Lucene search
K

8222 matches found

Prion
Prion
added 2020/09/10 5:15 p.m.22 views

Cross site scripting

The AEM Forms add-on for versions 6.5.5.0 and below and 6.4.8.2 and below are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they...

6CVSS8.1AI score0.02809EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2020/09/10 5:15 p.m.20 views

Cross site scripting

The AEM forms add-on for versions 6.5.5.0 and below and 6.4.8.2 and below is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they op...

3.5CVSS5.5AI score0.01884EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/09/10 5:15 p.m.24 views

Cross site scripting

The AEM Forms add-on for versions 6.5.5.0 and below and 6.4.8.1 and below is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they op...

3.5CVSS5.5AI score0.01884EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/09/10 4:35 p.m.65 views

CVE-2020-9734

The CVE-2020-9734 issue affects Adobe Experience Manager (AEM) Forms add-on versions 6.5.5.0 and earlier and 6.4.8.1 and earlier. It is a stored XSS vulnerability that lets users with Author privileges store scripts in Forms fields, which could be executed in a victim’s browser when opening the a...

9CVSS5.4AI score0.01884EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/09/10 4:35 p.m.27 views

CVE-2020-9734 Stored XSS in AEM Forms component

The AEM Forms add-on for versions 6.5.5.0 and below and 6.4.8.1 and below is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they op...

9CVSS8.4AI score0.01884EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/09/10 4:35 p.m.23 views

CVE-2020-9741 Stored XSS in AEM Forms Components

The AEM forms add-on for versions 6.5.5.0 and below and 6.4.8.2 and below is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they op...

9CVSS8.4AI score0.01884EPSS
Exploits0References1
CVE
CVE
added 2020/09/10 4:35 p.m.39 views

CVE-2020-9741

The CVE-2020-9741 entry concerns Adobe Experience Manager (AEM) Forms add-on vulnerabilities. Affected versions: AEM Forms add-on 6.5.5.0 (and below) and 6.4.8.2 (and below). The issue is a stored XSS in fields associated with the Forms component, exploitable by users with Author privileges. When...

9CVSS5.4AI score0.01884EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/09/10 4:35 p.m.30 views

CVE-2020-9732 Stored XSS in AEM Sites Components

The AEM Forms add-on for versions 6.5.5.0 and below and 6.4.8.2 and below are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they...

9CVSS8.2AI score0.02809EPSS
Exploits0References1
CVE
CVE
added 2020/09/10 4:35 p.m.57 views

CVE-2020-9732

CVE-2020-9732 affects Adobe Experience Manager (AEM) Forms add-on for versions 6.5.5.0 and earlier and 6.4.8.2 and earlier. Root cause is a stored XSS in fields for the Sites component, allowing an author to store malicious scripts that execute in a viewer’s browser when the vulnerable page is op...

9CVSS8.3AI score0.02809EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2020/09/09 1:15 p.m.30 views

CVE-2020-6313

SAP NetWeaver Application Server JAVAXML Forms versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing...

6.5CVSS0.00721EPSS
Exploits0References2
OSV
OSV
added 2020/09/09 1:15 p.m.4 views

CVE-2020-6313

SAP NetWeaver Application Server JAVAXML Forms versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing...

6.5CVSS6.3AI score0.00721EPSS
Exploits0References2
Prion
Prion
added 2020/09/09 1:15 p.m.16 views

Cross site scripting

SAP NetWeaver Application Server JAVAXML Forms versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing...

4CVSS6.2AI score0.00721EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/09/09 12:43 p.m.59 views

CVE-2020-6313

CVE-2020-6313 affects SAP NetWeaver Application Server Java (XML Forms) on versions 7.30, 7.31, 7.40, 7.50. The root cause is insufficient encoding of user-controlled inputs, enabling an authenticated user with special roles to store content that, when accessed by a victim, can execute JavaScript...

6.5CVSS6.1AI score0.00721EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/09/09 12:43 p.m.32 views

CVE-2020-6313

SAP NetWeaver Application Server JAVAXML Forms versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing...

5.4CVSS6.2AI score0.00721EPSS
Exploits0References2
CNVD
CNVD
added 2020/09/09 12:0 a.m.3 views

Adobe Experience Manager (AEM) Forms Stored Cross-Site Scripting Vulnerability

Adobe Experience Manager AEM Forms is an enterprise document and forms platform that lets you capture and process information, deliver personalized communications, and protect and track sensitive information. A stored cross-site scripting vulnerability exists in Adobe Experience Manager AEM Forms...

9CVSS6.3AI score0.02809EPSS
Exploits0References1
CNVD
CNVD
added 2020/09/09 12:0 a.m.4 views

Adobe Experience Manager (AEM) Forms stored cross-site scripting vulnerability (CNVD-2020-52155)

Adobe Experience Manager AEM Forms is an enterprise document and forms platform that lets you capture and process information, deliver personalized communications, and protect and track sensitive information. A stored cross-site scripting vulnerability exists in Adobe Experience Manager AEM Forms...

9CVSS6.3AI score0.01884EPSS
Exploits0References1
OSV
OSV
added 2020/09/08 8:38 a.m.47 views

RLSA-2020:3662 Moderate: php:7.3 security, bug fix, and enhancement update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.3.20. BZ1856655 Security Fixes: php: Out-of-bounds read due to integer overflow in iconvmimedecodeheaders CVE-2019-11039 php: Buffer...

8.8CVSS8.7AI score0.08888EPSS
Exploits19References23
Positive Technologies
Positive Technologies
added 2020/09/08 12:0 a.m.5 views

PT-2020-4018 · Microsoft +1 · Xamarin.Forms +1

Name of the Vulnerable Software and Affected Versions: Microsoft Xamarin.Forms versions prior to 83.0.4103.106 Description: A spoofing issue exists due to the default settings on Android WebView, allowing an attacker to execute arbitrary Javascript code on a target system. The attack requires the...

9.3CVSS6.1AI score0.04006EPSS
Exploits0References3
Adobe
Adobe
added 2020/09/08 12:0 a.m.40 views

APSB20-56 Security update available for Adobe Experience Manager

Adobe has released updates for Adobe Experience Manager AEM and the AEM Forms add-on package. These updates resolve vulnerabilities rated Critical and Important. Successful exploitation of these vulnerabilities could result in arbitrary JavaScript execution in the browser...

6.7AI score
Exploits0Affected Software2
WPVulnDB
WPVulnDB
added 2020/09/06 12:0 a.m.21 views

Constant Contact Forms < 1.8.8 - Multiple Authenticated Stored XSS

Multiple stored cross-site scripting vulnerabilities in Constant Contact Forms for WordPress 1.8.7 and lower allow high-privileged user Editor+ to inject arbitrary Javascript code or HTML in posts where the malicious form is embed. PoC High-privileged user Editor+ can exploit XSS via Add New Form...

5.2AI score0.00654EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder