Lucene search
K

4739 matches found

NVD
NVD
added 2021/03/25 7:15 p.m.26 views

CVE-2021-26596

An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that...

5.4CVSS0.00737EPSS
Exploits1References2
Prion
Prion
added 2021/03/25 7:15 p.m.17 views

Code injection

An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that...

3.5CVSS5.5AI score0.00737EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/03/25 6:56 p.m.51 views

CVE-2021-26596

The CVE-2021-26596 entry concerns Nokia NetAct 18A. A vulnerability exists where a malicious user can change the filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim’s web browser. The attack is typically delivered by placing the malicious content...

5.4CVSS5.4AI score0.00737EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2021/03/22 8:10 a.m.4 views

pki-core: Stored XSS in TPS profile creation

A flaw was found in the pki-core's Token Processing Service TPS where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting XSS vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a...

5.4CVSS5.7AI score0.00764EPSS
Exploits0References4
Veracode
Veracode
added 2021/03/22 5:7 a.m.5 views

Cross-site Scripting (XSS)

eZ Platform Kernel is vulnerable to Cross-site Scripting XSS. An attacker is able to inject and execute arbitrary Javascript code in a user's browser by uploading malicious .html and .js files...

6.1CVSS6.8AI score0.00398EPSS
Exploits0References4Affected Software2
CNVD
CNVD
added 2021/03/19 12:0 a.m.9 views

Eclipse Theia Injection Vulnerability

Eclipse Theia is the Eclipse Foundation's set of Visual Studio Code-based open source integrated development environment for desktop and Web applications framework. An injection vulnerability exists in Eclipse Theia 0.16.0 and earlier versions, which stems from the absence of HTML escaping in...

6.1CVSS7AI score0.00776EPSS
Exploits1References1
seebug.org
seebug.org
added 2021/03/19 12:0 a.m.105 views

MyBB 未授权RCE漏洞(CVE-2021-27889 CVE-2021-27890)

MyBB Remote Code Execution Chain BY SIMON SCANNELL & CARL SMITH Today SonarSource is pleased to share with you a guest contribution to our Code Security blog series. The following blog post is authored by Simon Scannell and Carl Smith -two independent security researchers- joining us in sharing...

6.8CVSS0.4AI score0.1059EPSS
Exploits10
NVD
NVD
added 2021/03/18 3:15 p.m.15 views

CVE-2021-24136

Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters: - Author - Job Title - Location ...

5.4CVSS0.00822EPSS
Exploits2References1
Prion
Prion
added 2021/03/18 3:15 p.m.19 views

Cross site scripting

Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting XSS vulnerabilities allowing low-privileged users Contributor+ to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Pan...

3.5CVSS5.3AI score0.00658EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/03/18 2:57 p.m.12 views

CVE-2021-24136 Testimonials Widget < 4.0.0 - Multiple Authenticated Stored XSS

Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters: - Author - Job Title - Location ...

5.7AI score0.00822EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/03/16 12:0 a.m.6 views

Flo Forms < 1.0.36 - Authenticated Options Change to Stored XSS

The plugin was being actively exploited, allowing low privilege users to use the floimportformsoptions AJAX action to import new options and inject malicious JavaScript code in the backend...

3.9AI score
Exploits0References1Affected Software1
NVD
NVD
added 2021/03/12 10:15 p.m.13 views

CVE-2021-28162

In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...

6.1CVSS0.00776EPSS
Exploits1References1
NVD
NVD
added 2021/03/12 10:15 p.m.22 views

CVE-2021-28161

In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected...

6.1CVSS0.00708EPSS
Exploits1References1
OSV
OSV
added 2021/03/12 10:15 p.m.11 views

CVE-2021-28162

In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...

6.1CVSS6.8AI score
Exploits0References1
Prion
Prion
added 2021/03/12 10:15 p.m.14 views

Design/Logic Flaw

In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...

4.3CVSS6.2AI score0.00776EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/03/12 9:40 p.m.22 views

CVE-2021-28162

In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...

6.4AI score0.00776EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/03/12 9:40 p.m.33 views

CVE-2021-28161

In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected...

6.5AI score0.00708EPSS
Exploits1References1
CVE
CVE
added 2021/03/12 9:40 p.m.76 views

CVE-2021-28161

The CVE-2021-28161 entry concerns Eclipse Theia prior to or including version 1.8.0, where the debug console does not escape HTML. This lack of escaping enables injection of arbitrary JavaScript code through the console, constituting a cross-site scripting risk. The vulnerability is tied to Theia...

6.1CVSS6.3AI score0.00708EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2021/03/11 12:0 a.m.8 views

IBM Tivoli Netcool/OMNIbus_GUI cross-site scripting vulnerability (CNVD-2021-17193)

IBM Tivoli Netcool/OMNIbusGUI is a graphical user interface for the IBM Tivoli Netcool/OMNIbus service level management system from IBM USA. A security vulnerability exists in IBM Tivoli Netcool/OMNIbusGUI that allows a user to embed arbitrary JavaScript code in the Web UI that could change the...

9.8CVSS6.7AI score0.95922EPSS
Exploits11References1
Veracode
Veracode
added 2021/03/08 2:35 a.m.23 views

Cross-Site Scripting (XSS)

apache superset is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript code in a user's browser by creating a div section embedded with a malicious svg element...

5.4CVSS4.9AI score0.86393EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder