Lucene search
K

4739 matches found

UbuntuCve
UbuntuCve
added 2021/06/09 12:15 p.m.39 views

CVE-2021-33829

A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...

6.1CVSS6.7AI score0.03189EPSS
Exploits0References5
Prion
Prion
added 2021/06/09 12:15 p.m.21 views

Cross site scripting

A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...

4.3CVSS5.7AI score0.03189EPSS
Exploits0References6Affected Software4
Debian CVE
Debian CVE
added 2021/06/09 11:51 a.m.35 views

CVE-2021-33829

A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...

6.1CVSS6AI score0.03189EPSS
Exploits0
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.22 views

SUSE: Security Advisory (SUSE-SU-2020:14290-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.1AI score0.02274EPSS
Exploits0References5
OSV
OSV
added 2021/06/08 1:15 p.m.14 views

CVE-2021-32106

In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the GET'replace' variable. As a result, arbitrary Javascript code can get executed...

5.4CVSS6.2AI score
Exploits0References3
CVE
CVE
added 2021/06/08 12:40 p.m.76 views

CVE-2021-32106

CVE-2021-32106 affects ICEcoder 8.0. The connected documents describe a reflected XSS in the multipe-results.php page caused by insufficient sanitization of the GET['replace'] parameter, allowing arbitrary JavaScript code execution. The vulnerability is documented across multiple feeds (NVD, Red ...

5.4CVSS5.3AI score0.00859EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/06/08 12:40 p.m.15 views

CVE-2021-32106

In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the GET'replace' variable. As a result, arbitrary Javascript code can get executed...

5.6AI score0.00859EPSS
Exploits1References3
CNVD
CNVD
added 2021/06/04 12:0 a.m.6 views

McAfee Database Security Cross-Site Scripting Vulnerability

Mcafee Database Security Server is a database security software from Mcafee USA. The software provides users with a holistic view of the database and the corresponding security status, protecting business-critical databases from external, internal and insider database threats in real time. A...

5.9CVSS6.8AI score0.00501EPSS
Exploits0References1
NVD
NVD
added 2021/06/03 11:15 a.m.13 views

CVE-2021-31830

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered when any authorized...

5.9CVSS0.00501EPSS
Exploits0References1
CNVD
CNVD
added 2021/06/03 12:0 a.m.4 views

IBM Engineering Lifecycle Optimization - Engineering Insights Cross-Site Scripting Vulnerability

IBM Engineering Lifecycle Optimization - Engineering Insights is a collaborative Web-based application that unlocks engineering data from a variety of lifecycle management applications to give you the information you need to make the best engineering decisions. A cross-site scripting vulnerabilit...

5.4CVSS5.8AI score0.00495EPSS
Exploits0References1
CNVD
CNVD
added 2021/06/03 12:0 a.m.3 views

IBM Engineering Test Management Cross-Site Scripting Vulnerability (CNVD-2021-39248)

IBM Engineering Test Management is a collaborative quality management solution that provides end-to-end test planning and test asset management with broad coverage from requirements to defects. A cross-site scripting vulnerability exists in IBM Engineering Test Management version 7.0.0, 7.0.1. An...

5.4CVSS6AI score0.00495EPSS
Exploits0References1
CNVD
CNVD
added 2021/06/03 12:0 a.m.6 views

IBM Engineering Lifecycle Optimization Cross-Site Scripting Vulnerability (CNVD-2021-40858)

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from IBM America. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that the entire organization...

5.4CVSS5.9AI score0.00495EPSS
Exploits0References1
CVE
CVE
added 2021/06/02 8:40 p.m.68 views

CVE-2021-29670

CVE-2021-29670 is a cross-site scripting vulnerability affecting IBM Jazz Foundation and IBM Engineering products (including Engineering Insights, DOORS Next, RQM, ETM, EWM, ELN, etc.). The issue allows an attacker to embed arbitrary JavaScript in the Web UI, potentially altering functionality an...

5.4CVSS5.5AI score0.00495EPSS
Exploits0References2Affected Software9
CVE
CVE
added 2021/06/02 8:40 p.m.67 views

CVE-2021-29668

CVE-2021-29668 is a cross-site scripting (XSS) vulnerability affecting IBM Jazz Foundation and IBM Engineering products (ELM/DOORS Next/RQM/ETM/ENI/RMM/etc.). The WEB UI fails to validate user-supplied data, allowing an attacker to inject JavaScript and potentially disclose credentials within a t...

5.4CVSS5.5AI score0.00495EPSS
Exploits0References2Affected Software9
CNVD
CNVD
added 2021/06/02 12:0 a.m.6 views

IBM Cognos Analytics Cross-Site Scripting Vulnerability (CNVD-2021-38770)

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A cross-site scripting...

5.4CVSS6AI score0.0096EPSS
Exploits0References1
CNVD
CNVD
added 2021/06/01 12:0 a.m.5 views

IBM WebSphere Exteme Scale Cross-Site Scripting Vulnerability (CNVD-2021-39671)

IBM WebSphere Exteme Scale is a resilient, highly scalable in-memory data grid from IBM USA. It can provide predictable responsiveness to meet exponential demands on data. IBM WebSphere Exteme Scale Liberty suffers from a cross-site scripting vulnerability that allows a user to embed arbitrary...

6.1AI score
Exploits0References1
CNVD
CNVD
added 2021/05/31 12:0 a.m.7 views

1 CDN Cross-Site Scripting Vulnerability

1CDN is an open source file sharing software. A cross-site scripting vulnerability exists in versions prior to 1CDN f88a2730fa50fc2c2aeab09011f6f142fd90ec25. An attacker can exploit this vulnerability to inject ///code and execute JavaScript code on the client side...

8.1CVSS6.2AI score0.00716EPSS
Exploits0References1
NVD
NVD
added 2021/05/26 10:15 p.m.18 views

CVE-2021-3486

GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code...

6.1CVSS0.01391EPSS
Exploits1References3
Prion
Prion
added 2021/05/26 10:15 p.m.20 views

Code injection

GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code...

4.3CVSS6AI score0.01391EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2021/05/26 9:33 p.m.72 views

CVE-2021-3486

CVE-2021-3486 relates to GLPI 9.5.4 where metadata is not sanitized, enabling stored XSS in plugins and execution of JavaScript in the user’s browser. The root cause is lack of proper sanitation in the metadata handling. The description provides the affected software (GLPI 9.5.4) and the impact (...

6.1CVSS6AI score0.01391EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder