Lucene search
K

4739 matches found

OSV
OSV
added 2021/04/05 7:15 p.m.5 views

CVE-2021-24203

In the Elementor Website Builder WordPress plugin before 3.1.4, the divider widget includes/widgets/divider.php accepts an ‘htmltag’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified...

5.4CVSS5.8AI score0.00746EPSS
Exploits2References2
NVD
NVD
added 2021/04/05 7:15 p.m.17 views

CVE-2021-24211

The WordPress Related Posts plugin through 3.6.4 contains an authenticated admin+ stored XSS vulnerability in the title field on the settings page. By exploiting that an attacker will be able to execute JavaScript code in the user's browser...

5.4CVSS0.00628EPSS
Exploits2References1
Cvelist
Cvelist
added 2021/04/05 4:20 p.m.12 views

CVE-2020-4997

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192914...

5.4CVSS5.2AI score0.00502EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/04/02 5:49 p.m.37 views

CVE-2021-1748

A validation issue was addressed with improved input sanitization. This issue is fixed in tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted URL may lead to arbitrary javascript code execution...

8.6AI score0.02738EPSS
Exploits0References3
CVE
CVE
added 2021/04/02 5:49 p.m.97 views

CVE-2021-1748

CVE-2021-1748: A validation issue in processing a URL was fixed in tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4. The vulnerability could allow arbitrary javascript execution when handling a malicious URL. Connected Apple advisories (HT212149/HT212148/HT212146) confirm the affected platforms a...

8.8CVSS7.6AI score0.02738EPSS
Exploits0References3Affected Software4
FreeBSD
FreeBSD
added 2021/04/01 12:0 a.m.32 views

mdbook -- XSS in mdBook's search page

Rust Security Response Working Group reports: The search feature of mdBook introduced in version 0.1.4 was affected by a cross site scripting vulnerability that allowed an attacker to execute arbitrary JavaScript code on an user's browser by tricking the user into typing a malicious search query,...

8.2CVSS1.5AI score0.01254EPSS
Exploits0References5
CNVD
CNVD
added 2021/03/31 12:0 a.m.7 views

IBM Engineering Workflow Management Cross-Site Scripting Vulnerability (CNVD-2021-24461)

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines Corporation IBM. IBM Jazz Foundation suffers from a cross-site scripting vulnerability that allows a user to embed arbitrary JavaScript code in the Web UI to chang...

5.4CVSS6.1AI score0.00502EPSS
Exploits0References1
CNVD
CNVD
added 2021/03/31 12:0 a.m.7 views

IBM Jazz Foundation Cross-Site Scripting Vulnerability (CNVD-2021-31964)

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines Corporation IBM. IBM Jazz Foundation suffers from a cross-site scripting vulnerability that allows a user to embed arbitrary JavaScript code in the Web UI, which c...

5.4CVSS6.1AI score0.00502EPSS
Exploits0References1
CNVD
CNVD
added 2021/03/31 12:0 a.m.10 views

IBM Jazz Foundation Cross-Site Scripting Vulnerability (CNVD-2021-31963)

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines Corporation IBM. IBM Jazz Foundation suffers from a cross-site scripting vulnerability that allows a user to embed arbitrary JavaScript code in the Web UI, which c...

5.4CVSS6.1AI score0.00502EPSS
Exploits0References1
CNVD
CNVD
added 2021/03/31 12:0 a.m.8 views

IBM Jazz Foundation Cross-Site Scripting Vulnerability (CNVD-2021-31960)

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines Corporation IBM. IBM Jazz Foundation suffers from a cross-site scripting vulnerability that allows a user to embed arbitrary JavaScript code in the Web UI, which c...

5.4CVSS6.1AI score0.00502EPSS
Exploits0References1
NVD
NVD
added 2021/03/30 5:15 p.m.17 views

CVE-2021-20504

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231...

5.4CVSS0.00502EPSS
Exploits0References2
Prion
Prion
added 2021/03/30 5:15 p.m.16 views

Cross site scripting

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198572...

3.5CVSS5.1AI score0.00502EPSS
Exploits0References2Affected Software5
CNVD
CNVD
added 2021/03/29 12:0 a.m.4 views

Nokia NetAct 18A Filename Change Code Execution Vulnerability

Nokia NetAct 18A is an application system from NOKIA, Finland. It provides best-in-class applications for seamless day-to-day network operations, including configuration management, monitoring and software management. A security vulnerability exists in Nokia NetAct 18A that allows an attacker to...

5.4CVSS6.8AI score0.00737EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2021/03/29 12:0 a.m.365 views

Concrete5 8.5.4 Cross Site Scripting

Exploit Title: Concrete5 8.5.4 - 'name' Stored XSS Date: 2021-01 Exploit Author: Quadron Research Lab Version: Concrete5 8.5.4 Tested on: Windows 10 x64 HUN/ENG Professional Vendor: Concrete5 CMS https://www.concrete5.org CVE: CVE-2021-3111 Suggested description The Express Entries Dashboard...

3.5CVSS0.03008EPSS
Exploits5
Exploit DB
Exploit DB
added 2021/03/29 12:0 a.m.299 views

Concrete5 8.5.4 - 'name' Stored XSS

Exploit Title: Concrete5 8.5.4 - 'name' Stored XSS Date: 2021-01 Exploit Author: Quadron Research Lab Version: Concrete5 8.5.4 Tested on: Windows 10 x64 HUN/ENG Professional Vendor: Concrete5 CMS https://www.concrete5.org CVE: CVE-2021-3111 Suggested description The Express Entries Dashboard...

4.8CVSS5.6AI score0.03008EPSS
Exploits5
Veracode
Veracode
added 2021/03/26 3:53 a.m.18 views

Server Side Request Forgery (SSRF)

MITREid Connect is vulnerable to Server Side Request Forgery SSRF. An attacker is able to request any URL accessible from the authorization server and display its content, leading to a Server Side Request Forgery attack via logouri parameter during registration process. Moreover, a lack of...

9.1CVSS1.7AI score0.01494EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2021/03/26 12:0 a.m.7 views

Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2021-23380)

Revive Adserver is an open source ad server under the GNU General Public License license with an integrated banner management interface and a tracking system for collecting statistical information. A reflected cross-site scripting vulnerability exists in the status parameter in...

6.1CVSS6.1AI score0.19811EPSS
Exploits1References1
NVD
NVD
added 2021/03/25 8:15 p.m.14 views

CVE-2021-22889

Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the statsBreakdown parameter of stats.php and possibly other scripts due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking...

6.1CVSS0.3633EPSS
Exploits1References3
OSV
OSV
added 2021/03/25 8:15 p.m.14 views

CVE-2021-22888

Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the status parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScri...

6.1CVSS6AI score
Exploits0References3
Cvelist
Cvelist
added 2021/03/25 7:40 p.m.22 views

CVE-2021-22889

Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the statsBreakdown parameter of stats.php and possibly other scripts due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking...

6.3AI score0.3633EPSS
Exploits1References3
Rows per page
Query Builder