Lucene search
K

44 matches found

OSV
OSV
added 2024/03/22 3:15 p.m.10 views

CVE-2024-28593

The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. NOTE: the vendor's UsingChat page says "If you know some HTML code, you can use it in your text to do things like insert image...

5.4CVSS6.3AI score0.00551EPSS
Exploits0References3
OSV
OSV
added 2022/05/14 1:38 a.m.12 views

GHSA-7M8V-W6F9-Q2F9 Cross-site Scripting in Jenkins Rebuilder Plugin

A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugin 1.28 and earlier in RebuildAction/BooleanParameterValue.jelly, RebuildAction/ExtendedChoiceParameterValue.jelly, RebuildAction/FileParameterValue.jelly, RebuildAction/LabelParameterValue.jelly,...

5.4CVSS5.1AI score0.00622EPSS
Exploits0References4
CNVD
CNVD
added 2021/12/01 12:0 a.m.10 views

Business-Dna Solution GmbH TopEase Code Injection Vulnerability

Business-Dna Solution GmbH TopEase is a "Transformational Risk" solution from Business-Dna Solution GmbH, Switzerland. It is used to manage complex projects and initiatives comprehensively, simply, quickly and securely. A code injection vulnerability exists in Business-Dna Solution GmbH TopEase,...

5.4CVSS7.1AI score0.00705EPSS
Exploits0References1
NVD
NVD
added 2021/09/13 6:15 p.m.39 views

CVE-2021-24619

The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues...

4.8CVSS0.00598EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2019/03/22 12:0 a.m.1388 views

TCPDF 6.2.19 Deserialization / Remote Code Execution

CVE-2018-17057: phar deserialization in TCPDF might lead to RCE --------------------------------------------------------------- Affected products ================= TCPDF While it is a nice feature to have for the developer, it may cause problems in case the PDF creation script is vulnerable to...

7.5CVSS0.1AI score0.26172EPSS
Exploits7
Prion
Prion
added 2018/01/01 6:29 a.m.18 views

Authentication flaw

Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code via the sgcgoogleanalytic parameter that runs on all pages served by WordPress. The saveGoogleCode function in...

7.5CVSS9.3AI score0.91477EPSS
Exploits5References4Affected Software1
Hacker One
Hacker One
added 2017/10/28 10:13 a.m.28 views

Razer US: XSS on Saved Carts page

The saved cart endpoint was vulnerable to a reflective XSS due to lack of sanitization of cartcode which is inserted back in the HTML document, which could allow execution of malicious Javascript on the client...

0.7AI score
Exploits0
Cvelist
Cvelist
added 2017/10/04 1:0 a.m.19 views

CVE-2017-1000102

The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings Warnings Plugin, could insert...

5.3AI score0.00743EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2012/09/12 12:0 a.m.33 views

Microsoft System Center Configuration Manager XSS Vulnerability (2741528)

This host is missing an important security update according to Microsoft Bulletin MS12-062. OpenVAS Vulnerability Test $Id: secpodms12-062.nasl 6520 2017-07-04 14:28:49Z cfischer $ Microsoft System Center Configuration Manager XSS Vulnerability 2741528 Authors: Rachana Shetty Copyright: Copyright...

4.3CVSS0.16162EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2011/01/27 12:0 a.m.24 views

Joomla! Cross Site Scripting Vulnerability

The host is running Joomla! and is prone to Cross site scripting vulnerability. OpenVAS Vulnerability Test $Id: gbjoomlaxssvuln.nasl 7019 2017-08-29 11:51:27Z teissa $ Joomla! Cross Site Scripting Vulnerability Authors: Sooraj KS Copyright: Copyright c 2011 Greenbone Networks GmbH,...

4.3CVSS6.5AI score0.01774EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2009/01/08 12:0 a.m.23 views

Kerio Mail Server Multiple Cross Site Scripting vulnerabilities

The host is running Kerio Mail Server and is prone to multiple cross site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: gbkeriomailservermultxssvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ Kerio Mail Server Multiple Cross Site Scripting vulnerabilities Authors: Chandan S Copyright:...

4.3CVSS0.2AI score0.01223EPSS
Exploits0References2
Drupal
Drupal
added 2008/06/25 12:0 a.m.18 views

SA-2008-039 - Suggested terms - Cross site scripting

This module provides "suggested terms" for free-tagging Taxonomy fields based on terms already submitted. Taxonomy terms as presented in the clickable list are not properly sanitized. Users who are able to create new terms are able to insert arbitrary script code and HTML into certain edit pages...

7.2AI score
Exploits0References3
Drupal
Drupal
added 2006/10/18 12:0 a.m.20 views

DRUPAL-SA-2006-024 - Drupal core - Multiple cross site scripting vulnerabilities

Multiple XSS cross site scripting vulnerabilities have been discovered. A bug in input validation and lack of output validation allows HTML and script insertion on several pages. Drupal's XML parser passes unescaped data to watchdog under certain circumstances. A malicious user may execute an XSS...

6.6AI score
Exploits0References4
FreeBSD
FreeBSD
added 2006/10/18 12:0 a.m.14 views

drupal -- multiple XSS vulnerabilities

The Drupal Team reports: A bug in input validation and lack of output validation allows HTML and script insertion on several pages. Drupal's XML parser passes unescaped data to watchdog under certain circumstances. A malicious user may execute an XSS attack via a specially crafted RSS feed. This...

1.8AI score
Exploits0References2
Cvelist
Cvelist
added 2004/09/01 4:0 a.m.17 views

CVE-2002-1497

Cross-site scripting XSS vulnerability in Null HTTP Server 0.5.0 and earlier allows remote attackers to insert arbitrary HTML into a "404 Not Found" response...

5.8AI score0.01685EPSS
Exploits0References3
Cvelist
Cvelist
added 2004/06/23 4:0 a.m.30 views

CVE-2004-0588

Cross-site scripting XSS vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages...

5.8AI score0.0137EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2003/12/01 12:0 a.m.30 views

rnnguest12.txt

RNN's Guestbook 1.2 Multiple Vulnerabilies Discovered by Chris Rahm aka: BrainRawt brainrawt at haxworx.com Vulnerabilities: Remote Command Execution Administrative Access Information Disclosure Reading of Files Arbitrary HTML Insertion/Script Injection Plain Text Administrative Password Remote:...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2003/11/28 12:0 a.m.102 views

RNN's Guestbook 1.2 Multiple Vulnerabilities

RNN's Guestbook 1.2 Multiple Vulnerabilies Discovered by Chris Rahm aka: BrainRawt brainrawt at haxworx.com Vulnerabilities: Remote Command Execution Administrative Access Information Disclosure Reading of Files Arbitrary HTML Insertion/Script Injection Plain Text Administrative Password Remote:...

0.4AI score
Exploits0
NVD
NVD
added 2003/08/07 4:0 a.m.13 views

CVE-2003-0504

Multiple cross-site scripting XSS vulnerabilities in Phpgroupware 0.9.14.003 aka webdistro allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module...

4.3CVSS5.7AI score0.01343EPSS
Exploits0References5
CVE
CVE
added 2003/06/11 4:0 a.m.50 views

CVE-2003-0404

CVE-2003-0404 affects Vignette StoryServer 4/5 and Vignette V/5 and V/6. Vulnerability: multiple Cross Site Scripting (XSS) via text variables, demonstrated through the errInfo parameter in the default login template. Impact: remote attackers can inject arbitrary HTML and script. Exploitation det...

4.3CVSS6.4AI score0.01979EPSS
Exploits1References4Affected Software3
Rows per page
Query Builder