Lucene search
K

4739 matches found

Tenable Nessus
Tenable Nessus
added 2021/10/13 12:0 a.m.23 views

FreeBSD : couchdb -- user privilege escalation (a7dd4c2d-77e4-46de-81a2-c453c317f9de)

Cory Sabol reports : A malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will...

6.8CVSS6.2AI score0.01187EPSS
Exploits0References3
CNVD
CNVD
added 2021/10/13 12:0 a.m.19 views

WordPress Simple Social Media Share Buttons plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of WordPress Simple Social Media Share Buttons plugin prior...

4.8CVSS2.2AI score0.00598EPSS
Exploits2References1
0day.today
0day.today
added 2021/10/13 12:0 a.m.321 views

myfactory.FMS 7.1-911 Cross Site Scripting Vulnerability

Cross-Site Scripting in myfactory.FMS During a penetration test, a reflected cross-site scripting vulnerability XSS was found in the myfactory.FMS login form. If a user opens an attacker-prepared link to the application, attackers can run arbitrary JavaScript code in the user's browser. Details...

6.1CVSS6.3AI score0.05832EPSS
Exploits4
CNVD
CNVD
added 2021/10/12 12:0 a.m.11 views

Opensis Cross-Site Scripting Vulnerability (CNVD-2021-101538)

openSIS is a free and open source student information system/school management software. openSIS version 8.0 contains a cross-site scripting vulnerability. An attacker can exploit the vulnerability to inject and execute JavaScript code via the linkurl parameter in Ajaxurlencode.php...

6.1CVSS4.5AI score0.02998EPSS
Exploits1References1
NVD
NVD
added 2021/10/11 1:15 p.m.12 views

CVE-2021-40542

Opensis-Classic Version 8.0 is affected by cross-site scripting XSS. An unauthenticated user can inject and execute JavaScript code through the linkurl parameter in Ajaxurlencode.php...

6.1CVSS0.02998EPSS
Exploits1References1
OSV
OSV
added 2021/10/11 1:15 p.m.15 views

CVE-2021-40542

Opensis-Classic Version 8.0 is affected by cross-site scripting XSS. An unauthenticated user can inject and execute JavaScript code through the linkurl parameter in Ajaxurlencode.php...

6.1CVSS6.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/10/10 12:0 a.m.35 views

SUSE SLES15 Security Update : rabbitmq-server (SUSE-SU-2021:3325-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3325-1 advisory. - CVE-2021-32718: Fixed improper neutralization of script-related HTML tags in a web page basic XSS in management UI bsc1187818. -...

7.5CVSS6.2AI score0.01437EPSS
Exploits2References11
CNVD
CNVD
added 2021/10/09 12:0 a.m.22 views

IBM Sterling File Gateway Cross-Site Scripting Vulnerability (CNVD-2021-78438)

IBM Sterling File Gateway is an application for transferring files between internal and external partners, allowing you to more securely and reliably transfer files with trading partners.IBM Sterling File Gateway versions 2.2.0.0-5.2.6.54, 6.0.0.0-6.0.0.6, 6.0 .1.0-6.0.3.4, and 6.1.0.0-6.1.0.2...

6.1CVSS3.1AI score0.00616EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/09 12:0 a.m.6 views

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2021-88192)

IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting vulnerability exists in IBM Sterling B...

5.4CVSS6.2AI score0.00445EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/09 12:0 a.m.19 views

Zammad Cross-Site Scripting Vulnerability (CNVD-2021-81956)

Zammad is a Web-based open source help desk/customer support system. An attacker could upload an attachment to a "work order" via an "article", which could be exploited to inject malicious JavaScript code...

3.5CVSS1.6AI score0.00503EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2021/10/08 12:0 a.m.17 views

Esri Portal for ArcGIS Cross-Site Scripting Vulnerability

Esri Portal for ArcGIS is a Web-oriented, enterprise-class software platform for providing geolocation services from Esri, Inc. A cross-site scripting vulnerability exists in Esri Portal for ArcGIS 10.9 and prior versions, which stems from the application's lack of validation of user input and...

6.1CVSS3.6AI score0.0072EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/08 12:0 a.m.17 views

Spotweb Cross-Site Scripting Vulnerability (CNVD-2021-83615)

Spotweb is a Php-based Soptnet client that follows the Spotnet protocol from the Spotweb team. 1.5.1 and previous versions of Spotweb have a cross-site scripting vulnerability that can be exploited by attackers to execute JavaScript code on the client side...

4.3CVSS4.3AI score0.02204EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2021/10/08 12:0 a.m.12 views

Spotweb Cross-Site Scripting Vulnerability (CNVD-2021-83612)

Spotweb is a Php-based Soptnet client that follows the Spotnet protocol from the Spotweb team. 1.5.1 and previous versions of Spotweb have a cross-site scripting vulnerability that can be exploited by attackers to execute JavaScript code on the client side...

4.3CVSS4.3AI score0.02214EPSS
Exploits1Affected Software1
Prion
Prion
added 2021/10/07 6:15 p.m.19 views

Cross site scripting

IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

3.5CVSS5.2AI score0.00445EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2021/10/05 2:15 p.m.32 views

CVE-2021-22261

A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's...

7.3CVSS0.00951EPSS
Exploits0References3
OSV
OSV
added 2021/10/05 2:15 p.m.28 views

CVE-2021-22261

A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's...

4.8CVSS6.3AI score0.00951EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2021/10/05 2:15 p.m.30 views

CVE-2021-22261

A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's...

7.3CVSS6.9AI score0.00951EPSS
Exploits0References4
Prion
Prion
added 2021/10/05 2:15 p.m.16 views

Cross site scripting

A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's...

3.5CVSS4.9AI score0.00951EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/10/05 1:59 p.m.38 views

CVE-2021-22261

A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's...

7.3CVSS6.8AI score0.00951EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2021/10/05 1:59 p.m.22 views

CVE-2021-22261

Removed by vendor...

7.3CVSS6.5AI score0.00951EPSS
Exploits0
Rows per page
Query Builder