Lucene search
K

6 matches found

ATTACKERKB
ATTACKERKB
added 2022/09/01 1:15 p.m.2 views

CVE-2022-38790

Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting XSS bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluste...

5.4CVSS5.7AI score0.00668EPSS
Exploits1References5
NVD
NVD
added 2021/08/30 7:15 p.m.26 views

CVE-2021-22021

VMware vRealize Log Insight 8.x prior to 8.4 contains a Cross Site Scripting XSS vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared...

5.4CVSS0.00468EPSS
Exploits0References1
OSV
OSV
added 2021/08/30 7:15 p.m.4 views

CVE-2021-22021

VMware vRealize Log Insight 8.x prior to 8.4 contains a Cross Site Scripting XSS vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared...

5.4CVSS5.8AI score0.00468EPSS
Exploits0References1
Prion
Prion
added 2021/08/30 7:15 p.m.20 views

Cross site scripting

VMware vRealize Log Insight 8.x prior to 8.4 contains a Cross Site Scripting XSS vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared...

3.5CVSS5.2AI score0.00468EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2021/08/30 6:6 p.m.33 views

CVE-2021-22021

VMware vRealize Log Insight 8.x prior to 8.4 contains a Cross Site Scripting XSS vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared...

5.4AI score0.00468EPSS
Exploits0References1
PyPA
PyPA
added 2021/04/27 10:15 a.m.6 views

PYSEC-2021-128

Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click...

6.1CVSS6.8AI score0.63768EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder