Lucene search
K

4739 matches found

Debian CVE
Debian CVE
added 2021/11/17 7:15 p.m.38 views

CVE-2021-41165

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result...

8.2CVSS6.4AI score0.0147EPSS
Exploits0
OSV
OSV
added 2021/11/17 7:15 p.m.21 views

CVE-2021-41164

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...

5.4CVSS5.2AI score
Exploits0References8
Prion
Prion
added 2021/11/17 7:15 p.m.65 views

Hardcoded credentials

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...

3.5CVSS6AI score0.01257EPSS
Exploits0References8Affected Software10
0day.today
0day.today
added 2021/11/17 12:0 a.m.425 views

Bludit 3.13.1 - (username) Cross Site Scripting Vulnerability

Exploit Title: Bludit 3.13.1 - 'username' Cross Site Scripting XSS Exploit Author: Vasu tamilanmkv Vendor Homepage: https://www.bludit.com Software Link: https://www.bludit.com/releases/bludit-3-13-1.zip Version: bludit-3-13-1 Tested on: kali linux CVE : CVE-2021-35323 Steps to reproduce 1. Open...

6.1CVSS6.5AI score0.05621EPSS
Exploits4
Debian CVE
Debian CVE
added 2021/11/17 12:0 a.m.69 views

CVE-2021-41164

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...

8.2CVSS6.4AI score0.01257EPSS
Exploits0
NVD
NVD
added 2021/11/16 10:15 a.m.13 views

CVE-2021-25984

In Factor App Framework & Headless CMS forum plugin, versions v1.3.3 to v1.8.30, are vulnerable to stored Cross-Site Scripting XSS at the “post reply” section. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies...

6.1CVSS0.00691EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2021/11/16 9:45 a.m.7 views

CVE-2021-25984 FactorJS - Stored Cross-Site Scripting (XSS) in Post Reply Functionality

In Factor App Framework & Headless CMS forum plugin, versions v1.3.3 to v1.8.30, are vulnerable to stored Cross-Site Scripting XSS at the “post reply” section. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies...

6.1CVSS5.9AI score0.00691EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/11/16 9:45 a.m.16 views

CVE-2021-25983 FactorJS - Reflected Cross-Site Scripting (XSS) in Tags and Categories Functionality

In Factor App Framework & Headless CMS forum plugin, versions v1.3.8 to v1.8.30, are vulnerable to reflected Cross-Site Scripting XSS at the “tags” and “category” parameters in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies...

6.1CVSS6.2AI score0.00691EPSS
Exploits0References2
CNVD
CNVD
added 2021/11/16 12:0 a.m.20 views

IBM Tivoli Key Lifecycle Manager Cross-Site Scripting Vulnerability (CNVD-2021-91634)

IBM Tivoli Key Lifecycle Manager TKLM is a set of key lifecycle management software from IBM Corporation in the United States. The software provides key storage, key maintenance, and key lifecycle management for storage devices.IBM Tivoli Key Lifecycle Manager has a security vulnerability that...

5.4CVSS2.1AI score0.00515EPSS
Exploits0References1
Hacker One
Hacker One
added 2021/11/14 7:42 p.m.16 views

Mail.ru: stand.pw.mail.ru xss

http://stand.pw.mail.ru:9100/news.php?archive=news&type=last"alert1&page=1 payload is:"alert1 Impact Can steal Cookie, Can run javascript code, and get information sensitive...

0.5AI score
Exploits0
Veracode
Veracode
added 2021/11/11 1:17 a.m.8 views

Malicious Package

rc is a malicious package. The package contains a preinstall script that would execute malicious Javascript code to steal passwords from various applications...

2.4AI score
Exploits0
Veracode
Veracode
added 2021/11/11 1:15 a.m.10 views

Malicious Package

coa is a malicious package. The package contains a preinstall script that would execute malicious Javascript code to steal passwords from various applications...

2.6AI score
Exploits0
CNVD
CNVD
added 2021/11/10 12:0 a.m.21 views

WordPress Translate WordPress-Google Language Translator plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. Translate WordPress-Google Language Translator prior to version 6.0.12 suffers from a cross-site scripting vulnerability, which...

4.8CVSS2.1AI score0.00654EPSS
Exploits2References1
CNVD
CNVD
added 2021/11/10 12:0 a.m.17 views

WordPress AddToAny Share Buttons Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress AddToAny Share Buttons plugin in versions prior t...

4.8CVSS4.8AI score0.00654EPSS
Exploits2References1
CNVD
CNVD
added 2021/11/10 12:0 a.m.18 views

WordPress Storefront Footer Text plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Storefront Footer Text plugin in version 1.0.1 an...

4.8CVSS4.9AI score0.00598EPSS
Exploits2References1
Prion
Prion
added 2021/11/08 6:15 p.m.19 views

Cross site scripting

The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is triggered even when the...

6CVSS7.9AI score0.01241EPSS
Exploits2References1Affected Software1
Github Security Blog
Github Security Blog
added 2021/11/08 6:7 p.m.32 views

Cross-site Scripting Vulnerability in GraphQL Playground (distributed by Apollo Server)

Impact In certain configurations, Apollo Server serves the client-side web app "GraphQL Playground" from the same web server that executes GraphQL operations. This web app has access to cookies and other credentials associated with the web server's operations. There is a cross-site scripting...

0.5AI score
Exploits0References2Affected Software1
OSV
OSV
added 2021/11/05 12:15 a.m.19 views

CVE-2021-39906

Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf...

6.1CVSS7.1AI score0.60729EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2021/11/04 11:10 p.m.27 views

CVE-2021-22260

Removed by vendor...

7.7CVSS6.6AI score0.00912EPSS
Exploits1
Debian CVE
Debian CVE
added 2021/11/04 11:4 p.m.28 views

CVE-2021-39906

Removed by vendor...

8.7CVSS6.9AI score0.60729EPSS
Exploits0
Rows per page
Query Builder