Lucene search
K

4739 matches found

Prion
Prion
added 2021/09/05 2:15 p.m.11 views

Design/Logic Flaw

This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded a user needs to be tricked into uploading such a file...

4.3CVSS6.1AI score0.00893EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/09/05 2:10 p.m.14 views

CVE-2021-23439 Cross-site Scripting (XSS)

This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded a user needs to be tricked into uploading such a file...

4.2CVSS6.4AI score0.00893EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/09/01 6:40 p.m.41 views

XSS vulnerability on password reset page

Impact For Mautic versions prior to 3.3.4, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, "bundle," in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password...

6.3CVSS0.5AI score0.04086EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2021/09/01 5:15 p.m.23 views

CVE-2021-29852

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205528...

5.4CVSS0.00532EPSS
Exploits0References2
Huntr
Huntr
added 2021/08/29 2:39 p.m.12 views

Cross-site Scripting (XSS) - Stored in zmister2016/mrdoc

✍️ Description Stored xss bug allow to execute arbitary javascript code in vicitm account 🕵️‍♂️ Proof of Concept 1. First create a document and put bellow xss payload inside document content .\ xss"''\ 2. Now any user view this document project then xss is executed VIDEO POC --...

0.9AI score
Exploits0
OSV
OSV
added 2021/08/25 8:56 p.m.15 views

GHSA-GX5W-RRHP-F436 XSS in mdBook

This is a cross-post of the official security advisoryml. The official post contains a signed version with our PGP key, as well. ml: https://groups.google.com/g/rustlang-security-announcements/c/3-sO6of29O0 The Rust Security Response Working Group was recently notified of a security issue affecti...

8.2CVSS6.9AI score0.01254EPSS
Exploits0References7
NVD
NVD
added 2021/08/24 7:15 p.m.9 views

CVE-2021-30862

A validation issue was addressed with improved input sanitization. This issue is fixed in iTunes U 3.8.3. Processing a maliciously crafted URL may lead to arbitrary javascript code execution...

6.1CVSS0.01797EPSS
Exploits1References1
Prion
Prion
added 2021/08/24 7:15 p.m.20 views

Input validation

A validation issue was addressed with improved input sanitization. This issue is fixed in iTunes U 3.8.3. Processing a maliciously crafted URL may lead to arbitrary javascript code execution...

4.3CVSS6AI score0.01797EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/08/24 6:49 p.m.117 views

CVE-2021-30862

CVE-2021-30862 affects Apple iTunes U prior to version 3.8.3. It is due to a validation/input sanitization issue that can allow processing of a malicious URL to trigger arbitrary JavaScript code execution. Apple patched this in iTunes U 3.8.3 (HT212809). The vulnerability impacts the iTunes U com...

6.1CVSS6AI score0.01797EPSS
Exploits1References1Affected Software1
Huntr
Huntr
added 2021/08/24 5:8 p.m.17 views

Cross-site Scripting (XSS) - Stored in yourls/yourls

✍️ Description stored xss 🕵️‍♂️ Proof of Concept plz check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1MHQSKVczRNwDC8S6xKuedjMNcQw8YOz5/view?usp=sharing 💥 Impact Stored xss allow to executed arbitary javascript code...

3.5CVSS0.8AI score0.00697EPSS
Exploits1
CNVD
CNVD
added 2021/08/21 12:0 a.m.15 views

rConfig Cross-Site Scripting Vulnerability (CNVD-2021-102379)

rConfig is an open source network configuration management utility. rConfig version 3.9.5 contains a cross-site scripting vulnerability that can be exploited by remote attackers to execute arbitrary JavaScript code by entering a specific payload and saving it...

5.4CVSS4.5AI score0.02006EPSS
Exploits1References1
Veracode
Veracode
added 2021/08/19 8:55 a.m.30 views

Command Injection

CKEditor 4 Fake Objects is vulnerable to command injection vulnerability. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code...

7.3CVSS1.4AI score0.01324EPSS
Exploits0References12Affected Software1
Cvelist
Cvelist
added 2021/08/16 10:48 a.m.18 views

CVE-2021-24410 Telugu Bible Verse Daily <= 1.0 - CSRF to Stored XSS

The తెలుగు బైబిల్ వచనములు WordPress plugin through 1.0 is lacking any CSRF check when saving its settings and verses, and do not sanitise or escape them when outputting them back in the page. This could allow attackers to make a logged in admin change the settings, as well as add malicious verses...

6.2AI score0.00412EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/08/16 12:0 a.m.13 views

Email Artillery <= 4.1 - CSRF to Stored XSS

The plugin does not sanitise, validate or escape its settings, and is lacking any CSRF check before saving them. As a result, an attacker could make a logged in admin change them and put malicious JavaScript code as well, leading to Stored Cross-Site Scripting issues. PoC...

1.4AI score
Exploits0Affected Software1
Huntr
Huntr
added 2021/08/13 3:19 p.m.11 views

Cross-site Scripting (XSS) - Stored in ampache/ampache

✍️ Description This is a stored XSS in the mp3 management library. 🕵️‍♂️ Proof of Concept 1. Edit meta data with Audacity: 2. Create a new playlist that contains this file. 3. Vote an album 1 and then open "Informations" - "Most rated" 2: 💥 Impact By uploading an mp3 with javascript code into meta...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/08/13 3:8 p.m.9 views

Cross-site Scripting (XSS) - Stored in ampache/ampache

✍️ Description This is a stored XSS in the mp3 management library. 🕵️‍♂️ Proof of Concept 1. Edit meta data with Audacity: 2. Create a new playlist that contains this file. 3. Open "New" 1 under "Information" menu: 💥 Impact By uploading an mp3 with javascript code into meta tag could permit an...

1.2AI score
Exploits0
Debian CVE
Debian CVE
added 2021/08/12 11:10 p.m.26 views

CVE-2021-37695

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Fake Objects package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using...

7.3CVSS6.1AI score0.01324EPSS
Exploits0
NVD
NVD
added 2021/08/12 5:15 p.m.16 views

CVE-2021-32808

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing...

7.6CVSS0.01192EPSS
Exploits0References7
OSV
OSV
added 2021/08/12 5:15 p.m.31 views

CVE-2021-32808

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing...

5.4CVSS6.2AI score
Exploits0References7
Cvelist
Cvelist
added 2021/08/12 4:25 p.m.58 views

CVE-2021-32808 Cross-site scripting in ckeditor via abuse of undo functionality

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing...

7.6CVSS6.8AI score0.01192EPSS
Exploits0References7
Rows per page
Query Builder