Lucene search
+L

2994 matches found

CNNVD
CNNVD
added 2021/11/05 12:0 a.m.6 views

Saad Irfan RemoteClinic 跨站脚本漏洞

Saad Irfan RemoteClinic is a Saad Irfan open source application. Provides the ability to remotely manage your clinic via the web. A security vulnerability exists in Saad Irfan RemoteClinic v2.0 that allows an attacker to perform code execution using multiple parameters. The affected parameters ar...

6.1CVSS6.7AI score0.01093EPSS
Exploits1References4
OSV
OSV
added 2021/09/01 3:15 p.m.0 views

CVE-2021-36063

Adobe Connect version 11.2.2 and earlier is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing th...

6.1CVSS7.1AI score0.0135EPSS
Exploits0References1
NVD
NVD
added 2021/09/01 3:15 p.m.18 views

CVE-2021-36027

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s brows...

6.5CVSS0.01405EPSS
Exploits0References1
Prion
Prion
added 2021/09/01 3:15 p.m.32 views

Cross site scripting

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s brows...

4.3CVSS6.1AI score0.01405EPSS
Exploits0References1Affected Software2
CNVD
CNVD
added 2021/09/01 12:0 a.m.18 views

DRK Odenwaldkreis Testerfassung Cross-Site Scripting Vulnerability

DRK Odenwaldkreis Testerfassung is an open source solution for obtaining and recording rapid test results for corona antigens.A cross-site scripting vulnerability exists in DRK Odenwaldkreis Testerfassung March-2021, which can be exploited by attackers to inject arbitrary web script or HTML via a...

6.1CVSS1.2AI score0.00937EPSS
Exploits1References1
OSV
OSV
added 2021/08/30 7:15 p.m.5 views

CVE-2021-35061

Multiple cross-site scripting XSS vulnerabilities in DRK Odenwaldkreis Testerfassung March-2021 allow remote attackers to inject arbitrary web script or HTML via all parameters to HTML form fields in all components...

6.1CVSS5.8AI score0.00937EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2021/08/30 7:15 p.m.2 views

CVE-2021-35061

Multiple cross-site scripting XSS vulnerabilities in DRK Odenwaldkreis Testerfassung March-2021 allow remote attackers to inject arbitrary web script or HTML via all parameters to HTML form fields in all components...

6.1CVSS6.4AI score0.00937EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/08/30 6:58 p.m.24 views

CVE-2021-35061

Multiple cross-site scripting XSS vulnerabilities in DRK Odenwaldkreis Testerfassung March-2021 allow remote attackers to inject arbitrary web script or HTML via all parameters to HTML form fields in all components...

6.2AI score0.00937EPSS
Exploits1References1
OSV
OSV
added 2021/08/24 6:15 p.m.3 views

CVE-2021-28628

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 and below is affected by a Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser wh...

6.1CVSS5.8AI score0.0104EPSS
Exploits0References1
NVD
NVD
added 2021/08/24 6:15 p.m.20 views

CVE-2021-28625

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 and below is affected by a Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser wh...

6.3CVSS0.0104EPSS
Exploits0References1
OSV
OSV
added 2021/08/24 6:15 p.m.1 views

CVE-2021-28625

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 and below is affected by a Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser wh...

6.1CVSS6.3AI score
Exploits0References1
Prion
Prion
added 2021/08/24 6:15 p.m.20 views

Cross site scripting

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 and below is affected by a Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser wh...

4.3CVSS6.1AI score0.0104EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/08/24 6:15 p.m.17 views

Cross site scripting

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 and below is affected by a Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser wh...

4.3CVSS6.1AI score0.0104EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/08/10 11:0 p.m.3 views

CVE-2021-36062

Adobe Connect version 11.2.2 and earlier is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious...

6.1CVSS6.7AI score0.0135EPSS
Exploits0References2
Prion
Prion
added 2021/06/28 2:15 p.m.24 views

Cross site scripting

AEM's Cloud Service offering, as well as versions 6.5.7.0 and below, 6.4.8.3 and below and 6.3.3.8 and below are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be...

4.3CVSS5.8AI score0.01816EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/06/28 1:56 p.m.31 views

CVE-2021-21084 Adobe Experience Manager stored cross-site scripting vulnerability in resource resolver factory could lead to arbitrary code execution

AEM's Cloud Service offering, as well as versions 6.5.7.0 and below, 6.4.8.3 and below and 6.3.3.8 and below are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be...

7.3CVSS6.4AI score0.01816EPSS
Exploits0References1
Prion
Prion
added 2021/06/01 2:15 p.m.14 views

Input validation

The WP Prayer WordPress plugin before 1.6.2 provides the functionality to store requested prayers/praises and list them on a WordPress website. These stored prayer/praise requests can be listed by using the WP Prayer engine. An authenticated WordPress user with any role can fill in the form to...

3.5CVSS5AI score0.00698EPSS
Exploits5References2Affected Software1
NVD
NVD
added 2021/05/06 1:15 p.m.13 views

CVE-2021-24250

The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin...

5.4CVSS0.00645EPSS
Exploits2References1
Cvelist
Cvelist
added 2021/05/05 6:39 p.m.20 views

CVE-2021-24250 Business Directory Plugin < 5.11.2 - Authenticated Stored Cross-Site Scripting

The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin...

5.6AI score0.00645EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/04/12 12:0 a.m.19 views

Business Directory Plugin < 5.11.2 - Authenticated Stored Cross-Site Scripting

The plugin suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin. PoC Log on as an admin, create or edit a Form Field wp-admin/admin.php?page=wpbdpadminformfields and set the Field Label...

3.5CVSS0.9AI score0.00645EPSS
Exploits2Affected Software1
Rows per page
Query Builder