Lucene search
+L

569 matches found

Vulnrichment
Vulnrichment
added 2024/10/16 4:16 p.m.11 views

CVE-2024-20462 Cisco ATA 190 Series Analog Telephone Adapter Muliplatform Firmware Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device. This vulnerability is due to incorrect sanitization of HTML conte...

5.5CVSS6.7AI score0.00157EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/09/09 12:0 a.m.23 views

CKEditor < 4.24.0-LTS Multiples Cross-Site Scripting

According to its self-reported version number, the CKEditor application running on the remote host is prior to 4.24.0-LTS. It is, therefore, affected by multiples Cross-Site-Scripting : - In samples that are shipped with production code. The vulnerability allowed to execute JavaScript code by...

6.1CVSS7.5AI score0.01652EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.233 views

HTTP Client Automatic Exploiter 2 (Browser Autopwn)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "HTTP Client Automatic Exploiter 2 Browser Autopwn", 'Description' = %q This module will automatically serve browser exploits. Here are the option...

7.4AI score
Exploits0
Veracode
Veracode
added 2024/08/16 8:16 a.m.19 views

Cross Site Scripting(XSS)

Trix editor is vulnerable to Cross Site Scripting. The vulnerability is due to improper handling of text/html content types in the dataTransfer object during paste events, allowing attackers to execute arbitrary JavaScript by tricking users into pasting malicious code...

6.5CVSS7.6AI score0.00487EPSS
Exploits0References8Affected Software1
Mageia
Mageia
added 2024/08/15 5:48 p.m.35 views

Updated roundcubemail packages fix security vulnerabilities

Fix XSS vulnerability in post-processing of sanitized HTML content CVE-2024-42009 Fix XSS vulnerability in serving of attachments other than HTML or SVG CVE-2024-42008 Fix information leak access to remote content via insufficient CSS filtering CVE-2024-42010...

9.3CVSS6.2AI score0.84446EPSS
Exploits9References2
Tenable Nessus
Tenable Nessus
added 2024/08/15 12:0 a.m.22 views

Fedora 40 : roundcubemail (2024-2e908e829a)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-2e908e829a advisory. Version 1.6.8 - Managesieve: Protect special scripts in managesievekolabmaster mode - Fix newmailnotifier notification focus in Chrome 9467 - Fix...

9.3CVSS8.6AI score0.84446EPSS
Exploits9References4
NVD
NVD
added 2024/07/25 8:15 a.m.21 views

CVE-2024-41707

An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML content injection. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data stor...

5.4CVSS0.00288EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/25 12:0 a.m.28 views

CVE-2024-41707

An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML content injection. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data stor...

4.8CVSS6.9AI score0.00288EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/25 12:0 a.m.17 views

CVE-2024-41707

An issue was discovered in Archer Platform 6 before 2024.06. Authenticated users can achieve HTML content injection. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data stor...

4.8CVSS0.00288EPSS
Exploits0References2
CVE
CVE
added 2024/07/25 12:0 a.m.66 views

CVE-2024-41707

Archer Platform (v6) prior to 2024.06 is vulnerable to stored HTML content injection. Authenticated users can store malicious HTML in the trusted application data store, which is then executed by victim users’ browsers in the vulnerable app context. Remediation cited in available sources is to up...

5.4CVSS6.9AI score0.00288EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/06/21 10:13 a.m.10 views

Cross Site Scripting (XSS)

silverstripe/framework is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper input validation of HTML content, which allows authenticated users with page edit permission to perform XSS...

6.3AI score
Exploits0
OSV
OSV
added 2024/06/14 11:8 a.m.4 views

OESA-2024-1710 rubygem-actionpack security update

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. Security Fixes: Action Pack is a framework for handling and responding to web requests. Sin...

9.8CVSS6.8AI score0.00658EPSS
Exploits0References2
Snyk
Snyk
added 2024/06/04 8:41 p.m.3 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation due to the improper handling of security headers for non-HTML content types. An attacker can potentially exploit this to bypass security restrictions by sending specially crafted requests that exploit the lack ...

9.8CVSS6.9AI score0.00658EPSS
Exploits0References2
OSV
OSV
added 2024/06/04 8:15 p.m.3 views

UBUNTU-CVE-2024-28103

Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3...

9.8CVSS6AI score0.00658EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/06/04 9:16 a.m.14 views

CVE-2023-45635 WordPress Responsive Tabs plugin < 4.0.6 - HTML Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in WP Darko Responsive Tabs allows Code Injection.This issue affects Responsive Tabs: from n/a before 4.0.6...

5.4CVSS6.9AI score0.00337EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/04 9:16 a.m.22 views

CVE-2023-45635 WordPress Responsive Tabs plugin < 4.0.6 - HTML Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in WP Darko Responsive Tabs allows Code Injection.This issue affects Responsive Tabs: from n/a before 4.0.6...

5.4CVSS5.6AI score0.00337EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/05/20 12:0 a.m.7 views

The vulnerability of the Mozilla Firefox browser, related to the execution of operations beyond the buffer in memory, allows attackers to execute arbitrary code.

The vulnerability of the Mozilla Firefox browser is related to the execution of operations beyond the buffer boundaries in memory when processing HTML content. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.2AI score0.00486EPSS
Exploits0References8Affected Software3
OSV
OSV
added 2024/05/14 10:15 p.m.28 views

GHSA-XC3P-28HW-Q24G Grafana proxy Cross-site Scripting

Today we are releasing Grafana 8.3.5 and 7.5.15. This patch release includes MEDIUM severity security fix for XSS for Grafana. Release v.8.3.5, only containing security fixes: - Download Grafana 8.3.5 - Release notes Release v.7.5.15, only containing security fixes: - Download Grafana 7.5.15 -...

6.8CVSS6.9AI score0.02359EPSS
Exploits1References9
Veracode
Veracode
added 2024/04/30 5:48 a.m.15 views

Cross-site Scripting (XSS)

knowledge-repo is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper user input validation in the post comments functionality. This allows an attacker to inject arbitrary web scripts or HTML content into the application, potentially leading to cross-site scripting XSS...

6.1CVSS5.3AI score0.01315EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2024/04/16 9:22 a.m.22 views

Cross-Site Scripting (XSS)

tecnickcom/tcpdf is vulnerable to Cross-Site Scripting. The vulnerability is due to insecure processing of HTML content inside PDF documents, which could result in Cross-Site Scripting...

6.1CVSS6.8AI score0.00582EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder