCMS v1.0, which originates from the /controller/CommentAdminController.java component. The vulnerability can be exploited by an attacker to perform cross-sit...

6.1CVSS6AI score0.00652EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2021/11/15 12:0 a.m.15 views

Security Audit <= 1.0.0 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape the Data Id setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the Data ID setting of the plugin...

4.8CVSS2.2AI score0.05063EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2021/11/09 12:0 a.m.23 views

Get Custom Field Values < 4.0.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks PoC As a contributor, create a custom field in a post, with the following payload: Then add the following shortcode to the...

5.4CVSS5.1AI score0.00684EPSS
Exploits2Affected Software1
Prion
Prion
added 2021/11/08 6:15 p.m.20 views

Cross site scripting

The AddToAny Share Buttons WordPress plugin before 1.7.48 does not escape its Image URL button setting, which could lead allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

3.5CVSS4.8AI score0.00654EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/20 12:0 a.m.13 views

Gutenberg PDF Viewer Block < 1.0.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its block, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. PoC...

5.4CVSS2.5AI score0.00629EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/20 12:0 a.m.24 views

LearnPress < 4.1.3.1 - Multiple Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltredhtml capability is disallowed PoC When adding new courses, the following fields can have XSS payloads like "...

4.8CVSS1.9AI score0.00661EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/23 12:0 a.m.20 views

Post Views Counter < 1.3.5 - Authenticated Stored XSS

The plugin does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfilteredhtml capability is disallowed PoC Put the following payload in the Post Views Label settings of the plugin...

4.8CVSS1.4AI score0.00617EPSS
Exploits2Affected Software1
CNVD
CNVD
added 2021/04/09 12:0 a.m.10 views

Nagios Network Analyzer Self-XSS Vulnerability

Nagios Network Analyzer is a network data flow analyzer that provides a view of all network traffic and bandwidth utilization. A Self-XSS vulnerability exists in Nagios Network Analyzer versions prior to 2.4.2. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via...

6.1CVSS6AI score0.09246EPSS
Exploits1References1
NVD
NVD
added 2021/03/24 4:15 p.m.25 views

CVE-2020-36283

HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver Ethernet Emulation Mode. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to upload a configuration file to the device. An attacker...

9.6CVSS0.00727EPSS
Exploits0References2
Prion
Prion
added 2020/09/11 5:15 p.m.19 views

Cross site scripting

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The...

4.9CVSS6.1AI score0.01772EPSS
Exploits1References1Affected Software3
Prion
Prion
added 2020/08/17 7:15 p.m.17 views

Cross site scripting

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The...

5.5CVSS5.1AI score0.01841EPSS
Exploits0References1Affected Software2
Microsoft CVE
Microsoft CVE
added 2020/04/14 7:0 a.m.33 views

Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability

A cross site scripting vulnerability exists when Microsoft Dynamics 365 on-premises does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics...

6.1CVSS1.1AI score0.01791EPSS
Exploits0
Rows per page
Query Builder