Lucene search
+L

2993 matches found

Vulnrichment
Vulnrichment
added 2023/01/09 10:13 p.m.9 views

CVE-2022-4196 Multi Step Form < 1.7.8 - Admin+ Stored XSS

The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.7AI score0.0047EPSS
Exploits2References1
NVD
NVD
added 2022/10/17 4:15 p.m.30 views

CVE-2019-14840

A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials...

7.5CVSS0.00675EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/10/17 12:0 a.m.35 views

CVE-2019-14840

A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials...

7.3AI score0.00675EPSS
Exploits1References2
CVE
CVE
added 2022/10/17 12:0 a.m.59 views

CVE-2019-14840

The CVE-2019-14840 entry concerns Red Hat Decision Manager (RHDM). A flaw allows sensitive HTML form fields (e.g., password) to have auto-complete enabled, potentially leaking credentials. Documented impact is confidentiality loss (C:H) with no impact to integrity/availability, and CVSS v3.1 base...

7.5CVSS7.2AI score0.00675EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/10/13 11:15 p.m.3 views

CVE-2022-34021

Multiple Cross Site Scripting XSS vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields...

5.4CVSS5.8AI score0.00443EPSS
Exploits1References1
NVD
NVD
added 2022/10/13 11:15 p.m.17 views

CVE-2022-34021

Multiple Cross Site Scripting XSS vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields...

5.4CVSS0.00443EPSS
Exploits1References1
Prion
Prion
added 2022/10/13 11:15 p.m.22 views

Cross site scripting

Multiple Cross Site Scripting XSS vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields...

4.9CVSS5.4AI score0.00443EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/10/13 12:0 a.m.21 views

CVE-2022-34021

Multiple Cross Site Scripting XSS vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields...

5.7AI score0.00443EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/10/13 12:0 a.m.5 views

Ublsoftware ResIOT 跨站脚本漏洞

Ublsoftware ResIOT is a web server and IoT platform from Italian company ResIOT. A security vulnerability exists in Ublsoftware ResIOT versions prior to 4.1.1000114, which stems from an attacker being able to implement multiple cross-site scripts via form fields...

5.4CVSS5.5AI score0.00443EPSS
Exploits1References2
OSV
OSV
added 2022/08/17 12:0 a.m.20 views

GHSA-5M55-G8PV-X8WW Magento stored Cross-Site Scripting (XSS) vulnerability

Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker with admin privileges to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be...

5.5CVSS4.7AI score0.68332EPSS
Exploits0References6
OSV
OSV
added 2022/08/17 12:0 a.m.43 views

GHSA-RG7P-WMGJ-F374 Magento stored Cross-Site Scripting (XSS) vulnerability

Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s...

6.1CVSS5.6AI score0.00852EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/08/17 12:0 a.m.28 views

Magento stored Cross-Site Scripting (XSS) vulnerability

Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker with admin privileges to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be...

4.8CVSS5.3AI score0.68332EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/08/17 12:0 a.m.25 views

Magento stored Cross-Site Scripting (XSS) vulnerability

Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s...

6.1CVSS5.3AI score0.00852EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2022/08/16 9:15 p.m.24 views

Cross site scripting

Adobe Commerce versions 2.4.3-p2 and earlier, 2.3.7-p3 and earlier and 2.4.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s...

5.8CVSS5.8AI score0.00852EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2022/08/09 12:0 a.m.4 views

PT-2022-4385 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.3-p2 and earlier Adobe Commerce versions 2.3.7-p3 and earlier Adobe Commerce versions 2.4.4 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could allow an...

6.4CVSS6.2AI score0.00852EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2022/06/21 12:0 a.m.5 views

PT-2022-4399 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.3-p2 and earlier Adobe Commerce versions 2.3.7-p3 and earlier Adobe Commerce versions 2.4.4 and earlier Description: The issue is related to the lack of protection of the web page structure, which can be exploited ...

5.5CVSS5.6AI score0.68332EPSS
Exploits0References13
OSV
OSV
added 2022/06/10 4:15 p.m.3 views

CVE-2022-30611

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using some fields of the form in the portal UI to inject malicious script into a Web page whic...

5.4CVSS6AI score0.00618EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/06/08 10:15 a.m.5 views

CVE-2022-1569

The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks...

4.8CVSS5.8AI score0.00565EPSS
Exploits2References2
NVD
NVD
added 2022/06/08 10:15 a.m.20 views

CVE-2022-1569

The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks...

4.8CVSS0.00565EPSS
Exploits2References1
Prion
Prion
added 2022/06/08 10:15 a.m.17 views

Cross site scripting

The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks...

3.5CVSS4.8AI score0.00565EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder