Lucene search
K

4739 matches found

NVD
NVD
added 2022/01/13 10:15 p.m.16 views

CVE-2021-34994

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DataProvider...

8.8CVSS0.05789EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/01/13 9:44 p.m.25 views

CVE-2021-34994

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DataProvider...

8.8CVSS9.2AI score0.05789EPSS
Exploits0References1
NVD
NVD
added 2022/01/13 5:15 p.m.17 views

CVE-2022-22123

In Halo, versions v1.0.0 to v1.4.17 latest are vulnerable to Stored Cross-Site Scripting XSS in the article title. An authenticated attacker can inject arbitrary javascript code that will execute on a victim’s server...

5.4CVSS0.00708EPSS
Exploits1References3
NVD
NVD
added 2022/01/13 5:15 p.m.13 views

CVE-2022-22125

In Halo, versions v1.0.0 to v1.4.17 latest are vulnerable to Stored Cross-Site Scripting XSS in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server...

4.8CVSS0.00828EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/01/13 4:45 p.m.15 views

CVE-2022-22125 Halo CMS - Stored Cross-Site Scripting (XSS) in Article's Tag

In Halo, versions v1.0.0 to v1.4.17 latest are vulnerable to Stored Cross-Site Scripting XSS in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server...

4.8CVSS5AI score0.00828EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/01/13 4:45 p.m.24 views

CVE-2022-22123 Halo CMS - Stored Cross-Site Scripting (XSS) in Article's Title

In Halo, versions v1.0.0 to v1.4.17 latest are vulnerable to Stored Cross-Site Scripting XSS in the article title. An authenticated attacker can inject arbitrary javascript code that will execute on a victim’s server...

5.4CVSS5.4AI score0.00708EPSS
Exploits1References3
OSV
OSV
added 2022/01/12 1:15 p.m.5 views

CVE-2021-44649

Django CMS 3.7.3 does not validate the plugintype parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting XSS vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user...

5.4CVSS5.4AI score
Exploits0References2
Prion
Prion
added 2022/01/12 1:15 p.m.17 views

Cross site scripting

Django CMS 3.7.3 does not validate the plugintype parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting XSS vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user...

3.5CVSS5.4AI score0.00617EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2022/01/10 4:15 p.m.15 views

CVE-2022-22116

In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting XSS vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim’s browser when they open the image...

5.4CVSS0.00633EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/01/10 3:26 p.m.24 views

CVE-2022-22116 Directus - Stored Cross-Site Scripting (XSS) via SVG File Upload

In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting XSS vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim’s browser when they open the image...

5.4CVSS5.3AI score0.00633EPSS
Exploits1References2
CNVD
CNVD
added 2022/01/08 12:0 a.m.14 views

Apache Pluto Cross-Site Scripting Vulnerability (CNVD-2022-02488)

Apache Pluto is a runtime environment for a set of Portlet containers from the Apache Foundation.Apache Pluto in version 3.1.0 has a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied and output data in the first name and last name fields. An...

6.1CVSS3.4AI score0.02327EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/01/06 6:32 p.m.33 views

AjaxNetProfessional deserializes arbitrary JavaScript objects

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the possibility of deserialization of arbitrary JavaScript objects. Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise...

8.7CVSS5.8AI score0.00824EPSS
Exploits0References5Affected Software1
Malwarebytes
Malwarebytes
added 2022/01/06 11:59 a.m.15 views

Card skimmers strike Sotheby’s in Brightcove supply chain attack

Over 100 real estate websites have been compromised by the same web skimmer in a supply chain attack. So what happened? On Monday, January 3, Palo Alto said it had found a supply chain attack that used a cloud video platform to distribute skimmer campaigns. The attacker injected the skimmer’s...

0.3AI score
Exploits0
CNVD
CNVD
added 2022/01/06 12:0 a.m.12 views

Latte Cross-Site Scripting Vulnerability

Latte is a template engine for Nette Foundation's Php. Latte in version 2.8.0 contains a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit this vulnerability to execute JavaScript code on the client...

8.2CVSS3.2AI score0.00817EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/06 12:0 a.m.26 views

WordPress CRM Form Entries Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress CRM Form Entries Plugin has a cross-site scripting vulnerability in versions prior to 1.1.7, which ste...

6.1CVSS1.4AI score0.842EPSS
Exploits5References1
CNVD
CNVD
added 2021/12/30 12:0 a.m.12 views

ifme Cross-Site Scripting Vulnerability

Ifme is open source a mental health experience community that encourages people to share their personal stories with trusted allies. Ifme suffers from a cross-site scripting vulnerability in versions v7.22.0 through v7.31.4, which stems from a lack of checksum filtering of user-supplied data and...

5.4CVSS5.3AI score0.00615EPSS
Exploits1References1
CNVD
CNVD
added 2021/12/29 12:0 a.m.12 views

SAFARI Montage Cross-Site Scripting Vulnerability

SAFARI Montage is a formative assessment tool from safarimontage that enables teachers to check students' understanding of topics or concepts during the course. A cross-site scripting vulnerability exists in SAFARI Montage versions 8.3 and 8.5, which can be exploited by an attacker to execute...

6.1CVSS5.9AI score0.03394EPSS
Exploits4References1
CNVD
CNVD
added 2021/12/29 12:0 a.m.19 views

NUUO Network Video Recorder NVRsolo Cross-Site Scripting Vulnerability

NUUO Network Video Recorder NVR is a network video recorder from NUUO, Taiwan, China. A cross-site scripting vulnerability exists in NUUO Network Video Recorder NVRsolo version 3.9.1, which stems from the lack of effective filtering and escaping of user-submitted request parameters, and can be...

6.1CVSS6AI score0.008EPSS
Exploits1References1
CNVD
CNVD
added 2021/12/28 12:0 a.m.13 views

IBM OPENBMC Cross-Site Scripting Vulnerability

IBM OPENBMC is a POWER8 and POWER9 emulator from International Business Machines Corporation Ibm. IBM OPENBMC has a cross-site scripting vulnerability in version OP910 that stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability...

6.1CVSS6AI score0.00632EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/28 12:0 a.m.14 views

WordPress Tickera plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers.Tickera plugin in versions prior to 3.4.8.3 suffers from a cross-site scripting vulnerability, which stems from a...

6.1CVSS1.5AI score0.01167EPSS
Exploits2References1
Rows per page
Query Builder