Lucene search
K

4739 matches found

Cvelist
Cvelist
added 2021/07/16 10:37 a.m.20 views

CVE-2021-21803

This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...

9.6CVSS6.6AI score0.07902EPSS
Exploits1References1
CVE
CVE
added 2021/07/16 10:37 a.m.93 views

CVE-2021-21803

Advantech R‑SeeNet’s device_graph_page.php has multiple reflected XSS vulnerabilities (CVE-2021-21803) via parameters such as is2sim, graph, and device_id. Exploitation can execute arbitrary JavaScript in the victim’s browser, even without authentication. Affected version noted in sources around ...

9.6CVSS6.4AI score0.07902EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/07/16 10:33 a.m.22 views

CVE-2021-21800

Cross-site scripting vulnerabilities exist in the sshform.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a craft...

9.6CVSS6.7AI score0.14115EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2021/07/16 12:0 a.m.8 views

PT-2021-14786 · Advantech · Advantech R-Seenet

Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet affected versions not specified Description: The issue is related to the device graph page.php script in Advantech R-SeeNet web applications. It allows an attacker to execute arbitrary JavaScript code by crafting a special...

9.6CVSS7.8AI score0.07902EPSS
Exploits1References2
NVD
NVD
added 2021/07/15 5:15 p.m.12 views

CVE-2021-3043

A reflected cross-site scripting XSS vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versio...

7.5CVSS0.00634EPSS
Exploits0References1
Prion
Prion
added 2021/07/15 5:15 p.m.17 views

Cross site scripting

A reflected cross-site scripting XSS vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versio...

3.5CVSS5.1AI score0.00634EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/07/15 4:45 p.m.18 views

CVE-2021-3043 Prisma Cloud: Cross-Site Scripting (XSS) Vulnerability in Prisma Cloud Compute Web Console

A reflected cross-site scripting XSS vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versio...

7.5CVSS7AI score0.00634EPSS
Exploits0References1
Palo Alto Networks
Palo Alto Networks
added 2021/07/14 4:0 p.m.63 views

Prisma Cloud: Cross-Site Scripting (XSS) Vulnerability in Prisma Cloud Compute Web Console

A reflected cross-site scripting XSS vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versio...

7.5CVSS2.7AI score0.00634EPSS
Exploits0References1
CNVD
CNVD
added 2021/07/14 12:0 a.m.16 views

IBM Cloud Pak for Applications Cross-Site Scripting Vulnerability (CNVD-2022-05115)

IBM Cloud Pak for Applications is an application from IBM of America, Inc. providing cloud-native development solutions that deliver rapid value. IBM Cloud Pak for Applications has a cross-site scripting vulnerability that stems from the application's IBM Cloud Pak being vulnerable to cross-site...

5.4CVSS2.2AI score0.00498EPSS
Exploits0References1
Prion
Prion
added 2021/07/13 11:15 a.m.18 views

Cross site scripting

A vulnerability has been identified in Teamcenter Active Workspace V4 All versions V4.3.9, Teamcenter Active Workspace V5.0 All versions V5.0.7, Teamcenter Active Workspace V5.1 All versions V5.1.4. A reflected cross-site scripting XSS vulnerability exists in the web interface of the affected...

4.3CVSS5.9AI score0.00583EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2021/07/13 12:0 a.m.10 views

IBM Tivoli Netcool/OMNIbus Web GUI Cross-Site Scripting Vulnerability (CNVD-2021-57448)

IBM Tivoli Netcool/OMNIbus is a service level management SLM system that provides real-time, centralized monitoring of complex networks and IT domains. web GUI is the web-based application version of the system that displays event data from multiple data sources in a variety of graphical formats ...

5.4CVSS2.2AI score0.00495EPSS
Exploits0References1
NVD
NVD
added 2021/07/12 4:15 p.m.11 views

CVE-2021-29804

IBM Tivoli Netcool/OMNIbusGUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 20426...

6.4CVSS0.00495EPSS
Exploits0References2
Prion
Prion
added 2021/07/12 4:15 p.m.5 views

Cross site scripting

IBM Tivoli Netcool/OMNIbusGUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 20426...

3.5CVSS5.1AI score0.00495EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/07/11 2:15 a.m.23 views

Cross site scripting

A reflected Cross Site Scripting XXS vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser...

4.3CVSS6.2AI score0.00744EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/07/11 1:16 a.m.15 views

CVE-2021-29103 There is a reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below.

A reflected Cross Site Scripting XXS vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser...

6.1CVSS6.4AI score0.00744EPSS
Exploits0References1
NVD
NVD
added 2021/07/10 3:15 p.m.10 views

CVE-2021-29106

A reflected Cross Site Scripting XSS vulnerability in Esri ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser...

6.1CVSS0.00688EPSS
Exploits0References1
Prion
Prion
added 2021/07/10 3:15 p.m.18 views

Cross site scripting

A reflected Cross Site Scripting XSS vulnerability in Esri ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser...

4.3CVSS4.9AI score0.00688EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2021/07/10 2:26 p.m.8 views

CVE-2021-29106 There is a reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below.

A reflected Cross Site Scripting XSS vulnerability in Esri ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser...

4.7CVSS6.1AI score0.00688EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/07/10 2:26 p.m.16 views

CVE-2021-29106 There is a reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below.

A reflected Cross Site Scripting XSS vulnerability in Esri ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser...

4.7CVSS6.1AI score0.00688EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2021/07/01 12:0 a.m.16 views

Leaflet Map < 3.0.0 - Contributor+ Stored XSS

The plugin does not escape some shortcode attributes before they are used in JavaScript code or HTML, which could allow users with a role as low as Contributors to exploit stored XSS issues PoC Most of the shortcode attributes are not escaped, so these are just one of them: leaflet-map...

3.5CVSS0.8AI score0.00624EPSS
Exploits2Affected Software1
Rows per page
Query Builder