Lucene search
K

4739 matches found

CNVD
CNVD
added 2021/05/25 12:0 a.m.20 views

Project Worlds Online Examination System Cross-Site Scripting Vulnerability

Project Worlds Online Examination System is an online examination system. version 1.0 of ProjectWorlds College Management System is vulnerable to a cross-site scripting vulnerability that could be exploited to inject malicious JavaScript code to execute and steal user credentials...

6.1CVSS4.4AI score0.00685EPSS
Exploits0References1
CNVD
CNVD
added 2021/05/20 12:0 a.m.9 views

IBM Maximo Asset Management Cross-Site Scripting Vulnerability (CNVD-2021-36549)

IBM Maximo Asset Management is a comprehensive solution for asset-intensive industries to manage corporate physical assets through a common platform. A cross-site scripting vulnerability exists in IBM Maximo Asset Management versions 7.6.0, 7.6.1. The vulnerability can be exploited by a user to...

6.5CVSS5.9AI score0.00515EPSS
Exploits0References1
OSV
OSV
added 2021/05/17 9:1 p.m.18 views

GHSA-VH59-V9R5-4MH4 Cross-site scripting in jspdf

Affected versions of this package are vulnerable to Cross-site Scripting XSS. It's possible to inject JavaScript code via the html method...

6.1CVSS6.1AI score0.00968EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2021/05/14 12:0 a.m.8 views

PT-2021-3535 · WordPress · Kaswara Modern Vc Addons

Name of the Vulnerable Software and Affected Versions: Kaswara Modern VC Addons versions through 3.0.1 Description: The issue is related to unlimited file upload of dangerous types. Exploitation can allow a remote attacker to upload and execute arbitrary files. The vulnerability allows...

9.8CVSS9.4AI score0.4214EPSS
Exploits3References9
Prion
Prion
added 2021/05/13 9:15 p.m.14 views

Design/Logic Flaw

The HTMLSanitizer class in html-sanitizer.ts in all released versions of the Aurelia framework 1.x repository is vulnerable to XSS. The sanitizer only attempts to filter SCRIPT elements, which makes it feasible for remote attackers to conduct XSS attacks via for example JavaScript code in an...

4.3CVSS5.9AI score0.01416EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2021/05/10 5:15 p.m.18 views

CVE-2021-20577

IBM Cloud Pak for Security CP4S 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

6.1CVSS0.00606EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2021/05/10 3:36 p.m.43 views

Command Injection in @theia/messages

In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...

6.1CVSS2.1AI score0.00776EPSS
Exploits1References5Affected Software1
CNVD
CNVD
added 2021/05/10 12:0 a.m.7 views

IBM Control Desk Cross-Site Scripting Vulnerability

IBM Control Desk is an application from IBM USA. Automated service management and seamlessly integrated, best-practice based service desk functionality. IBM Smart Cloud Control Desk suffers from a cross-site scripting vulnerability that originates from allowing a user to embed arbitrary JavaScrip...

5.4CVSS6.1AI score0.00495EPSS
Exploits0References1
CNVD
CNVD
added 2021/05/10 12:0 a.m.8 views

IBM Cloud Pak for Security Cross-Site Scripting Vulnerability (CNVD-2021-34348)

IBM Cloud Pak for Security is an application from IBM America, Inc. An open security platform that connects to your existing data sources to generate deeper insights and enables you to take automated action faster. A cross-site scripting vulnerability exists in IBM Cloud Pak for Security versions...

9.1CVSS6.1AI score0.00737EPSS
Exploits0References1
NVD
NVD
added 2021/05/06 10:15 p.m.17 views

CVE-2020-23263

Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigationtitle" parameter and the "title" parameter in /private/en/pages/add...

6.1CVSS0.00844EPSS
Exploits0References1
OSV
OSV
added 2021/05/06 10:15 p.m.15 views

CVE-2020-23263

Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigationtitle" parameter and the "title" parameter in /private/en/pages/add...

6.1CVSS6.8AI score
Exploits0References1
Cvelist
Cvelist
added 2021/05/06 9:42 p.m.16 views

CVE-2020-23263

Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigationtitle" parameter and the "title" parameter in /private/en/pages/add...

6.3AI score0.00844EPSS
Exploits0References1
CNVD
CNVD
added 2021/05/06 12:0 a.m.5 views

IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2021-36080)

QRadar SIEM is an IBM enterprise security information and event management product that consolidates log event and network flow data from thousands of devices, endpoints and applications scattered across the network. A cross-site scripting vulnerability exists in IBM QRadar SIEM versions 7.3 and...

5.4CVSS5.9AI score0.00495EPSS
Exploits0References1
CNVD
CNVD
added 2021/05/06 12:0 a.m.6 views

IBM FlashSystem 900 Cross-Site Scripting Vulnerability

IBM FlashSystem 900 is a software application from IBM, USA. Provides a subtle delay. A cross-site scripting vulnerability exists in IBM FlashSystem 900 versions 1.5.2.9 and 1.6.1.3 that allows an attacker to alter the intended functionality by embedding arbitrary JavaScript code in the Web UI,...

6.4CVSS6AI score0.00495EPSS
Exploits0References1
CNVD
CNVD
added 2021/05/06 12:0 a.m.8 views

IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2021-40869)

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A cross-site...

6.1CVSS6AI score0.00653EPSS
Exploits0References1
Prion
Prion
added 2021/04/30 12:15 p.m.13 views

Cross site scripting

A flaw was found in the Key Recovery Authority KRA Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting XSS vulnerability. An attacker could trick an authenticated victim into executing...

4.3CVSS6.1AI score0.00981EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/04/28 2:15 p.m.12 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in SourceCodester Budget Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php via vulnerable field 'Budget Title'...

3.5CVSS5.2AI score0.00482EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/04/28 1:36 p.m.16 views

CVE-2021-29388

A stored cross-site scripting XSS vulnerability in SourceCodester Budget Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php via vulnerable field 'Budget Title'...

5.4AI score0.00482EPSS
Exploits0References2
CNVD
CNVD
added 2021/04/28 12:0 a.m.6 views

IBM Content Navigator Cross-Site Scripting Vulnerability (CNVD-2021-32635)

IBM Content Navigator is a Web client from IBM USA. The product supports searching and processing documents stored in content servers from a Web browser. A cross-site scripting vulnerability exists in IBM Content Navigator version 3.0.CD. An attacker can exploit the vulnerability to embed arbitra...

5.4CVSS5.8AI score0.00495EPSS
Exploits0References1
CNVD
CNVD
added 2021/04/28 12:0 a.m.4 views

IBM Content Navigator Cross-Site Scripting Vulnerability (CNVD-2021-32634)

IBM Content Navigator is a Web client from IBM USA. The product supports searching and processing documents stored in content servers from a Web browser. A cross-site scripting vulnerability exists in IBM Content Navigator version 3.0.CD. An attacker can exploit the vulnerability to embed arbitra...

5.4CVSS5.8AI score0.00495EPSS
Exploits0References1
Rows per page
Query Builder