Lucene search
K

1091 matches found

Prion
Prion
added 2010/05/27 7:0 p.m.23 views

Cross site scripting

Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements via vectors that...

4CVSS6.3AI score0.02118EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2010/05/27 6:32 p.m.37 views

CVE-2010-2086

Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements via vectors that...

5.9AI score0.02118EPSS
Exploits1References2
Cvelist
Cvelist
added 2010/05/27 6:32 p.m.26 views

CVE-2010-2087

Oracle Mojarra 1.214 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements v...

5.9AI score0.01502EPSS
Exploits2References2
CVE
CVE
added 2010/05/27 6:32 p.m.93 views

CVE-2010-2086

Affected software: Apache MyFaces 1.1.7 and 1.2.8 (as used in IBM WebSphere Application Server and other apps). Vulnerability : Unencrypted view state handling allows remote attackers to perform cross-site scripting (XSS) or execute arbitrary EL statements by modifying the serialized view object....

4CVSS6AI score0.02118EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2010/05/27 6:32 p.m.28 views

CVE-2010-2087

Oracle Mojarra 1.214 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements v...

4.3CVSS5.8AI score0.01502EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2010/02/23 8:20 p.m.5 views

MyFaces: XSS via state view

JBoss Enterprise Web Server 1.0.0 ships with Apache MyFaces 1.1.0. Apache MyFaces 1.1.0 does not support encrypted view state. When the application's view state is not encrypted, it is possible for an attacker to supply a new or modified view object as part of a request. This allows remote...

4CVSS5.9AI score0.02118EPSS
Exploits1References4
OSV
OSV
added 2009/04/09 3:8 p.m.3 views

DEBIAN-CVE-2009-1275

Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language EL expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive information via unspecified vectors, related to th...

6.8CVSS5.8AI score0.02811EPSS
Exploits0References1
OSV
OSV
added 2009/04/09 3:8 p.m.7 views

CVE-2009-1275

Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language EL expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive information via unspecified vectors, related to th...

5.6AI score
Exploits0References3
Prion
Prion
added 2009/04/09 3:8 p.m.18 views

Cross site scripting

Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language EL expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive information via unspecified vectors, related to th...

6.8CVSS6AI score0.02811EPSS
Exploits0References3Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.35 views

CVE-2020-15143: Remote Code Execution in ParametersParser while using request parameters inside expression language

Impact Request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. The vulnerable versions...

8.8CVSS8.9AI score0.01914EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.33 views

CVE-2020-15146: Remote Code Execution in OptionsParser while using request parameters inside expression language

Impact Request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. The vulnerable versions...

9.6CVSS9.3AI score0.02149EPSS
Exploits1Affected Software1
Rows per page
Query Builder