Lucene search
K

4739 matches found

FreeBSD
FreeBSD
added 2021/08/09 12:0 a.m.17 views

couchdb -- user privilege escalation

Cory Sabol reports: A malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will ...

6.8CVSS1AI score0.01187EPSS
Exploits0References1
Huntr
Huntr
added 2021/08/05 2:10 a.m.14 views

Cross-site Scripting (XSS) - Reflected in forkcms/forkcms

✍️ Description The forkcms is vulnerable to XSS through the search form 🕵️‍♂️ Proof of Concept 1. Go to http://site.com/search?form=search&qwidget=%22%3E%3Csvg/onload=alertdocument.domain%3E 2. XSS payload will be executed 💥 Impact An attacker can execute JavaScript code in the website...

0.6AI score
Exploits0
CNVD
CNVD
added 2021/08/03 12:0 a.m.18 views

engineercms cross-site scripting vulnerability

engineercms is an open source engineer knowledge management system . Specifically for civil engineers to create a suitable web-based knowledge management system . It can be used to manage both individual project information , but also for managing project team information ; it can run on both...

5.4CVSS3.4AI score0.0059EPSS
Exploits1References1
Prion
Prion
added 2021/08/02 11:15 a.m.19 views

Cross site scripting

The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.8 does not sanitise or escape its 'Modify default Redirect Delay timer' setting, allowing high privilege users to use JavaScript code in it, even when the unfilteredhtml capability is disallowed, leading to an...

3.5CVSS4.7AI score0.00613EPSS
Exploits2References1Affected Software1
Huntr
Huntr
added 2021/07/31 2:0 p.m.9 views

Improper Privilege Management in amirsanni/mini-inventory-and-sales-management-system

💥 BUG unprivileged user can add item 💥 STEP TO REPDOUCE 1. From admin account goto https://1410inc.xyz/mini-inventory-and-sales-management-system/administrators and add new user callled user-B with basic role .\ So, user-B cant add new item.\ 2. Now goto user-B account and here user-B cant see...

0.9AI score
Exploits0
NVD
NVD
added 2021/07/30 2:15 p.m.10 views

CVE-2021-36605

engineercms 1.03 is vulnerable to Cross Site Scripting XSS. There is no escaping in the nickname field on the user list page. When viewing this page, the JavaScript code will be executed in the user's browser...

5.4CVSS0.0059EPSS
Exploits1References1
OSV
OSV
added 2021/07/30 2:15 p.m.12 views

CVE-2021-36605

engineercms 1.03 is vulnerable to Cross Site Scripting XSS. There is no escaping in the nickname field on the user list page. When viewing this page, the JavaScript code will be executed in the user's browser...

5.4CVSS6.4AI score
Exploits0References1
CNVD
CNVD
added 2021/07/29 12:0 a.m.21 views

IBM Jazz Foundation Cross-Site Scripting Vulnerability

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technologies from IBM. IBM Jazz Foundation has a cross-site scripting vulnerability that could allow a remote attacker to embed arbitrary JavaScript code in the Web UI to alter the intended functionality,...

5.4CVSS2.7AI score0.00495EPSS
Exploits0References1
Prion
Prion
added 2021/07/28 1:15 p.m.16 views

Cross site scripting

IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957...

3.5CVSS5.1AI score0.00495EPSS
Exploits0References2Affected Software8
Cvelist
Cvelist
added 2021/07/28 12:25 p.m.19 views

CVE-2020-5004

IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957...

5.4CVSS5.2AI score0.00495EPSS
Exploits0References2
CNVD
CNVD
added 2021/07/26 12:0 a.m.18 views

EVlink City, EVlink Parking, EVlink Smart Wallbox Information Disclosure Vulnerability

Schneider Electric EVlink City and others are a charging solution for electric vehicle charging stations from Schneider Electric France. EVlink City, EVlink Parking, and EVlink Smart Wallbox have an information disclosure vulnerability that The vulnerability stems from the fact that when maliciou...

5CVSS1.8AI score0.00951EPSS
Exploits0Affected Software2
Prion
Prion
added 2021/07/21 3:15 p.m.12 views

Cross site scripting

Affected versions of this package are vulnerable to Cross-site Scripting XSS via the main functionality. It accepts input that can result in the output an anchor a tag containing undesirable Javascript code that can be executed upon user interaction...

4.3CVSS5.9AI score0.01164EPSS
Exploits1References3
Prion
Prion
added 2021/07/21 3:15 p.m.17 views

Information disclosure

A CWE-200: Information Exposure vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could allow an attacker to get...

5CVSS5.3AI score0.00951EPSS
Exploits0References1Affected Software6
CNNVD
CNNVD
added 2021/07/21 12:0 a.m.4 views

EVlink City、EVlink Parking和EVlink Smart Wallbox 信息泄露漏洞

Schneider Electric EVlink City and others are a charging solution for electric vehicle charging stations from Schneider Electric France. EVlink City, EVlink Parking, and EVlink Smart Wallbox have an information disclosure vulnerability that The vulnerability stems from the fact that when maliciou...

5.3CVSS5.7AI score0.00951EPSS
Exploits0References2
NVD
NVD
added 2021/07/19 4:15 p.m.10 views

CVE-2021-20507

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...

5.4CVSS0.00495EPSS
Exploits0References2
CNVD
CNVD
added 2021/07/19 12:0 a.m.18 views

Advantech R-SeeNet Cross-Site Scripting Vulnerability (CNVD-2021-57184)

Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.A cross-site scripting vulnerability exists in the devicegraphpage.php script function of...

9.6CVSS3.6AI score0.07902EPSS
Exploits1References1
CNVD
CNVD
added 2021/07/19 12:0 a.m.22 views

Advantech R-SeeNet Cross-Site Scripting Vulnerability (CNVD-2021-57185)

Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.A cross-site scripting vulnerability exists in the devicegraphpage.php script function of...

9.6CVSS3.6AI score0.099EPSS
Exploits1References1
wpexploit
wpexploit
added 2021/07/19 12:0 a.m.591 views

Photo Gallery < 1.5.79 - Stored XSS via Uploaded SVG in Zip

The plugin did not ensure that uploaded SVG files inside a Zipped archive added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will be executed when accessing the image directly ie in the...

0.3AI score
Exploits0
WPVulnDB
WPVulnDB
added 2021/07/18 12:0 a.m.28 views

Photo Gallery < 1.5.75 - Stored Cross-Site Scripting via Uploaded SVG

The plugin did not ensure that uploaded SVG files added to a gallery do not contain malicious content. As a result, users allowed to add images to gallery can upload an SVG file containing JavaScript code, which will be executed when accessing the image directly ie in the...

4.3CVSS6AI score0.00827EPSS
Exploits2Affected Software1
NVD
NVD
added 2021/07/16 11:15 a.m.23 views

CVE-2021-21800

Cross-site scripting vulnerabilities exist in the sshform.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a craft...

9.6CVSS0.14115EPSS
Exploits1References1
Rows per page
Query Builder