Lucene search
K

330 matches found

NVD
NVD
added 2021/08/17 11:15 p.m.25 views

CVE-2021-39250

Invision Community aka IPS Community Suite or IP-Board before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widget...

5.4CVSS0.00815EPSS
Exploits1References2
Prion
Prion
added 2021/08/17 11:15 p.m.20 views

Cross site scripting

Invision Community aka IPS Community Suite or IP-Board before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widget...

3.5CVSS5.5AI score0.00815EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/08/17 10:2 p.m.27 views

CVE-2021-39250

Invision Community aka IPS Community Suite or IP-Board before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widget...

5.7AI score0.00815EPSS
Exploits1References2
NVD
NVD
added 2021/07/22 5:15 p.m.28 views

CVE-2021-37403

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet user-generated content when a sharing link is created and an App Loader relative URL is used...

6.1CVSS0.00792EPSS
Exploits0References2
NVD
NVD
added 2021/07/22 5:15 p.m.22 views

CVE-2021-26698

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet user-generated content when a sharing link is created and the dl parameter is used...

6.1CVSS0.01428EPSS
Exploits2References3
Prion
Prion
added 2021/07/22 5:15 p.m.17 views

Cross site scripting

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet user-generated content when a sharing link is created and the dl parameter is used...

4.3CVSS6AI score0.01428EPSS
Exploits2References3Affected Software1
Prion
Prion
added 2021/07/22 5:15 p.m.21 views

Cross site scripting

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet user-generated content when a sharing link is created and an App Loader relative URL is used...

4.3CVSS6AI score0.00792EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/07/22 4:19 p.m.44 views

CVE-2021-37403

OX App Suite vulnerable to XSS via a code snippet in user-generated content when a sharing link is created and an App Loader relative URL is used. Affected versions: before 7.10.3-rev32 and before 7.10.4-rev18. The vulnerability stems from how the App Loader relative URL handles shared links. Rem...

6.1CVSS6AI score0.00792EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/07/22 4:7 p.m.48 views

CVE-2021-26698

Open-Xchange OX App Suite is affected by a cross-site scripting vulnerability in older releases. Affected products: OX App Suite prior to 7.10.3-rev32 and 7.10.4 prior to 7.10.4-rev18. The issue arises when a sharing link is created and the dl parameter is used, allowing XSS via user-generated co...

6.1CVSS6AI score0.01428EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2021/07/22 4:7 p.m.23 views

CVE-2021-26698

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet user-generated content when a sharing link is created and the dl parameter is used...

6.2AI score0.01428EPSS
Exploits2References3
Malwarebytes
Malwarebytes
added 2021/04/26 11:35 a.m.193 views

11-13 year old girls most likely to be targeted by online predators

The Internet Watch Foundation IWF, a not-for-profit organization in England whose mission is "to eliminate child sexual abuse imagery online", has recently released its analysis of online predator victimology and the nature of sexual abuse media that is currently prevalent online. The scope of th...

7AI score
Exploits0
Prion
Prion
added 2020/07/02 3:15 p.m.16 views

Design/Logic Flaw

Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

3.5CVSS5.5AI score0.00735EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/07/02 2:55 p.m.35 views

CVE-2020-2214

Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...

5.5AI score0.00735EPSS
Exploits0References2
Veracode
Veracode
added 2020/05/25 5:0 a.m.17 views

Cross-Site Scripting (XSS)

pngquant-bin is vulnerable to cross-site scripting XSS attacks. The raw.github.com subdomain does not properly sanitize user-generated content, allowing an attacker to upload potentially malicious contents...

2.9AI score
Exploits0
ThreatPost
ThreatPost
added 2020/01/07 2:27 p.m.77 views

Facebook Cracks Down on Deepfake Videos

Facebook is banning deepfake videos, which stem from a technique of human-image synthesis based on artificial intelligence AI to create fake content. Over the past year, security experts and lawmakers have voiced concerns about malicious deepfake applications, particularly as a vessel for...

7.3AI score
Exploits0References7
Talos Blog
Talos Blog
added 2017/07/20 12:29 p.m.44 views

Vulnerability Spotlight: Multiple Vulnerabilities in CorelDRAW X8

Today, Talos is disclosing several vulnerabilities that have been identified in CorelDRAW X8. CorelDRAW X8 is graphics suite used for manipulating raster and vector images and is a common alternative to Adobe Creative Cloud. Several of the vulnerabilities being disclosed today specifically affect...

8.6AI score0.0274EPSS
Exploits5
Microsoft CVE
Microsoft CVE
added 2017/06/13 7:0 a.m.72 views

Microsoft Browser Information Disclosure Vulnerability

An information disclosure vulnerability exists when affected Microsoft scripting engines do not properly handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer. In a web-based attack scenario, an attacker could host a website that is us...

6.5CVSS0.9AI score0.14265EPSS
Exploits0
Hacker One
Hacker One
added 2017/03/18 2:35 a.m.20 views

Rockstar Games: Comments Denial of Service in socialclub.rockstargames.com

In this report, the researcher was able to demonstrate a POC utilizing control character injection that disabled a chain of comments in sections of the site containing UGC, particularly Jobs and Job playlists. Although denial-of-service attacks are typically closed as Not Applicable in our progra...

1.7AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2016/09/13 7:0 a.m.36 views

Microsoft Browser Information Disclosure Vulnerability

An information disclosure vulnerability exists when affected Microsoft scripting engines do not properly handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer. In a web-based attack scenario, an attacker could host a website that is us...

6.5CVSS0.9AI score0.26286EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2016/04/12 7:0 a.m.46 views

Internet Explorer Information Disclosure Vulnerability

An information disclosure vulnerability exists when Internet Explorer does not properly handle JavaScript. The vulnerability could allow an attacker to detect specific files on the user's computer. In a web-based attack scenario, an attacker could host a website used to attempt to exploit the...

4.3CVSS0.7AI score0.22088EPSS
Exploits0
Rows per page
Query Builder