Lucene search
K

4739 matches found

Prion
Prion
added 2021/09/23 6:15 p.m.18 views

Cross site scripting

IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

3.5CVSS5.2AI score0.0048EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/09/23 6:5 p.m.22 views

CVE-2021-29810

IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbusGUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

6.4CVSS5.4AI score0.0048EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/09/23 5:10 p.m.21 views

CVE-2021-20484

IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...

5.4CVSS5.3AI score0.0048EPSS
Exploits0References2
CNVD
CNVD
added 2021/09/22 12:0 a.m.11 views

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI Cross-Site Scripting Vulnerability (CNVD-2021-101977)

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbusGUI are both products of IBM Corporation, U.S.A. IBM Jazz for Service Management is an integrated service management product that provides visibility into the service management environment. IBM Tivoli Netcool/OMNIbusGUI is a graphical...

5.4CVSS2.7AI score0.00522EPSS
Exploits0References1
Prion
Prion
added 2021/09/20 5:15 p.m.9 views

Cross site scripting

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbusGUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

3.5CVSS5.2AI score0.00522EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/09/20 4:45 p.m.8 views

CVE-2021-29819

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbusGUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

5.4CVSS5.4AI score0.00522EPSS
Exploits0References2
NVD
NVD
added 2021/09/15 1:15 p.m.13 views

CVE-2021-39307

PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code...

6.1CVSS0.0108EPSS
Exploits1References2
Apple
Apple
added 2021/09/15 12:0 a.m.102 views

About the security content of iTunes U 3.8.3

About the security content of iTunes U 3.8.3 This document describes the security content of iTunes U 3.8.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

6.1CVSS6.6AI score0.01797EPSS
Exploits1References1Affected Software1
Hacker One
Hacker One
added 2021/09/14 2:50 a.m.12 views

Judge.me : Blind XSS via Feedback form.

Summary: Hi Team, I found Blind XSS which is triggered on the admin panel. I was trying to add widgets on the installation page for default theme. When the installation was done, I saw a question like that Are you happy with how everything looks?. I clicked the No, please remove all widgets butto...

6.1AI score
Exploits0
Huntr
Huntr
added 2021/09/11 5:32 a.m.13 views

Cross-site Scripting (XSS) - Stored in alanaktion/phproject

✍️ Description stored xss via svg file upload 🕵️‍♂️ Proof of Concept Here i uses demo site https://demo.phproject.org .\ 1. First goto any project and upload a svg file https://github.com/ranjit-git/poc/blob/master/evilsvgfile.svg .\ 2. Now open this svg file using url like...

7.4AI score
Exploits0
OSV
OSV
added 2021/09/09 5:11 p.m.14 views

GHSA-JF9V-Q8VH-3FMC Cross-site scripting in ICEcoder

In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the GET'replace' variable. As a result, arbitrary Javascript code can get executed...

5.4CVSS5.3AI score0.00859EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2021/09/09 5:8 p.m.52 views

Cross-site Scripting in LibreNMS

In LibreNMS description variable. As a result, arbitrary Javascript code can get executed...

5.4CVSS2.9AI score0.00753EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2021/09/09 2:29 p.m.1 views

Arbitrary File Upload

Overview plupload is a Plupload is JavaScript API for building file uploaders. It supports multiple file selection, file filtering, chunked upload, client side image downsizing and when necessary can fallback to alternative runtimes, like Flash and Silverlight. Affected versions of this package a...

8.8CVSS7AI score0.00993EPSS
Exploits0References2
CNVD
CNVD
added 2021/09/09 12:0 a.m.19 views

LibreNMS Cross-Site Scripting Vulnerability (CNVD-2021-93896)

LibreNMS is a PHP/MYSQL/SNMP-based open source monitoring tool. a stored cross-site scripting vulnerability exists in API access pages in versions of LibreNMS prior to 21.3.0. The vulnerability stems from insufficient validation of the $api-description variable. An attacker could use this...

5.4CVSS4.9AI score0.00753EPSS
Exploits0References1
Prion
Prion
added 2021/09/08 6:15 p.m.21 views

Cross site scripting

In LibreNMS description variable. As a result, arbitrary Javascript code can get executed...

3.5CVSS5.2AI score0.00753EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/09/08 5:12 p.m.19 views

CVE-2021-31274

In LibreNMS description variable. As a result, arbitrary Javascript code can get executed...

5.4AI score0.00753EPSS
Exploits0References3
CNVD
CNVD
added 2021/09/08 12:0 a.m.11 views

WordPress plugin Picture Gallery 'Edit Content URL' cross-site scripting vulnerability

WordPress is a blogging platform based on the PHP language that can be used to host websites on servers that support PHP and MySQL databases, and can also be used as a content management system CMS. WordPress plugin Picture Gallery 'Edit Content URL' has a cross-site scripting vulnerability that...

1AI score
Exploits0Affected Software1
Fortinet
Fortinet
added 2021/09/07 12:0 a.m.38 views

Protect

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS may allow a remote unauthenticated attacker to either redirect users to malicious websites via a crafted "Host" header or to execute JavaScript code in the victim's browser context...

6.8AI score0.00356EPSS
Exploits0Affected Software1
Huntr
Huntr
added 2021/09/06 1:20 p.m.13 views

Cross-site Scripting (XSS) - Reflected in btcpayserver/btcpayserver

✍️ Description XSS payload is triggered during editing and saving text included near the payment button. 🕵️‍♂️ Proof of Concept " In the app, settings try editing already included product. drop the payload in the Buy Button Text and save it hence the payload will be triggered. 💥 Impact Execution of...

4.3CVSS0.3AI score0.00746EPSS
Exploits1
NVD
NVD
added 2021/09/05 2:15 p.m.10 views

CVE-2021-23439

This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded a user needs to be tricked into uploading such a file...

6.1CVSS0.00893EPSS
Exploits0References3
Rows per page
Query Builder