Lucene search
+L

2994 matches found

Packet Storm
Packet Storm
added 2021/04/01 12:0 a.m.407 views

School Registration And Fee System 1.0 Cross Site Scripting

Exploit Title: School Registration and Fee System | Multiple Stored Cross Site Scripting Exploit Author: Richard Jones Date: 01-04-2021 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/10932/school-registration-and-fee-system.html Version: 1.0...

7.4AI score
Exploits0
CNNVD
CNNVD
added 2021/03/22 12:0 a.m.7 views

Red Hat Descision Manager 7 安全漏洞

Red Hat Descision Manager 7 is an application system from Red Hat, Inc. It provides a powerful, scalable, open source business rules management system that also includes business resource optimization and complex event processing CEP technologies. A security vulnerability exists in Red Hat...

7.5CVSS6AI score0.00675EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/02/02 12:0 a.m.9 views

Adobe InDesign 跨站脚本漏洞

Adobe Acs-aem-commons is a Java-based codebase for AEM/CQ code collections generated according to AEM by Adobe in the United States. A security vulnerability exists in Adobe ACS Commons that stems from a failure to properly handle invalid JCR characters, which can be exploited by an attacker to...

6.1CVSS7AI score0.03337EPSS
Exploits0References4
Hacker One
Hacker One
added 2021/01/22 7:48 a.m.14 views

Acronis: Cross Site Scripting (Reflected) on https://www.acronis.cz/

Summary You can post javascript and html code in form fields steps : 1-go to vulnerability link : https://www.acronis.cz/poptavka-acronis/ 2- enter this javascript code "alert1; in form field for xss and enter Test for html injection. Impact Impact 1- Cookie stealing 2- Pishing attacks 3- URL...

7AI score
Exploits0
Hacker One
Hacker One
added 2021/01/19 5:1 p.m.8 views

Acronis: Cross Site Scripting (Reflected) on https://www.acronis.cz/dotaznik/roadshow-2020/

Vulnerability description not provided...

7.1AI score
Exploits0
OSV
OSV
added 2020/12/10 6:15 a.m.5 views

CVE-2020-24445

AEM's Cloud Service offering, as well as version 6.5.6.0 and below, are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

9CVSS7.2AI score0.02535EPSS
Exploits0References1
NVD
NVD
added 2020/12/10 6:15 a.m.25 views

CVE-2020-24445

AEM's Cloud Service offering, as well as version 6.5.6.0 and below, are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

9CVSS7.9AI score0.02535EPSS
Exploits0References1
Prion
Prion
added 2020/12/10 6:15 a.m.23 views

Cross site scripting

AEM's Cloud Service offering, as well as version 6.5.6.0 and below, are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

3.5CVSS7.7AI score0.02535EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/09/11 9:25 p.m.15 views

GHSA-8QH7-XW58-3WW7 Malicious Package in radic-util

Version 1.0.2 of radic-util contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluate you...

7.2AI score
Exploits0References1
OSV
OSV
added 2020/09/11 9:19 p.m.5 views

GHSA-28F8-HQMC-7PH8 Malicious Package in ember-power-timepicker

Version 1.0.8 of ember-power-timepicker contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and...

7.2AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2020/09/11 9:19 p.m.35 views

Malicious Package in ember-power-timepicker

Version 1.0.8 of ember-power-timepicker contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and...

7AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/11 9:11 p.m.35 views

Malicious Package in angular-location-update

Version 0.0.3 of angular-location-update contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and...

7AI score
Exploits0References2Affected Software1
Prion
Prion
added 2020/09/10 5:15 p.m.22 views

Cross site scripting

The AEM forms add-on for versions 6.5.5.0 and below and 6.4.8.2 and below is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they op...

3.5CVSS5.5AI score0.01884EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/09/03 9:2 p.m.8 views

GHSA-CHH2-RVHG-WQWR Malicious Package in json-serializer

Version 2.0.10 of json-serializer contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment and evaluate...

7.2AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2020/09/03 8:45 p.m.17 views

Malicious Package in bmap

Version 1.0.3 of bmap contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.3 of this module is found installed you will want t...

2.3AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/03 7:14 p.m.27 views

Malicious Package in ngx-context-menu

Version 0.0.26 of ngx-context-menu contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...

7AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/03 7:13 p.m.19 views

Malicious Package in @fangrong/xoc

Version 1.0.6 of @fangrong/xoc contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...

7AI score
Exploits0References2Affected Software1
OSV
OSV
added 2020/09/03 7:11 p.m.16 views

GHSA-78P3-96HC-3J47 Malicious Package in jquery-airload

Version 0.2.5 of jquery-airload contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...

7.2AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2020/09/03 7:11 p.m.36 views

Malicious Package in jquery-airload

Version 0.2.5 of jquery-airload contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...

7AI score
Exploits0References2Affected Software1
OSV
OSV
added 2020/09/03 7:9 p.m.8 views

GHSA-377F-VVRC-9WGG Malicious Package in zemen

Version 0.0.5 of zemen contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also recommended t...

9.8CVSS7.2AI score
Exploits0References1
Rows per page
Query Builder