Lucene search
K

4739 matches found

Github Security Blog
Github Security Blog
added 2021/12/02 5:52 p.m.34 views

Cross-site Scripting in pekeupload

This affects all versions of package pekeupload. If an attacker induces a user to upload a file whose name contains javascript code, the javascript code will be executed...

6.1CVSS3.2AI score0.00813EPSS
Exploits1References4Affected Software1
CNVD
CNVD
added 2021/12/01 12:0 a.m.18 views

Hexo cross-site scripting vulnerability

Hexo is a fast, simple and powerful blogging framework from the personal developer Tommy Chen in China. Hexo suffers from a cross-site scripting vulnerability that stems from Hexo's lack of data validation filtering of user-supplied data and output. An attacker could exploit this vulnerability to...

5CVSS3AI score0.00328EPSS
Exploits0References1
CNVD
CNVD
added 2021/11/30 12:0 a.m.21 views

WordPress Stylish Cost Calculator plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL.A cross-site scripting vulnerability exists in the WordPress Stylish Cost Calculator plugin, which stems...

5.4CVSS1.3AI score0.00307EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/11/30 12:0 a.m.32 views

LiteSpeed Cache < 4.4.4 - Admin+ Reflected Cross-Site Scripting

The plugin does not escape the qcres parameter before outputting it back in the JS code of an admin page, leading to a Reflected Cross-Site Scripting PoC As admin, enter the following payload in the Domain Key setting of the plugin: Then open...

4.8CVSS0.1AI score0.00654EPSS
Exploits2References1Affected Software1
CNVD
CNVD
added 2021/11/23 12:0 a.m.24 views

Open-xchange OX App Suite Cross-Site Scripting Vulnerability (CNVD-2021-90754)

Open-xchange OX App Suite is a Web cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A cross-site scripting vulnerability exists in Open-xchange OX App Suite, which can be exploited by...

6.1CVSS4AI score0.01261EPSS
Exploits3References1
NVD
NVD
added 2021/11/22 5:15 p.m.24 views

CVE-2021-23673

This affects all versions of package pekeupload. If an attacker induces a user to upload a file whose name contains javascript code, the javascript code will be executed...

6.1CVSS0.00813EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/11/22 5:0 p.m.34 views

CVE-2021-23673 Cross-site Scripting (XSS)

This affects all versions of package pekeupload. If an attacker induces a user to upload a file whose name contains javascript code, the javascript code will be executed...

5.4CVSS6.5AI score0.00813EPSS
Exploits1References2
CVE
CVE
added 2021/11/22 5:0 p.m.38 views

CVE-2021-23673

CVE-2021-23673 affects all versions of the jQuery plugin pekeupload . An attacker can induce a user to upload a file whose name contains JavaScript, which will be executed in the user’s browser, enabling a Cross-site Scripting (XSS) attack. The vulnerability is documented across multiple sources ...

6.1CVSS5.9AI score0.00813EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2021/11/22 9:15 a.m.14 views

CVE-2021-38377

OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results...

6.1CVSS0.01119EPSS
Exploits3References3
CNVD
CNVD
added 2021/11/21 12:0 a.m.20 views

WordPress My Tickets plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress My Tickets plugin in versions prior to 1.8.31 suffers from a cross-site scripting vulnerability...

6.1CVSS1.6AI score0.01167EPSS
Exploits2References1
CNVD
CNVD
added 2021/11/21 12:0 a.m.16 views

WordPress QR Redirector plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress QR Redirector plugin in versions prior to 1.6.1,...

5.4CVSS5.2AI score0.00604EPSS
Exploits2References1
CNVD
CNVD
added 2021/11/21 12:0 a.m.23 views

WordPress Sprout Invoices plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Sprout Invoices plugin has a cross-site scripting vulnerability in versions prior to 19.9.7, whic...

4.8CVSS1.6AI score0.00598EPSS
Exploits2References1
CNVD
CNVD
added 2021/11/21 12:0 a.m.20 views

WordPress Accept Donations with PayPal plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress Accept Donations with PayPal plugin has a cross-site scripting vulnerability in versions prior to 1.3.2, which stems...

4.8CVSS2.2AI score0.00598EPSS
Exploits2References1
CNVD
CNVD
added 2021/11/21 12:0 a.m.21 views

SmarterMail Cross-Site Scripting Vulnerability

SmarterMail is a mail server software from Smartertools, Inc. The software supports spam filtering, statistics, and simple mail transfer protocol SMTP authentication.SmarterMail has a cross-site scripting vulnerability in 16.x through 100.x. The vulnerability stems from a lack of data validation...

6.1CVSS1.7AI score0.00568EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/11/18 12:0 a.m.50 views

Drupal 8.9.x < 8.9.20 / 9.1.x < 9.1.14 / 9.2.x < 9.2.9 Multiple Vulnerabilities (drupal-2021-11-17)

According to its self-reported version, the instance of Drupal running on the remote web server is 8.9.x prior to 8.9.20, 9.1.x prior to 9.1.14, or 9.2.x prior to 9.2.9. It is, therefore, affected by multiple vulnerabilities. - CKEditor4 is an open source WYSIWYG HTML editor. In affected versions...

8.2CVSS6.5AI score0.0147EPSS
Exploits0References13
OSV
OSV
added 2021/11/17 9:55 p.m.29 views

GHSA-PVMX-G8H5-CPRJ Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML

Affected packages The vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. Impact A potential vulnerability has been discovered in CKEditor 4 Advanced Content Filter ACF core module. The vulnerability allowed to inject malforme...

8.2CVSS6.2AI score0.01257EPSS
Exploits0References10
OSV
OSV
added 2021/11/17 8:15 p.m.23 views

CVE-2021-41165

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result...

5.4CVSS5.2AI score
Exploits0References6
UbuntuCve
UbuntuCve
added 2021/11/17 8:15 p.m.30 views

CVE-2021-41165

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result...

8.2CVSS6.7AI score0.0147EPSS
Exploits0References5
Prion
Prion
added 2021/11/17 8:15 p.m.22 views

Design/Logic Flaw

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result...

3.5CVSS5.7AI score0.0147EPSS
Exploits0References6Affected Software9
Cvelist
Cvelist
added 2021/11/17 7:15 p.m.23 views

CVE-2021-41165 HTML comments vulnerability allowing to execute JavaScript code

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result...

8.2CVSS8AI score0.0147EPSS
Exploits0References6
Rows per page
Query Builder