Lucene search
K

4739 matches found

Positive Technologies
Positive Technologies
added 2021/06/30 12:0 a.m.5 views

PT-2021-5321 · Commvault · Commvault Commcell

Name of the Vulnerable Software and Affected Versions: Commvault CommCell version 11.22.22 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can be...

9CVSS9AI score0.05789EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2021/06/30 12:0 a.m.16 views

Profile Builder < 3.4.8 - Authenticated Stored XSS

The plugin does not sanitise or escape its 'Modify default Redirect Delay timer' setting, allowing high privilege users to use JavaScript code in it, even when the unfilteredhtml capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue PoC As admin, put the followin...

3.5CVSS1AI score0.00613EPSS
Exploits2Affected Software1
NVD
NVD
added 2021/06/29 4:15 p.m.12 views

CVE-2021-20477

IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196949...

5.4CVSS0.00502EPSS
Exploits0References2
CNVD
CNVD
added 2021/06/29 12:0 a.m.7 views

IBM Business Process Manager and IBM Cloud Pak for Automation Cross-Site Scripting Vulnerability

IBM Business Process Manager BPM is a comprehensive business process management platform from IBM, U.S.A. IBM Cloud Pak for Automation is an intelligent software platform for building automation applications in cloud environments from IBM, U.S.A. IBM Cloud Pak for Automation is an intelligent...

6.4CVSS6.1AI score0.00876EPSS
Exploits0References1
NVD
NVD
added 2021/06/25 6:15 p.m.9 views

CVE-2021-29677

IBM Security Verify IBM Security Verify Privilege Vault 10.9.66 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS0.00495EPSS
Exploits0References2
OSV
OSV
added 2021/06/24 12:15 p.m.35 views

CVE-2021-33604

URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 Vaadin 14.0.0 through 14.6.1, 3.0.0 through 6.0.9 Vaadin 15.0.0 through 19.0.8 allows local user to execute arbitrary JavaScript code by opening crafted URL in browser...

2.5CVSS7.1AI score0.00286EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/06/24 11:16 a.m.59 views

CVE-2021-33604 Reflected cross-site scripting in development mode handler in Vaadin 14, 15-19

URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 Vaadin 14.0.0 through 14.6.1, 3.0.0 through 6.0.9 Vaadin 15.0.0 through 19.0.8 allows local user to execute arbitrary JavaScript code by opening crafted URL in browser...

2.5CVSS4.5AI score0.00286EPSS
Exploits0References2
NVD
NVD
added 2021/06/21 8:15 p.m.21 views

CVE-2021-24378

The Autoptimize WordPress plugin before 2.7.8 does not check for malicious files such as .html in the archive uploaded via the 'Import Settings' feature. As a result, it is possible for a high privilege user to upload a malicious file containing JavaScript code inside an archive which will execut...

4.8CVSS0.00617EPSS
Exploits2References1
Cvelist
Cvelist
added 2021/06/21 7:18 p.m.32 views

CVE-2021-24378 Autoptimize < 2.7.8 - Authenticated Stored XSS via File Upload

The Autoptimize WordPress plugin before 2.7.8 does not check for malicious files such as .html in the archive uploaded via the 'Import Settings' feature. As a result, it is possible for a high privilege user to upload a malicious file containing JavaScript code inside an archive which will execut...

6.5AI score0.00617EPSS
Exploits2References1
OSV
OSV
added 2021/06/21 5:16 p.m.81 views

GHSA-RGX6-RJJ4-C388 ckeditor4 vulnerable to cross-site scripting

A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...

6.1CVSS5.8AI score0.03189EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2021/06/21 5:16 p.m.65 views

ckeditor4 vulnerable to cross-site scripting

A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...

6.1CVSS5.8AI score0.03189EPSS
Exploits0References11Affected Software3
Huntr
Huntr
added 2021/06/18 12:42 a.m.9 views

Cross-site Scripting (XSS) - Stored in falconchristmas/fpp

✍️ Description fpp is vulnerable to XSS through file name. 🕵️‍♂️ Proof of Concept 1. Access /upload. 2. Change the name of an image to .png. 3. Upload it. 💥 Impact JavaScript code execution...

1.5AI score
Exploits0
Huntr
Huntr
added 2021/06/14 6:15 a.m.29 views

Cross-site Scripting (XSS) - Stored in polonel/trudesk

💥 BUG Stored xss bug using file upload against admin . 💥 SUMMURY Here trudesk only allow to upload image file but it can be bypassed and attacker can upload html file . As html file can serve any javascript code ,so attacker can execute any javascript code in vicitm trudesk account . 💥 IMPACT low...

0.2AI score
Exploits0
Huntr
Huntr
added 2021/06/14 2:51 a.m.22 views

Cross-site Scripting (XSS) - Stored in polonel/trudesk

💥 BUG Stored xss using fullname 💥 IMPACT There is no xss filter present . Using this stored xss external user can attack admin and can execute arbitary javascript code in vicitm account . TESTED VERSION ========== trudesk 1.1.5 💥 STEP TO REPRODUCE 1. First goto...

1.1AI score
Exploits0
OpenVAS
OpenVAS
added 2021/06/11 12:0 a.m.23 views

CKEditor 4.0 < 4.16.1 XSS Vulnerability - Windows

CKEditor is prone to a cross-site scripting XSS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

6.1CVSS6.1AI score0.03189EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/06/11 12:0 a.m.23 views

CKEditor 4.0 < 4.16.1 XSS Vulnerability - Linux

CKEditor is prone to a cross-site scripting XSS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

6.1CVSS6.1AI score0.03189EPSS
Exploits0References1
Prion
Prion
added 2021/06/09 3:15 p.m.17 views

Cross site scripting

An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting XSS in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user...

4.3CVSS6AI score0.00554EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/06/09 2:18 p.m.16 views

CVE-2021-23848 Reflected XSS in URL handler

An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting XSS in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user...

8.3CVSS7.8AI score0.00554EPSS
Exploits0References1
NVD
NVD
added 2021/06/09 2:15 p.m.21 views

CVE-2021-31832

Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention DLP Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user...

5.2CVSS0.00503EPSS
Exploits0References1
OSV
OSV
added 2021/06/09 12:15 p.m.25 views

CVE-2021-33829

A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...

6.1CVSS5.4AI score
Exploits0References6
Rows per page
Query Builder