Lucene search
K

4739 matches found

CNVD
CNVD
added 2021/12/18 12:0 a.m.13 views

WordPress Shiny Buttons plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. shiny Buttons plugin is a WordPress open source application plugin. the WordPress Shiny Buttons plugin in version 1.1.0...

6.1CVSS1.9AI score0.01167EPSS
Exploits2References1
CNVD
CNVD
added 2021/12/18 12:0 a.m.16 views

WordPress Lets-Box Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language.Lets-Box Plugin is a WordPress open source application plugin.Wordpress Lets-Box Plugin has a cross-site scripting vulnerability in versions prior to 1.15.3, which stems from the Lets-Box Plugin'...

6.1CVSS1.3AI score0.00729EPSS
Exploits0References1
Prion
Prion
added 2021/12/17 5:15 p.m.17 views

Cross site scripting

IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

3.5CVSS5.2AI score0.0048EPSS
Exploits0References2Affected Software2
Ivan 'd0znpp' Novikov
Ivan 'd0znpp' Novikov
added 2021/12/16 10:38 a.m.13 views

What is Clickjacking ❓ Definition and Prevention techniques

Progressed aggressors are persistently cultivating their systems to avoid region. Eventually, they can cover a clearly harmless site page with an immaterial layer containing noxious affiliations. This strategy for assault, known as clickjacking, could make you instigate your webcam or move cash...

6.6AI score
Exploits0
Huntr
Huntr
added 2021/12/12 5:19 p.m.11 views

Cross-site Scripting (XSS) - Stored in tsolucio/corebos

Description Stored XSS via File upload with format .xml in Product module. When opening the attachment, some format files will be rendered and loaded on the browser. So it allows executing arbitrary JavaScript code that was injected into attachment before. Proof of Concept alertdocument.domain;...

0.1AI score
Exploits0
CNVD
CNVD
added 2021/12/12 12:0 a.m.12 views

ZZZCMS Cross-Site Scripting Vulnerability

ZZZCMS is a content management system CMS from the ZZZCMS team in China. ZZZCMS suffers from a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied and output data in the editfile action of /adminxxx/save.php. An attacker could exploit the...

5.4CVSS3.4AI score0.00562EPSS
Exploits1References1
CNVD
CNVD
added 2021/12/12 12:0 a.m.12 views

Gryphon Tower Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in Gryphon Tower, a wireless router from Gryphon. The vulnerability stems from a lack of user-supplied data and output data validation filtering in the url parameter of cgi-bin/luci/siteaccess/, which can be exploited to execute client-side JavaScript...

6.1CVSS1.8AI score0.02557EPSS
Exploits1References1
Huntr
Huntr
added 2021/12/09 11:14 a.m.37 views

Cross-site Scripting (XSS) - Generic in bigbluebutton/bigbluebutton

Description Shared notes panel is vulnerable to XSS when rendering a new note, due to missing username sanitization. Proof of Concept 1. 1.Start a new web conference and share the link with other people 2. 2.A malicious user joins the conference with the following username: 3. 3.As soon as the...

4.3CVSS2.2AI score0.0089EPSS
Exploits1References1
CNVD
CNVD
added 2021/12/09 12:0 a.m.16 views

WordPress Email Log plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.The WordPress Email Log plugin has a cross-site scripting vulnerability in versions prior to 2.4.8, which stems from a lack of...

6.1CVSS2.2AI score0.008EPSS
Exploits2References1
NVD
NVD
added 2021/12/08 12:15 p.m.12 views

CVE-2021-41029

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWLM version 8.6.1 and below allows attacker to store malicious javascript code in the device and trigger it via crafted HTTP requests...

6.4CVSS0.00515EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/12/08 11:53 a.m.13 views

CVE-2021-42752

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute malicious javascript code on victim's host via crafted HTTP requests...

5.4CVSS7.2AI score0.00515EPSS
Exploits0References1
Prion
Prion
added 2021/12/07 11:15 a.m.13 views

Cross site scripting

A stored Cross Site Scripting XSS vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 only feature services may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary...

4.3CVSS6AI score0.00784EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2021/12/07 12:0 a.m.5 views

Unspecified Vulnerability in Plupload

Plupload is a cross-browser, multi-runtime file upload API. A security vulnerability exists in versions of plupload prior to 2.3.9 that allows an attacker to upload and run files containing JavaScript code...

8.8CVSS6.6AI score0.00993EPSS
Exploits0References1
Fortinet
Fortinet
added 2021/12/07 12:0 a.m.17 views

FortiWeb - Reflected cross-site scripting in error controllers

Multiple improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 in FortiWeb may allow an unauthenticated user to inject malicious javascript code into the response webpage via crafted requests to device's error handlers...

4.3CVSS6.5AI score0.00652EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2021/12/06 12:0 a.m.19 views

IBM Cognos Analytics Information Disclosure Vulnerability (CNVD-2021-95138)

IBM Cognos Analytics is a business intelligence software from IBM Corporation. The software includes reports, dashboards and scorecards, and can assist companies in adjusting their decisions by analyzing content such as key factors and key people. IBM Cognos Analytics has a security vulnerability...

6.1CVSS1.8AI score0.009EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/04 12:0 a.m.21 views

Crafter CMS Cross-Site Scripting Vulnerability

Crafter CMS is an open source content management system CMS for digital experience applications.A cross-site scripting vulnerability exists in Crafter CMS, which stems from a lack of data validation filtering of user-supplied data and output. An attacker with a Site role could exploit the...

6.5CVSS2.3AI score0.0043EPSS
Exploits0References1
NVD
NVD
added 2021/12/03 8:15 p.m.19 views

CVE-2021-23562

This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file...

8.8CVSS0.00993EPSS
Exploits0References6
CVE
CVE
added 2021/12/03 8:0 p.m.71 views

CVE-2021-23562

This CVE affects the plupload package prior to v2.3.9. The vulnerability allows a file name containing JavaScript code to be uploaded and executed, requiring social engineering to entice a user to upload such a file. The root cause is insufficient validation of uploaded file names that may contai...

8.8CVSS6.3AI score0.00993EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2021/12/03 8:0 p.m.20 views

CVE-2021-23562 Arbitrary File Upload

This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file...

4.2CVSS8.9AI score0.00993EPSS
Exploits0References6
OSV
OSV
added 2021/12/03 5:15 p.m.2 views

CVE-2021-20493

IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197794...

6.1CVSS6.2AI score0.009EPSS
Exploits0References3
Rows per page
Query Builder