Lucene search
K

4739 matches found

CNVD
CNVD
added 2022/01/25 12:0 a.m.10 views

spotweb Cross-Site Scripting Vulnerability (CNVD-2022-08194)

Spotweb is a Php-based Soptnet client from the Spotweb team that follows the Spotnet protocol. JavaScript code...

5.4CVSS1.9AI score0.0088EPSS
Exploits1References1
0day.today
0day.today
added 2022/01/25 12:0 a.m.312 views

TYPO3 femanager 6.3.0 Cross Site Scripting Vulnerability

======================================================================= title: Stored Cross-Site Scripting vulnerability product: TYPO3 extension "femanager" vulnerable version: 6.0.0 - 6.3.0 and 5.5.0 and below fixed version: 6.3.1 and 5.5.1 CVE number: CVE-2021-36787 impact: Medium homepage:...

5.4CVSS0.01333EPSS
Exploits3
NVD
NVD
added 2022/01/24 8:15 p.m.12 views

CVE-2021-45224

An issue was discovered in COINS Construction Cloud 11.12. In several locations throughout the application, JavaScript code is passed as a URL parameter. Attackers can trivially alter this code to cause malicious behaviour. The application is therefore vulnerable to reflected XSS via malicious UR...

6.1CVSS0.01085EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/01/24 12:0 a.m.4 views

PT-2022-12309 · Unknown · Coins Construction Cloud

Name of the Vulnerable Software and Affected Versions: COINS Construction Cloud version 11.12 Description: An issue was discovered in the application where JavaScript code is passed as a URL parameter in several locations. This allows attackers to alter the code and cause malicious behavior, maki...

6.1CVSS6AI score0.01085EPSS
Exploits1References5
CNVD
CNVD
added 2022/01/23 12:0 a.m.20 views

microweber cross-site scripting vulnerability

Microweber is an online store management system from the Microweber community in the United States that provides drag-and-drop functionality. The system includes modules for adding products, images, etc. A cross-site scripting vulnerability exists in microweber, which stems from a lack of data...

7.2CVSS2.5AI score0.00728EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/23 12:0 a.m.36 views

WordPress WP HTML Mail plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress WP HTML Mail plugin in version 3.0.9 and earlier is vulnerable to a cross-site scripting vulnerability tha...

8.3CVSS1.1AI score0.70511EPSS
Exploits3References1
CNVD
CNVD
added 2022/01/23 12:0 a.m.17 views

mysiteforme cross-site scripting vulnerability

Mysiteforme is a permission management system. mysiteforme suffers from a cross-site scripting vulnerability that stems from the lack of user-supplied data and output data validation filtering in the blog tagging function of the backend blog management. An attacker could exploit the vulnerability...

5.4CVSS3AI score0.00441EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/23 12:0 a.m.13 views

zulip cross-site scripting vulnerability

Zulip is a powerful open source group chat application from the Zulip team. Used to combine the immediacy of real-time chat with the productivity benefits of threaded conversations. Zulip suffers from a cross-site scripting vulnerability that stems from a lack of data validation filtering of...

6.8CVSS5.3AI score0.0089EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/23 12:0 a.m.19 views

Mitsubishi Electric MC Works64 Cross-Site Scripting Vulnerability

Mitsubishi Electric MC Works64 is a data acquisition and monitoring system SCADA from Mitsubishi Electric Japan. Mitsubishi Electric MC Works64 suffers from a cross-site scripting vulnerability that stems from a lack of checksum filtering of user-supplied data and output. An attacker could exploi...

6.1CVSS6AI score0.01614EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/23 12:0 a.m.26 views

PhpIPAM Cross-Site Scripting Vulnerability (CNVD-2022-08175)

phpIPAM is an open source PHP and MySQL-based IP address management application IPAM. phpIPAM in v1.4.4 is vulnerable to a cross-site scripting vulnerability that stems from a lack of user-supplied data and output data validation filtering in the Site title parameter when updating site settings. ...

4.8CVSS2AI score0.00621EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/21 12:0 a.m.21 views

pimcore Cross-Site Scripting Vulnerability (CNVD-2022-07500)

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce frameworks and product information management applications.Pimcore has cross-site scripting...

6.6CVSS3.3AI score0.0154EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/21 12:0 a.m.18 views

Saraban Cross-Site Scripting Vulnerability

Saraban is a document management system from Softvibe Thailand. It is used for transferring files and notifications to reduce unnecessary duplication.SARABAN has a cross-site scripting vulnerability in version 1.1, which stems from the lack of data validation filtering of user-supplied data and...

5.4CVSS3.2AI score0.00809EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/21 12:0 a.m.21 views

F5 NGINX Controller API Code Injection Vulnerability

The F5 NGINX Controller is a self-service, API-driven platform for managing NGINIX Plus that can be easily integrated into CI/CD workflows to accelerate application deployment and simplify application lifecycle management. user" or "admin" role access and authenticated attackers can use an...

5.5CVSS1.9AI score0.0053EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/18 12:0 a.m.17 views

pimcore Cross-Site Scripting Vulnerability (CNVD-2022-07504)

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce framework and product information management applications. pimcore has a cross-site scripting...

6.1CVSS2.1AI score0.01456EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/18 12:0 a.m.16 views

WordPress WP Booking System plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress WP Booking System plugin has a cross-site scripting vulnerability in versions prior to 2.0.15...

5.4CVSS1.7AI score0.00675EPSS
Exploits2References1
CNVD
CNVD
added 2022/01/18 12:0 a.m.13 views

chaskiq cross-site scripting vulnerability

Chaskiq is an open source messaging platform. Used for marketing, support and sales. Chaskiq suffers from a cross-site scripting vulnerability that stems from a lack of data checksum filtering of user-supplied data and output. An attacker can exploit the vulnerability to execute JavaScript code o...

6.5CVSS6.1AI score0.00616EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/17 12:0 a.m.23 views

Halo cross-site scripting vulnerability (CNVD-2022-08379)

Halo is a personal blogging system for individual developers. Halo suffers from a cross-site scripting vulnerability that originates in Halo, versions v1.0.0 through v1.4.17 latest are susceptible to cross-site scripting XSS stored in the title of a post, which can be exploited by an attacker to...

5.4CVSS5.2AI score0.00708EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/16 12:0 a.m.28 views

Jenkins Badge Plugin Cross-Site Scripting Vulnerability

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins Badge Plugin in version 1.9 and earlier suffers from a cross-site scripting vulnerability that stems from a lac...

5.4CVSS5.6AI score0.00839EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/16 12:0 a.m.23 views

Jenkins Matrix Project Plugin Cross-Site Scripting Vulnerability

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . A cross-site scripting vulnerability exists in Jenkins Matrix Project Plugin in version 1.19 and earlier, which stems...

5.4CVSS5.5AI score0.81842EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/14 12:0 a.m.23 views

WordPress Contact Form Entries Plugin Security Vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress Contact Form Entries Plugin has a cross-site scripting vulnerability in versions prior to 1.2.4, which stems from...

6.1CVSS2.2AI score0.0682EPSS
Exploits4References1
Rows per page
Query Builder