Lucene search
K

4739 matches found

OSV
OSV
added 2021/10/05 1:15 p.m.26 views

CVE-2021-39878

A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code...

5.4CVSS6.1AI score0.0078EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2021/10/05 1:15 p.m.22 views

CVE-2021-39878

A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code...

5.8CVSS6.2AI score0.0078EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2021/10/05 12:17 p.m.17 views

CVE-2021-39878

Removed by vendor...

5.8CVSS6.1AI score0.0078EPSS
Exploits0
OSV
OSV
added 2021/10/05 12:15 p.m.20 views

CVE-2021-39887

A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf...

5.4CVSS6.1AI score0.00837EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2021/10/05 12:0 a.m.17 views

Simple Download Monitor < 3.9.5 - Contributor+ Stored Cross-Site Scripting via File Thumbnail

The plugin does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. Given the that XSS is triggered even when the Download is in a review state, contributor could ma...

9CVSS1AI score0.01241EPSS
Exploits2Affected Software1
NVD
NVD
added 2021/10/04 5:15 p.m.13 views

CVE-2021-39885

A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious...

8.7CVSS0.00951EPSS
Exploits1References3
Prion
Prion
added 2021/10/04 5:15 p.m.19 views

Cross site scripting

A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious...

3.5CVSS5.8AI score0.00951EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2021/10/04 4:33 p.m.51 views

CVE-2021-39885

Removed by vendor...

8.7CVSS6AI score0.00951EPSS
Exploits1
NVD
NVD
added 2021/10/04 12:15 p.m.23 views

CVE-2021-41878

A reflected cross-site scripting XSS vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console and it is possible to insert a vulnerable malicious button...

6.1CVSS0.09912EPSS
Exploits4References3
Cvelist
Cvelist
added 2021/10/04 11:58 a.m.28 views

CVE-2021-41878

A reflected cross-site scripting XSS vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console and it is possible to insert a vulnerable malicious button...

6AI score0.09912EPSS
Exploits4References3
CVE
CVE
added 2021/10/04 11:58 a.m.143 views

CVE-2021-41878

CVE-2021-41878 affects i-Panel Administration System 2.0. A reflected cross-site scripting (XSS) flaw allows remote attackers to execute arbitrary JavaScript in the browser-based web console. PoCs show crafted URLs (e.g., /lostpassword.php/…) injecting script; multiple public writeups and exploit...

6.1CVSS5.8AI score0.09912EPSS
Exploits4References3Affected Software1
CNNVD
CNNVD
added 2021/10/04 12:0 a.m.6 views

i-Panel Administration System 跨站脚本漏洞

The i-Panel Administration System is a management system. A cross-site scripting vulnerability exists in i-Panel Administration System version 2.0, which can be exploited by a remote attacker to execute arbitrary JavaScript code in a browser-based web console...

6.1CVSS6.5AI score0.09912EPSS
Exploits4References6
NVD
NVD
added 2021/10/01 3:15 p.m.17 views

CVE-2021-29109

A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser...

6.1CVSS0.0072EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/10/01 2:51 p.m.16 views

CVE-2021-29109 A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9.

A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser...

6.1CVSS6.4AI score0.0072EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/10/01 2:51 p.m.8 views

CVE-2021-29109 A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9.

A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser...

6.1CVSS6.6AI score0.0072EPSS
Exploits0References1
Veracode
Veracode
added 2021/09/30 7:48 a.m.19 views

Cross-site Scripting (XSS)

zoneminder:edge is vulnerable to denial of service. Stored XSS in the Filters page Name field in ZoneMinder allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page...

5.4CVSS4AI score0.00863EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/09/30 12:0 a.m.31 views

SUSE SLES15 Security Update : rabbitmq-server (SUSE-SU-2021:3254-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3254-1 advisory. - CVE-2021-32718: Fixed improper neutralization of script-related HTML tags in a web page basic XSS in management UI bsc1187818. -...

7.5CVSS6.2AI score0.01437EPSS
Exploits2References11
CNVD
CNVD
added 2021/09/24 12:0 a.m.16 views

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI Cross-Site Scripting Vulnerability (CNVD-2021-94310)

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbusGUI are both products of IBM Corporation, U.S.A. IBM Jazz for Service Management is an integrated service management product that provides visibility into the service management environment. IBM Tivoli Netcool/OMNIbusGUI is a graphical...

6.4CVSS3.6AI score0.0048EPSS
Exploits0References1
CNVD
CNVD
added 2021/09/24 12:0 a.m.23 views

IBM Jazz for Service Management Cross-Site Scripting Vulnerability (CNVD-2021-99674)

Jazz is IBM Rational's next-generation collaboration platform for software delivery technology.The Jazz platform has been carefully designed and developed specifically for global and geographically diverse teams, and will change the way people collaborate to build software - improving the...

6.4CVSS5.5AI score0.0048EPSS
Exploits0References1
CNVD
CNVD
added 2021/09/24 12:0 a.m.19 views

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI Cross-Site Scripting Vulnerability (CNVD-2021-94312)

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbusGUI are both products of IBM Corporation, U.S.A. IBM Jazz for Service Management is an integrated service management product that provides visibility into the service management environment. IBM Tivoli Netcool/OMNIbusGUI is a graphical...

6.4CVSS2.7AI score0.0048EPSS
Exploits0References1
Rows per page
Query Builder