Lucene search
K

65 matches found

Cvelist
Cvelist
added 2024/08/06 12:0 a.m.32 views

CVE-2024-28739

An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter...

0.17738EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:32 a.m.4 views

SUSE CVE-2014-0081

Multiple cross-site scripting XSS vulnerabilities in actionview/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the 1 format, 2 negativeformat, or 3 units...

4.3CVSS6AI score0.04032EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2022/08/25 3:15 p.m.3 views

CVE-2022-37240

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter...

9.8CVSS7.3AI score0.01202EPSS
Exploits1References3
OSV
OSV
added 2022/08/25 3:15 p.m.5 views

CVE-2022-37240

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter...

9.8CVSS7.3AI score0.01202EPSS
Exploits1References2
NVD
NVD
added 2022/08/25 3:15 p.m.26 views

CVE-2022-37240

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter...

9.8CVSS0.01202EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/08/25 12:0 a.m.7 views

Alt-N MDaemon 注入漏洞

Alt-N MDaemon is a mail service system from Alt-N Corporation that provides complete mail server functionality, protects users from spam, enables web login to send and receive emails, supports remote management, and protects the system against email viruses when used in conjunction with the MDaem...

9.8CVSS5.4AI score0.01202EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/08/25 12:0 a.m.10 views

PT-2022-23884 · Mdaemon Technologies · Mdaemon Technologies Securitygateway For Email Servers

Name of the Vulnerable Software and Affected Versions: MDaemon Technologies SecurityGateway for Email Servers version 8.5.2 Description: The issue concerns HTTP Response splitting, which occurs via the format parameter. This allows for potential manipulation of HTTP responses. Recommendations: Fo...

9.8CVSS9.2AI score0.01202EPSS
Exploits1References4
OSV
OSV
added 2021/11/15 3:15 p.m.4 views

CVE-2021-43574

WebAdmin Control Panel in Atmail 6.5.0 a version released in 2012 allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

6.1CVSS5.8AI score0.02422EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/11/15 12:0 a.m.5 views

PT-2021-23879 · Atmail · Atmail

Name of the Vulnerable Software and Affected Versions: Atmail version 6.5.0 Description: The issue affects the WebAdmin Control Panel, allowing XSS via the format parameter to the default URI. This problem only affects products that are no longer supported by the maintainer. Recommendations: For...

6.1CVSS5.9AI score0.02422EPSS
Exploits0References7
NVD
NVD
added 2021/09/30 7:15 p.m.14 views

CVE-2021-41323

Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells files belonging to any user, via the format parameter...

6.5CVSS0.02017EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/09/30 12:0 a.m.7 views

Abstrium Pydio Cells 路径遍历漏洞

Abstrium Pydio Cells is a next-generation file sharing platform developed in the Go language by Abstrium France. A path traversal vulnerability exists in Pydio Cells 2.2.9, which allows a remote authenticated user to overwrite personal files or Cells files belonging to any user via the format...

6.5CVSS6.6AI score0.02017EPSS
Exploits0References4
OSV
OSV
added 2021/06/24 3:15 p.m.6 views

CVE-2021-23398

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting XSS via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output...

6.1CVSS6.4AI score0.01341EPSS
Exploits1References4
CNVD
CNVD
added 2019/08/12 12:0 a.m.5 views

Eclipse BIRT Cross-Site Scripting Vulnerability

Eclipse BIRT is the Eclipse Foundation's set of rich client applications and Web applications for reporting and business intelligence capabilities of open source software . A cross-site scripting vulnerability exists in the 'format' parameter of the Report Viewer in Eclipse BIRT versions 1.0...

6.1CVSS6.4AI score0.00897EPSS
Exploits1References1
OSV
OSV
added 2018/09/21 4:29 p.m.4 views

CVE-2018-14689

An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the namex, sourceformatsx, targetFormatx, step1x, and step2x parameters where x is an integer to transcodingSettings.view that could be used to steal session...

6.1CVSS5.7AI score0.00675EPSS
Exploits1References1
OSV
OSV
added 2018/08/13 8:45 p.m.18 views

GHSA-F599-5M7P-HCPF grape subject to Cross-site Scripting

The grape rubygem suffers from a cross-site scripting XSS vulnerability via "format" parameter...

6.1CVSS5.9AI score0.01428EPSS
Exploits1References5
CNVD
CNVD
added 2018/07/09 12:0 a.m.3 views

ruby-grape ruby gem cross-site scripting vulnerability

ruby-grape ruby gem is a framework for creating class REST APIs in Ruby. A cross-site scripting vulnerability exists in the ruby-grape ruby gem. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of the 'format' parameter...

6.1CVSS5.7AI score0.01428EPSS
Exploits1References1
NVD
NVD
added 2018/07/05 4:29 p.m.22 views

CVE-2018-3769

ruby-grape ruby gem suffers from a cross-site scripting XSS vulnerability via "format" parameter...

6.1CVSS6AI score0.01428EPSS
Exploits1References3
OSV
OSV
added 2018/07/05 4:29 p.m.6 views

UBUNTU-CVE-2018-3769

ruby-grape ruby gem suffers from a cross-site scripting XSS vulnerability via "format" parameter...

6.1CVSS5.7AI score0.01428EPSS
Exploits1References5
OSV
OSV
added 2018/07/05 4:29 p.m.2 views

DEBIAN-CVE-2018-3769

ruby-grape ruby gem suffers from a cross-site scripting XSS vulnerability via "format" parameter...

6.1CVSS6AI score0.01428EPSS
Exploits1References1
OSV
OSV
added 2018/07/05 4:29 p.m.13 views

CVE-2018-3769

ruby-grape ruby gem suffers from a cross-site scripting XSS vulnerability via "format" parameter...

6.1CVSS6AI score
Exploits0References3
Rows per page
Query Builder