Lucene search
+L

190 matches found

Vulnrichment
Vulnrichment
added 2022/06/27 4:14 p.m.9 views

CVE-2022-2140 Elcomplus SmartICS Cross-site Scripting

Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters...

8.8CVSS9.1AI score0.00771EPSS
Exploits0References1
CVE
CVE
added 2022/05/26 12:0 a.m.215 views

CVE-2022-27777

CVE-2022-27777 : Rails contains an XSS vulnerability in Action View tag helpers that could allow an attacker to inject content when they can control input in specific attributes. The issue is confirmed across multiple sources (Rails ecosystem advisories and debian/security notes) and is tied to t...

6.1CVSS5.8AI score0.01485EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/05/17 4:17 a.m.3 views

GHSA-WGW2-GW4V-9W4J Improper Neutralization of Input During Web Page Generation in Apache Solr

Cross-site scripting XSS vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the fieldvaluecache object...

4.3CVSS6AI score0.04702EPSS
Exploits0References2
Prion
Prion
added 2022/05/04 5:15 p.m.24 views

Input validation

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to...

9CVSS7.3AI score0.01923EPSS
Exploits0References1Affected Software4
CVE
CVE
added 2022/03/30 3:20 p.m.190 views

CVE-2022-23799

CVE-2022-23799 affects Joomla! 4.0.0–4.1.0. The issue arises in JInput where, under certain conditions, input bags are polluted with $_REQUEST data, potentially impacting confidentiality, integrity, and availability. The connected sources confirm the affected range and the root cause (JInput poll...

9.8CVSS9.4AI score0.01172EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/03/09 12:0 a.m.10 views

PT-2022-16980 · Ipcomm · Ipcomm Ipdio +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be...

8.8CVSS8.7AI score0.00997EPSS
Exploits0References4
OSV
OSV
added 2022/02/02 6:15 a.m.2 views

DEBIAN-CVE-2022-24300

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection...

9.8CVSS8.7AI score0.0166EPSS
Exploits0References1
NVD
NVD
added 2022/01/25 11:15 p.m.13 views

CVE-2021-36348

iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to iDRAC...

8.1CVSS0.01132EPSS
Exploits0References1
OSV
OSV
added 2022/01/25 11:15 p.m.4 views

CVE-2021-36348

iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to iDRAC...

8.1CVSS6.5AI score0.01132EPSS
Exploits0References1
Prion
Prion
added 2022/01/25 11:15 p.m.14 views

Design/Logic Flaw

iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to iDRAC...

5.5CVSS7.7AI score0.01132EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/01/25 10:15 p.m.62 views

CVE-2021-36348

CVE-2021-36348 affects Dell EMC iDRAC9 before version 5.00.20.00, where an input-injection vulnerability allows a remote authenticated low-privilege attacker to cause information disclosure or DoS by sending specially crafted input data. Affected component is iDRAC9 input handling; root cause is ...

8.1CVSS7.7AI score0.01132EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/01/25 10:15 p.m.13 views

CVE-2021-36348

iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to iDRAC...

5.9CVSS8AI score0.01132EPSS
Exploits0References1
OSV
OSV
added 2021/12/14 6:15 p.m.3 views

CVE-2021-44042

An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the --process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in attacker-controlled content being injected into the error message displayed when the injected content...

9.8CVSS5.9AI score0.01083EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2021/11/23 10:34 a.m.4 views

jetty: buffer not correctly recycled in Gzip Request inflation

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that ...

5.8CVSS7.2AI score0.08113EPSS
Exploits0References5
OSV
OSV
added 2021/09/17 3:15 p.m.6 views

CVE-2021-41316

The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker with permissions to add or edit jobs run by this utility can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector...

8.1CVSS5.9AI score0.01436EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/09/17 3:15 p.m.3 views

CVE-2021-41316

The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker with permissions to add or edit jobs run by this utility can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector...

8.5CVSS7.4AI score0.01436EPSS
Exploits0References4
OSV
OSV
added 2021/09/02 3:15 a.m.5 views

CVE-2021-34746

A vulnerability in the TACACS+ authentication, authorization and accounting AAA feature of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. This vulnerability is due to...

9.8CVSS5.8AI score0.17661EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/03/26 8:50 a.m.13 views

CVE-2021-20681

Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors...

5.7AI score0.00731EPSS
Exploits0References2
Snyk
Snyk
added 2021/01/06 1:17 p.m.6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. The transfer state is serialised with the JSON.stringify function and then written into the HTML page. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a...

7.3CVSS5.4AI score0.00825EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/05/28 2:58 p.m.4 views

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

6.9CVSS6.5AI score0.99019EPSS
Exploits7References5
Rows per page
Query Builder