Lucene search
K

54 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/08 12:0 a.m.5 views

Joomla! 6.x < 6.0.2 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.9.x prior to 5.4.2, or 6.x prior to 6.0.2. It is, therefore, affected by multiple vulnerabilities. - Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in...

8.4CVSS6.8AI score0.00175EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.6 views

Joomla! CMS 跨站脚本漏洞

Joomla! CMS is an open source content management system for Joomla! A cross-site scripting vulnerability exists in Joomla! CMS that stems from insufficient input filtering, which could lead to cross-site scripting attack vectors in the HTML filter code associated with the data URL in the img tag...

8.4CVSS5.8AI score0.00175EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2001-0362

Malware in sbrugna...

7.5CVSS6.4AI score0.03188EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2006-7015

Malware in sbrugna...

6.8CVSS6.4AI score0.01134EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2021/08/09 12:0 a.m.66 views

Security update for python-reportlab (moderate)

openSUSE Security Update: Security update for python-reportlab Announcement ID: openSUSE-SU-2021:2641-1 Rating: moderate References: 1182503 Cross-References: CVE-2020-28463 CVSS scores: CVE-2020-28463 NVD : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-28463 SUSE: 5...

5CVSS6.8AI score0.01487EPSS
Exploits1References1
OSV
OSV
added 2021/03/29 4:32 p.m.26 views

GHSA-MPVW-25MG-59VX Server-side Request Forgery (SSRF) via img tags in reportlab

All versions of package reportlab at time of writing are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes & trustedHosts see in Reportlab's documentation Steps to reproduce by Karan Bamal: 1. Download and install the latest package of...

7.1CVSS6.5AI score0.01487EPSS
Exploits1References12
RedhatCVE
RedhatCVE
added 2021/02/18 9:24 p.m.26 views

CVE-2020-28463

A flaw was found in python-reportlab. A Server-side Request Forgery SSRF vulnerability is possible via img tags...

6.5CVSS3.8AI score0.01487EPSS
Exploits1References4
NVD
NVD
added 2021/02/18 4:15 p.m.18 views

CVE-2020-28463

All versions of package reportlab are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes & trustedHosts see in Reportlab's documentation Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos ...

6.5CVSS0.01487EPSS
Exploits1References5
Kitploit
Kitploit
added 2020/11/28 8:30 p.m.99 views

Webscan - Browser-based Network Scanner And local-IP Detection

webscan is a browser-based network IP scanner and local IP detector. It detects IPs bound to the user/victim by listening on an RTP data channel via WebRTC and looping back to the port across any live IPs, as well as discovering all live IP addresses on valid subnets by monitoring for immediate...

7AI score
Exploits0References2
OSV
OSV
added 2020/09/03 3:45 p.m.10 views

GHSA-MG69-6J3M-JVGW HTML Injection in marky-markdown

All versions of marky-markdown are vulnerable to HTML Injection. The package fails to sanitize style attributes in img tags of the markdown input. This may allow attackers to affect the size of images in the rendered HTML. Recommendation This package is no longer maintained. Please upgrade to...

7.3CVSS6.9AI score
Exploits0References3
Veracode
Veracode
added 2020/04/10 12:14 a.m.21 views

Cross-Site Request Forgery (CSRF)

squirrelmail is vulnerable to cross-site request forgery. Squirrelmail did not sufficiently check arguments to IMG tags in HTML e-mail messages. This could be exploited by an attacker by sending arbitrary e-mail messages on behalf of a squirrelmail user tricked into opening a maliciously crafted...

5CVSS1.4AI score0.01374EPSS
Exploits1References18Affected Software1
CNVD
CNVD
added 2017/06/30 12:0 a.m.2 views

McAfee Data Loss Prevention Endpoint ePO extension cross-site scripting vulnerability

McAfee Data Loss Prevention Endpoint DLP Endpoint is an integrated endpoint data protection solution from McAfee, Inc. that prevents theft and accidental disclosure of confidential data and provides security policies for file handling and transfer, shared endpoint data flow control, and data...

5.4CVSS6AI score0.00511EPSS
Exploits0References1
NVD
NVD
added 2017/06/23 1:29 p.m.16 views

CVE-2017-3948

Cross Site Scripting XSS in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint DLP Endpoint 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session...

5.4CVSS5.2AI score0.00511EPSS
Exploits0References1
Prion
Prion
added 2017/06/23 1:29 p.m.20 views

Cross site scripting

Cross Site Scripting XSS in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint DLP Endpoint 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session...

3.5CVSS5.1AI score0.00511EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/06/23 1:0 p.m.18 views

CVE-2017-3948

Cross Site Scripting XSS in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint DLP Endpoint 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session...

5.2AI score0.00511EPSS
Exploits0References1
CVE
CVE
added 2017/06/23 1:0 p.m.58 views

CVE-2017-3948

Summary: CVE-2017-3948 is a Cross Site Scripting (XSS) vulnerability in the IMG Tags of the ePO extension for McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x. The underlying issue is an XSS in IMG Tags that allows an authenticated user to inject arbitrary web script or HTML via malicio...

5.4CVSS5.1AI score0.00511EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2015/02/13 12:0 a.m.20 views

Vanilla Forums 2.1.1 Cross Site Scripting

The vulnerability is related to the insufficient filtration in HTMLawed. Existing filter can be bypassed and paste into the HTML tag onerror event, that leads to stored XSS. I notified the developers of existing vulnerabilities and they closed it in version 2.1.1 proof:...

0.2AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

YaBB 1.x/9.1.2000 Administrator Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11214/info It is reported that YaBB is affected by an administrator command execution vulnerability. This issue is due to a failure of the application to properly validate access to administrative commands. This issue...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

MS IE 3/4/5,Netscape Communicator 4 IMG Tag DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3122/info An issue which affects users of multiple web browsers on Microsoft Windows platforms has been discovered. Multiple malicious IMG tags may cause a denial of services to users who view webpages they are embedded...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

Microsoft Outlook 2003 Predictable File Location Weakness

No description provided by source. source: http://www.securityfocus.com/bid/10307/info Microsoft Outlook 2003 is reported to be prone to store files that are specified in img tags, in predictable locations. This may present a security risk because many known and potential Internet Explorer...

7.1AI score
Exploits0
Rows per page
Query Builder