Lucene search
K

4739 matches found

CNVD
CNVD
added 2022/03/02 12:0 a.m.17 views

Ice Hrm Cross-Site Scripting Vulnerability (CNVD-2022-67479)

Ice Hrm is a human resource management system. Ice Hrm version 30.0.0.OS is vulnerable to a cross-site scripting vulnerability caused by a lack of data validation filtering of user-supplied and output data in the "m" parameter of the user dashboard. An attacker could exploit this vulnerability to...

6.1CVSS2.6AI score0.00705EPSS
Exploits1References1
CNVD
CNVD
added 2022/03/02 12:0 a.m.15 views

Maxsite CMS Cross-Site Scripting Vulnerability (CNVD-2022-33827)

MaxSite CMS is a web content management system of the Russian MaxSite CMS open source project.Maxsite CMS has a cross-site scripting vulnerability , the vulnerability stems from the lack of parameters in the management file f the user-supplied data and output data validation filter , an attacker...

5.4CVSS3.5AI score0.00485EPSS
Exploits1References1
CVE
CVE
added 2022/03/01 2:4 p.m.136 views

CVE-2021-46387

CVE-2021-46387 affects ZyXEL ZyWALL 2 Plus Internet Security Appliance. The issue is a Cross-Site Scripting (XSS) vulnerability caused by insecure URI handling, enabling an attacker to execute arbitrary JavaScript in a user’s browser and potentially perform clipboard hijacking or session hijackin...

6.1CVSS6.4AI score0.21028EPSS
Exploits4References4Affected Software1
Veracode
Veracode
added 2022/03/01 7:33 a.m.26 views

Cross-site Scripting (XSS)

getgrav/grav is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to invalid input validation in the detectXss function in the Security.php file which allows remote attackers to inject and execute arbitrary javascript code in the victim's browser...

4.6CVSS5.8AI score0.01343EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2022/03/01 12:0 a.m.24 views

JetBrains YouTrack Cross-Site Scripting Vulnerability (CNVD-2022-20142)

JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. A cross-site scripting vulnerability exists in previous versions of JetBrains YouTrack 2021.4.36872, which stems from the lack of data validation filtering of user-supplied data and...

5.4CVSS2.4AI score0.00553EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/01 12:0 a.m.27 views

JetBrains YouTrack Cross-Site Scripting Vulnerability (CNVD-2022-20143)

JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. A cross-site scripting vulnerability exists in versions prior to JetBrains YouTrack 2021.4.31698, which stems from a lack of data validation filtering of user-supplied data and output...

5.4CVSS2.4AI score0.00553EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/28 12:0 a.m.19 views

BloofoxCms Cross-Site Scripting Vulnerability (CNVD-2022-17027)

BloofoxCms is a Php-based text content management system from alexlang24 personal developer. bloofoxCMS suffers from a cross-site scripting vulnerability that stems from the lack of user-supplied data and output data validation filtering in the file and type parameters in index.php. An attacker...

5.4CVSS3AI score0.00479EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/23 12:0 a.m.13 views

WordPress Survey Maker plugin跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Survey Maker plugin 2.0.6 and previous versions have a cross-site scripting vulnerability, which can be exploited by attacke...

6.1CVSS2.4AI score0.0082EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/22 8:10 p.m.33 views

Security Bulletin: WebSphere Application Server Liberty vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4663 and CVE-2019-4720)

Summary Security vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Control formerly Tivoli Storage Productivity Center. IBM Spectrum Control has addressed the following CVEs. Vulnerability Details CVEID: CVE-2019-4720 DESCRIPTION: IBM WebSphere Application Server 7.0...

7.5CVSS7.1AI score0.02155EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/02/16 12:0 a.m.16 views

WordPress PowerPack Lite for Beaver Builder plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of the WordPress PowerPack Lite for Beaver Builder plugin...

6.1CVSS2.4AI score0.00863EPSS
Exploits2References1
Huntr
Huntr
added 2022/02/13 2:30 a.m.24 views

Cross-site Scripting (XSS) - Stored in librenms/librenms

Description Stored XSS in create/modify Transport Groups, Add/Edit Service and Edit Service Template Proof of Concept Payload: ' PoC image: Xss payload in create/modify Transport Groups Xss payload in Add/Edit Service Xss payload in Edit Service Template XSS will fire-up by user visiting: 1...

3.5CVSS5.3AI score0.00834EPSS
Exploits1
CNVD
CNVD
added 2022/02/13 12:0 a.m.18 views

OIC Exponent CMS Cross-Site Scripting Vulnerability (CNVD-2022-33604)

OIC Exponent CMS is a free, open source PHP-based modular content management system CMS from OIC, Inc. The system supports editing directly in the page and provides user management, site configuration, content editing and other functions. oic Exponent CMS has a cross-site scripting vulnerability,...

5.4CVSS0.7AI score0.03033EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/13 12:0 a.m.24 views

XWiki Platform Cross-Site Scripting Vulnerability (CNVD-2022-13407)

Xwiki Platform is a wiki platform for creating web collaboration applications from the French company Xwiki. XWiki Platform is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output in registerinline, which could be...

7.4CVSS1.8AI score0.01008EPSS
Exploits0References1
Huntr
Huntr
added 2022/02/12 9:28 p.m.29 views

Cross-site Scripting (XSS) - Generic in librenms/librenms

Description Cross-Site Scripting vulnerability in LibreNMS v22.1.0 which allows attackers to execute arbitrary javascript code which affected Alerts module Alert Transport in Transport name field. Proof of Concept Endpoint: 1 POST http://HOST/ajaxform.php - Parameter name Payload: ' XSS will...

4.3CVSS0.2AI score0.00983EPSS
Exploits1
NVD
NVD
added 2022/02/11 4:15 p.m.11 views

CVE-2021-42940

A Cross Site Scripting XSS vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code...

9.9CVSS0.01068EPSS
Exploits1References2
Prion
Prion
added 2022/02/11 4:15 p.m.17 views

Cross site scripting

A Cross Site Scripting XSS vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code...

3.5CVSS8.2AI score0.01068EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2022/02/10 11:42 p.m.64 views

Cross-site Scripting in aurelia-framework

The HTMLSanitizer class in html-sanitizer.ts in all released versions of the Aurelia framework 1.x repository is vulnerable to XSS. The sanitizer only attempts to filter SCRIPT elements, which makes it feasible for remote attackers to conduct XSS attacks via for example JavaScript code in an...

6.1CVSS2.2AI score0.01416EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2022/02/10 10:29 p.m.19 views

GHSA-VP4X-94FF-2CMV Cross-site scripting in forkcms

Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigationtitle" parameter and the "title" parameter in /private/en/pages/add...

6.1CVSS6.2AI score0.00844EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2022/02/10 4:51 p.m.44 views

CVE-2022-22589

A vulnerability was found in WebKitGTK. The vulnerability exists due to improper input validation in WebKit when processing email messages. This flaw allows a remote attacker to trick the victim into opening a specially crafted email message and execute arbitrary JavaScript code...

7.6CVSS4.5AI score0.01973EPSS
Exploits0References4
CNVD
CNVD
added 2022/02/10 12:0 a.m.20 views

Emlog Cross-Site Scripting Vulnerability (CNVD-2022-11528)

Emlog is a PHP and MySQL-based CMS website builder from Emlog personal developers. Emlog suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker could use this vulnerability to execute JavaScript code ...

4.8CVSS3.1AI score0.00617EPSS
Exploits1References1
Rows per page
Query Builder