Lucene search
K

4739 matches found

CNVD
CNVD
added 2021/04/28 12:0 a.m.5 views

Unisys Data Exchange Management Studio Cross-Site Scripting Vulnerability

Unisys Data Exchange Management Studio is a data exchange component from the American company Unisys. A cross-site scripting vulnerability exists in Unisys Data Exchange Management Studio version 5.0.34 and prior versions, which originates from input that is not cleared from HTML document fields,...

5.4CVSS6.1AI score0.00466EPSS
Exploits0References1
0day.today
0day.today
added 2021/04/27 12:0 a.m.70 views

Apache Druid 0.20.0 Remote Command Execution Exploit

Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests; however, that feature is disabled by default. In Druid versions prior to 0.20.1, an authenticated user can send a specially-crafted request that both enables the JavaScript...

8.8CVSS9AI score0.99217EPSS
Exploits7
Metasploit
Metasploit
added 2021/04/26 5:42 p.m.210 views

Apache Druid 0.20.0 Remote Command Execution

Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests; however, that feature is disabled by default. In Druid versions prior to 0.20.1, an authenticated user can send a specially-crafted request that both enables the JavaScript...

9CVSS9AI score0.99217EPSS
Exploits7
Github Security Blog
Github Security Blog
added 2021/04/20 4:31 p.m.58 views

Cross-site scripting in SiCKRAGE

in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive...

5.4CVSS2.9AI score0.0066EPSS
Exploits1References5Affected Software1
CNVD
CNVD
added 2021/04/20 12:0 a.m.6 views

IBM Edge Cross-Site Scripting Vulnerability

IBM Edge Application Manager is an application from IBM Corporation, USA. It provides powerful solutions to address the need to deliver enterprise computing power at the edge of the cloud, closer to where the data is created and at the edge of the enterprise where action needs to be taken. A...

5.4CVSS6AI score0.00502EPSS
Exploits0References1
NVD
NVD
added 2021/04/14 2:15 p.m.16 views

CVE-2021-26812

Cross Site Scripting XSS in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application...

6.1CVSS0.97461EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/04/14 1:55 p.m.18 views

CVE-2021-26812

Cross Site Scripting XSS in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application...

6.2AI score0.97461EPSS
Exploits1References1
CNVD
CNVD
added 2021/04/13 12:0 a.m.8 views

IBM Jazz Team Server Cross-Site Scripting Vulnerability (CNVD-2021-32643)

IBM Jazz Team Server is an application server from IBM USA. Provides base services that enable a group of tools to work together as a single logical server and includes any number of Jazz Team Server Extensions that provide tool-specific functionality. A cross-site scripting vulnerability exists ...

6.4CVSS6AI score0.0062EPSS
Exploits0References1
CNVD
CNVD
added 2021/04/13 12:0 a.m.10 views

IBM Jazz Team Server Cross-Site Scripting Vulnerability (CNVD-2021-32645)

IBM Jazz Team Server is an application server from IBM USA. Provides base services that enable a group of tools to work together as a single logical server and includes any number of Jazz Team Server Extensions that provide tool-specific functionality. A cross-site scripting vulnerability exists ...

5.4CVSS6AI score0.0062EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/04/12 1:48 p.m.3 views

CVE-2021-25925

in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive...

6.3AI score0.0066EPSS
Exploits1References2
CNVD
CNVD
added 2021/04/09 12:0 a.m.9 views

Cisco Cross-Site Scripting Vulnerability

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A security vulnerability exists ...

6.1CVSS6.1AI score0.00823EPSS
Exploits0References1
NVD
NVD
added 2021/04/08 12:15 p.m.7 views

CVE-2021-30111

A stored XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed...

5.4CVSS0.00734EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/04/08 11:16 a.m.9 views

CVE-2021-30111

A stored XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed...

5.5AI score0.00734EPSS
Exploits1References3
NVD
NVD
added 2021/04/08 11:15 a.m.18 views

CVE-2021-3012

A cross-site scripting XSS vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror in the URL field of the Parameters tab...

5.4CVSS0.00662EPSS
Exploits1References1
Prion
Prion
added 2021/04/08 11:15 a.m.24 views

Cross site scripting

A cross-site scripting XSS vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror in the URL field of the Parameters tab...

3.5CVSS5AI score0.00662EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/04/08 10:15 a.m.19 views

CVE-2021-3012

A cross-site scripting XSS vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror in the URL field of the Parameters tab...

5.3AI score0.00662EPSS
Exploits1References1
0day.today
0day.today
added 2021/04/08 12:0 a.m.32 views

CMSimple 5.2 - (External) Stored XSS Vulnerability

Exploit Title: CMSimple 5.2 - 'External' Stored XSS Exploit Author: Quadron Research Lab Version: CMSimple 5.2 Tested on: Windows 10 x64 HUN/ENG Professional Vendor: https://www.cmsimple.org/en/ Description The CMSimple 5.2 allow stored XSS via the Settings CMS Filebrowser "External:" input field...

0.4AI score
Exploits0
CNVD
CNVD
added 2021/04/07 12:0 a.m.11 views

Seafile Cross-Site Scripting Vulnerability

Seafile is an open source, cross-platform file hosting software system. A cross-site scripting vulnerability exists in Seafile 7.0.5. The vulnerability can be exploited to inject and execute malicious JavaScript code via the "shared library feature"...

5.4CVSS6.2AI score0.00853EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2021/04/06 9:16 a.m.125 views

Exploit for Cross-site Scripting in Seafile

CVE-2021-30146 Seafile 7.0.5 Persistent XSS Suggested descri...

5.4CVSS5.2AI score0.00853EPSS
Exploits1
CNVD
CNVD
added 2021/04/06 12:0 a.m.7 views

IBM InfoSphere Information Server Cross-Site Scripting Vulnerability (CNVD-2021-26139)

IBM InfoSphere Information Server is a data integration platform that includes a range of products that enable you to understand, cleanse, monitor, transform, and transfer data, as well as collaborate to bridge the gap between business and IT. A cross-site scripting vulnerability exists in IBM...

5.4CVSS6AI score0.00502EPSS
Exploits0References1
Rows per page
Query Builder