Lucene search
K

34 matches found

Cvelist
Cvelist
added 2020/05/07 11:29 p.m.29 views

CVE-2020-12718

In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle...

5.9AI score0.00659EPSS
Exploits1References1
OSV
OSV
added 2020/05/07 8:15 p.m.17 views

CVE-2020-12707

An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements...

6.1CVSS5.9AI score
Exploits0References1
Prion
Prion
added 2020/05/07 8:15 p.m.16 views

Cross site scripting

An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements...

4.3CVSS5.8AI score0.01225EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/05/07 7:9 p.m.24 views

CVE-2020-12707

An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements...

6AI score0.01225EPSS
Exploits1References1
OSV
OSV
added 2020/04/28 9:15 p.m.3 views

CVE-2020-12438

An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags...

5.4CVSS6.1AI score0.00582EPSS
Exploits1References2
Prion
Prion
added 2020/04/28 9:15 p.m.20 views

Cross site scripting

An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags...

3.5CVSS5.2AI score0.00582EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2020/01/02 2:3 p.m.7 views

OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765)

Vulnerability in the Java SE product of Oracle Java SE component: Javadoc. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

4.7CVSS7.4AI score0.0267EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/12/09 8:58 a.m.9 views

OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765)

Vulnerability in the Java SE product of Oracle Java SE component: Javadoc. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

4.7CVSS7.4AI score0.0267EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/10/29 12:0 a.m.38 views

Virtuozzo 6 : java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc (VZLSA-2019-3158)

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

6.8CVSS6.5AI score0.03749EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2019/10/22 12:0 a.m.42 views

Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20191018)

Security Fixes : - OpenJDK: Improper handling of Kerberos proxy credentials Kerberos, 8220302 CVE-2019-2949 - OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn Scripting, 8223518 CVE-2019-2975 - OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler...

6.8CVSS6.6AI score0.03749EPSS
Exploits0References15
RedHat Linux
RedHat Linux
added 2019/10/21 7:22 p.m.6 views

OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765)

Vulnerability in the Java SE product of Oracle Java SE component: Javadoc. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

4.7CVSS7.4AI score0.0267EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/10/18 12:0 a.m.45 views

Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20191016)

Security Fixes : - OpenJDK: Improper handling of Kerberos proxy credentials Kerberos, 8220302 CVE-2019-2949 - OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn Scripting, 8223518 CVE-2019-2975 - OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler...

6.8CVSS6.6AI score0.03749EPSS
Exploits0References15
RedHat Linux
RedHat Linux
added 2019/10/17 10:0 a.m.5 views

OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765)

Vulnerability in the Java SE product of Oracle Java SE component: Javadoc. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

4.7CVSS7.4AI score0.0267EPSS
Exploits0References4
Veracode
Veracode
added 2019/10/17 12:22 a.m.32 views

Cross-site Scripting (XSS)

OpenJDK is vulnerable to cross-site scripting XSS. The vulnerability exists through insufficient filtering of HTML event attributes in Javadoc...

4.7CVSS0.9AI score0.0267EPSS
Exploits0References24Affected Software4
Rows per page
Query Builder