Lucene search
K

53 matches found

Circl
Circl
added 2024/01/31 8:1 a.m.5 views

CVE-2019-8822

creationtimestamp| type| source ---|---|--- 2024-01-31 08:01:48+00:00| seen| https://t.me/ctinow/176531 2024-01-31 09:41:57+00:00| seen| https://t.me/ctinow/176592 2024-01-31 10:36:48+00:00| seen| https://t.me/ctinow/176628 2024-01-31 16:42:00+00:00| seen| https://t.me/ctinow/176867 2024-01-31...

8.8CVSS6.1AI score0.02067EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/01/16 12:0 a.m.25 views

CVE-2024-22628

Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expensebudget/admin/?page=reports/budget&datestart=2023-12-28&dateend=...

7.7AI score0.00626EPSS
Exploits1References1
NVD
NVD
added 2024/01/12 5:15 a.m.23 views

CVE-2024-23174

An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder,...

5.4CVSS5.3AI score0.00406EPSS
Exploits1References2
Circl
Circl
added 2024/01/03 11:26 a.m.6 views

CVE-2024-0201

creationtimestamp| type| source ---|---|--- 2024-01-03 11:26:12+00:00| seen| https://t.me/ctinow/162314 2024-01-04 01:35:29+00:00| seen| https://t.me/cibsecurity/74315 2024-01-23 14:56:39+00:00| seen| https://t.me/ctinow/172003...

5.4CVSS6.2AI score0.00392EPSS
Exploits0References3
Circl
Circl
added 2023/12/31 12:26 p.m.8 views

CVE-2023-52180

creationtimestamp| type| source ---|---|--- 2023-12-31 12:26:29+00:00| seen| https://t.me/ctinow/161069 2024-01-01 01:31:44+00:00| seen| https://t.me/cibsecurity/74064 2024-01-22 10:11:23+00:00| seen| https://t.me/ctinow/171068...

8.1CVSS7.3AI score0.00487EPSS
Exploits0References3
Circl
Circl
added 2023/12/26 7:27 p.m.4 views

CVE-2023-51094

creationtimestamp| type| source ---|---|--- 2023-12-26 19:27:11+00:00| seen| https://t.me/ctinow/159407 2023-12-30 08:16:27+00:00| seen| https://t.me/ctinow/160796 2024-01-19 13:11:54+00:00| seen| https://t.me/ctinow/170183...

9.8CVSS7.3AI score0.0105EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/04/27 12:0 a.m.5 views

PT-2023-18905 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: pimcore/pimcore version 10.5.19 Description: A stored Cross-site Scripting XSS vulnerability exists in the Conditions tab of Pricing Rules, specifically in the From and To fields of the Date Range section. This allows an attacker to inject...

4.8CVSS4.6AI score0.00356EPSS
Exploits1References11
Huntr
Huntr
added 2023/03/27 6:15 a.m.12 views

XSS in Conditions tab of Pricing Rules

Description While testing the pimcore application, I found that it is vulnerable to XSS vulnerability in Conditions tab of Pricing Rules, specifically at From and To fields of Date Range section. Proof of Concept 1.Go to https://11.x-dev.pimcore.fun/admin/ then login. 2.On the left menu bar, go t...

6AI score0.00356EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2023/02/21 3:30 p.m.23 views

Baremetrics date range picker vulnerable to Cross-site Scripting

The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting XSS when handling untrusted placeholder entries. An attacker who is able to influence the field placeholder when...

6.1CVSS5.7AI score0.00533EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/02/21 3:30 p.m.3 views

GHSA-465F-MXXH-GRC4 Baremetrics date range picker vulnerable to Cross-site Scripting

The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting XSS when handling untrusted placeholder entries. An attacker who is able to influence the field placeholder when...

6.1CVSS6.3AI score0.00533EPSS
Exploits1References4
OSV
OSV
added 2023/02/21 3:15 p.m.18 views

CVE-2021-32859

The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting XSS when handling untrusted placeholder entries. An attacker who is able to influence the field placeholder when...

6.1CVSS6AI score
Exploits0References2
NVD
NVD
added 2023/02/21 3:15 p.m.19 views

CVE-2021-32859

The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting XSS when handling untrusted placeholder entries. An attacker who is able to influence the field placeholder when...

6.1CVSS6AI score0.00533EPSS
Exploits1References2
Prion
Prion
added 2023/02/21 3:15 p.m.10 views

Cross site scripting

The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting XSS when handling untrusted placeholder entries. An attacker who is able to influence the field placeholder when...

5.8CVSS5.9AI score0.00533EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/02/20 12:0 a.m.7 views

PT-2023-12191 · Baremetrics · Baremetrics Date Range Picker

Name of the Vulnerable Software and Affected Versions: Baremetrics date range picker versions 1.0.14 and prior Description: The issue is related to cross-site scripting XSS when handling untrusted placeholder entries. An attacker who can influence the placeholder field when creating a Calendar...

6.1CVSS5.8AI score0.00533EPSS
Exploits1References7
CVE
CVE
added 2023/02/20 12:0 a.m.42 views

CVE-2021-32859

CVE-2021-32859 affects the Baremetrics date range picker (Calendar) up to version 1.0.14. The vulnerability arises from improper handling of untrusted placeholder values in Calendar.js, allowing an attacker to inject arbitrary HTML/JavaScript that renders in a user’s context (XSS). The connected ...

6.1CVSS6AI score0.00533EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/02/20 12:0 a.m.31 views

CVE-2021-32859 Baremetrics date range picker vulnerable to Cross-site Scripting

The Baremetrics date range picker is a solution for selecting both date ranges and single dates from a single calender view. Versions 1.0.14 and prior are prone to cross-site scripting XSS when handling untrusted placeholder entries. An attacker who is able to influence the field placeholder when...

6.1CVSS6.1AI score0.00533EPSS
Exploits1References2
Hacker One
Hacker One
added 2023/02/16 11:11 p.m.20 views

8x8 Bounty: connect.8x8.com: Too much resource consumption of the server due to incorrect date range control via /api/v1/reports?dateFrom=

The server of connect.8x8.com was vulnerable to excessive resource consumption due to incorrect date range control via the /api/v1/reports endpoint. Attackers could cause the server to crash by repeatedly increasing the date range, potentially leading to a DoS attack. The vulnerability has since...

7AI score
Exploits0
Circl
Circl
added 2021/12/10 4:0 a.m.7 views

CVE-2021-45046

creationtimestamp| type| source ---|---|--- 2021-12-10 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=700 2021-12-14 22:14:54+00:00| exploited| https://t.me/cibsecurity/33979 2021-12-15 05:50:40+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/1081 2021-12-15...

9CVSS6.9AI score0.99977EPSS
Exploits40References83
OSV
OSV
added 2021/11/05 3:15 p.m.4 views

CVE-2021-39411

Multiple Cross Site Scripting XSS vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the 1 searchdata parameter in a doctor/search.php and b admin/patient-search.php, and the 2 fromdate and 3 todate parameters in admin/betweendates-detailsreports.php...

6.1CVSS5.8AI score0.0089EPSS
Exploits0References1
NVD
NVD
added 2021/02/23 11:15 p.m.29 views

CVE-2021-20252

A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform preventive handling on user-requested date ranges in certain queries allowing a malicious authenticated user to submit a request with a sufficiently large date range to eventually yield an internal...

6.8CVSS0.00972EPSS
Exploits0References1
Rows per page
Query Builder