Lucene search
K

229 matches found

Wired Threat Level
Wired Threat Level
added 2023/05/11 4:11 a.m.18 views

Twitter’s Encrypted DMs Are Deeply Inferior to Signal and WhatsApp

The social network’s new privacy feature is technically flawed, opt-in, and limited in its functionality. All this for just $8 a month...

7AI score
Exploits0
NVD
NVD
added 2023/02/07 10:15 p.m.18 views

CVE-2022-47413

Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored persistent, or "Type II" XSS condition...

5.4CVSS5.3AI score0.00582EPSS
Exploits2References1
Prion
Prion
added 2023/02/07 10:15 p.m.18 views

Design/Logic Flaw

Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored persistent, or "Type II" XSS condition...

4.9CVSS5.2AI score0.00582EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/02/07 9:47 p.m.46 views

CVE-2022-47419

CVE-2022-47419 affects Mayan EDMS DMS with a reflected XSS in the in-product tagging system. The CVSS 3.1 base score is 5.4 (MEDIUM) with network attack vector, low attack complexity, require low privileges and user interaction. Exploitation observed per GHSA-5M6V-2XGF-QHRW and OSV details; no au...

5.4CVSS5.2AI score0.00582EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/07 9:37 p.m.5 views

CVE-2022-47413

Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored persistent, or "Type II" XSS condition...

6AI score0.00582EPSS
Exploits2References1
CVE
CVE
added 2023/02/07 9:37 p.m.55 views

CVE-2022-47413

Technical details about CVE-2022-47413 are not provided in the supplied documents; no affected products or fixes are listed here. Monitor for updates.

5.4CVSS5.2AI score0.00582EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/02/07 9:37 p.m.23 views

CVE-2022-47413

Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored persistent, or "Type II" XSS condition...

5.4AI score0.00582EPSS
Exploits2References1
OSV
OSV
added 2023/02/07 9:37 p.m.18 views

CVE-2022-47413

Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored persistent, or "Type II" XSS condition...

5.4CVSS5.2AI score0.00582EPSS
Exploits2References3
OSV
OSV
added 2023/02/07 8:15 p.m.4 views

CVE-2022-47412

Given a malicious document provided by an attacker, the ONLYOFFICE Workspace DMS is vulnerable to a stored persistent, or "Type II" cross-site scripting XSS condition...

5.4CVSS5.7AI score0.00582EPSS
Exploits1References2
NVD
NVD
added 2023/02/07 8:15 p.m.16 views

CVE-2022-47412

Given a malicious document provided by an attacker, the ONLYOFFICE Workspace DMS is vulnerable to a stored persistent, or "Type II" cross-site scripting XSS condition...

5.4CVSS5.2AI score0.00582EPSS
Exploits1References2
CVE
CVE
added 2023/02/07 7:16 p.m.84 views

CVE-2022-47412

Technical details about CVE-2022-47412 are not publicly provided in the connected documents. Monitor for updates.

5.4CVSS5.2AI score0.00582EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/02/07 12:0 a.m.8 views

Ascensio System ONLYOFFICE 跨站脚本漏洞

Ascensio System ONLYOFFICE is an office software from Ascensio System, Latvia. A security vulnerability exists in Ascensio System ONLYOFFICE Workspace DMS. An attacker could exploit this vulnerability to conduct cross-site scripting attacks...

5.4CVSS5.7AI score0.00582EPSS
Exploits1References3
Prion
Prion
added 2023/02/03 10:15 p.m.14 views

Design/Logic Flaw

CKAN is an open-source DMS data management system for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the .env file...

5CVSS7.6AI score0.00693EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/02/03 9:7 p.m.59 views

CVE-2023-22746

CVE-2023-22746 affects CKAN Docker-based deployments where a default, shared secret key is used across multiple instances unless overridden in the container’s .env. The vulnerability allows forging authentication requests between CKAN instances when the default secret key is not customized. Affec...

8.6CVSS7.9AI score0.00693EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/12/14 3:15 p.m.7 views

CVE-2022-4495

A vulnerability, which was classified as problematic, has been found in collective.dms.basecontent up to 1.6. This issue affects the function renderCell of the file src/collective/dms/basecontent/browser/column.py. The manipulation leads to cross site scripting. The attack may be initiated...

6.1CVSS3.5AI score0.00492EPSS
Exploits0References4
PyPA
PyPA
added 2022/12/14 3:15 p.m.8 views

PYSEC-2022-42989

A vulnerability, which was classified as problematic, has been found in collective.dms.basecontent up to 1.6. This issue affects the function renderCell of the file src/collective/dms/basecontent/browser/column.py. The manipulation leads to cross site scripting. The attack may be initiated...

6.1CVSS6AI score0.00492EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2022/12/14 12:0 a.m.3 views

collective.dms.basecontent 跨站脚本漏洞

collective.dms.basecontent is Collective open source a document management system for the basic content class . collective.dms.basecontent version 1.7 suffers from a cross-site scripting vulnerability. Attackers use this vulnerability to execute cross-site scripting attacks...

6.1CVSS5AI score0.00492EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/12/14 12:0 a.m.4 views

PT-2022-27349 · Unknown · Collective.Dms.Basecontent

Name of the Vulnerable Software and Affected Versions: collective.dms.basecontent versions up to 1.6 Description: The issue affects the function renderCell of the file src/collective/dms/basecontent/browser/column.py, leading to cross site scripting. The attack may be initiated remotely...

6.1CVSS4.3AI score0.00492EPSS
Exploits0References12
ICS
ICS
added 2022/10/11 12:0 a.m.47 views

Siemens Desigo CC and Cerberus DMS

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Desigo CC and Cerberus DMS Vulnerability: Use of Client-Side Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to impersonate...

9.8CVSS10AI score0.01174EPSS
Exploits0References11
OSV
OSV
added 2022/06/21 1:15 p.m.3 views

CVE-2022-33139

A vulnerability has been identified in Cerberus DMS All versions, Desigo CC All versions, Desigo CC Compact All versions, SIMATIC WinCC OA V3.16 All versions in default configuration, SIMATIC WinCC OA V3.17 All versions in non-default configuration, SIMATIC WinCC OA V3.18 All versions in...

9.8CVSS5.7AI score0.01174EPSS
Exploits0References2
Rows per page
Query Builder