Lucene search
K

856 matches found

CNNVD
CNNVD
added 2023/03/31 12:0 a.m.5 views

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in versions prior to phpMyFAQ 3.1.12, which stems from improper input neutralization...

4.7CVSS5.4AI score0.00601EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/03/21 11:21 a.m.12 views

CVE-2023-1154 XSS in Pacsrapor

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pacsrapor allows Reflected XSS. This issue affects Pacsrapor: before 1.22...

6.1CVSS6.4AI score0.00357EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/03/14 6:42 a.m.8 views

CVE-2022-47171 WordPress IP Vault – WP Firewall Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paul C. Schroeder IP Vault – WP Firewall plugin = 1.1 versions...

5.9CVSS6.8AI score0.00394EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/03/07 12:0 a.m.7 views

Fortinet FortiNAC 跨站脚本漏洞

Fortinet FortiNAC is a set of network access control solutions from the U.S. company Fita Fortinet. The product is primarily used for network access control and IoT security. A security vulnerability exists in Fortinet FortiNAC that stems from incorrectly neutralizing input during web page...

7.5CVSS4.9AI score0.00514EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/03/06 12:15 p.m.4 views

CVE-2022-2178

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Saysis Computer Starcities allows Cross-Site Scripting XSS. This issue affects Starcities: before 1.1...

6.1CVSS6.4AI score0.00372EPSS
Exploits0References3
CVE
CVE
added 2023/03/06 11:43 a.m.60 views

CVE-2022-2178

CVE-2022-2178 corresponds to a cross-site scripting (XSS) flaw in Saysis Computer Starcities prior to version 1.1, arising from improper neutralization of input during web page generation. The vulnerability could allow injection of malicious scripts when rendering pages. Affected product/version:...

6.1CVSS6.4AI score0.00372EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/02/28 5:15 p.m.25 views

CVE-2023-27294

Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event. This could...

5.4CVSS5.4AI score0.0053EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/02/28 12:0 a.m.25 views

CVE-2023-27294

Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event. This could...

5.6AI score0.0053EPSS
Exploits1References1
OSV
OSV
added 2023/02/28 12:0 a.m.13 views

CVE-2023-27293

Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used to steal other users’ cooki...

6.1CVSS7AI score0.00596EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/02/04 12:0 a.m.3 views

Apache Sling 跨站脚本漏洞

Apache Sling is the United States Apache Apache Foundation of a Java platform for open source Web framework. It is designed to create content-centric applications on JSR-170 compliant content repositories such as Apache Jackrabbit. A cross-site scripting vulnerability exists in Apache Sling 1.1.4...

6.1CVSS5.4AI score0.01445EPSS
Exploits0References3
NVD
NVD
added 2023/01/26 9:18 p.m.28 views

CVE-2022-4092

An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input...

8CVSS6.2AI score0.01396EPSS
Exploits1References3
NVD
NVD
added 2022/11/02 12:15 p.m.29 views

CVE-2022-39950

An improper neutralization of input during web page generation vulnerability CWE-79 exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4. Report templates may allow a low privilege level attacker to perform an XSS attack via...

8CVSS0.00684EPSS
Exploits0References1
Prion
Prion
added 2022/09/06 4:15 p.m.14 views

Cross site scripting

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting XSS attack through the URI parameter via the Threat...

4.9CVSS5.1AI score0.0037EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2022/05/11 3:15 p.m.31 views

CVE-2021-43081

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to...

6.1CVSS0.00844EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/05/11 2:30 p.m.32 views

CVE-2021-43081

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to...

6.1CVSS6.3AI score0.00844EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/02/25 12:0 a.m.4 views

Weblate 跨站脚本漏洞

A cross-site scripting vulnerability exists in Weblate, a Copyleft web-based free software continuous localization system, which stems from the failure of versions prior to 4.11 to properly neutralize user input used in the username and language fields. As a result of this improper neutralization...

5.4CVSS5.2AI score0.00741EPSS
Exploits0References6
Prion
Prion
added 2022/01/24 8:15 p.m.10 views

Cross site scripting

An issue was discovered in COINS Construction Cloud 11.12. Due to improper input neutralization, it is vulnerable to reflected cross-site scripting XSS via malicious links affecting the search window and activity view window...

4.3CVSS5.9AI score0.01085EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/01/17 12:15 p.m.7 views

CVE-2021-3853

chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

6.1CVSS6.7AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/12/26 12:15 p.m.7 views

CVE-2021-4169

livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

6.1CVSS5.9AI score0.00948EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2021/12/24 8:15 p.m.2 views

CVE-2021-3977

invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

6.5CVSS6.4AI score0.00592EPSS
Exploits1References3
Rows per page
Query Builder