Lucene search
K

4739 matches found

NVD
NVD
added 2021/03/05 9:15 p.m.15 views

CVE-2020-29029

Improper Input Validation, Cross-site Scripting XSS vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4...

7.3CVSS0.00777EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/03/05 7:10 p.m.20 views

CVE-2020-29028 Reflected XSS issues

Cross-site Scripting XSS vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4...

6.3CVSS6AI score0.00651EPSS
Exploits0References1
NVD
NVD
added 2021/03/05 12:15 p.m.12 views

CVE-2021-27907

Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The...

5.4CVSS0.86393EPSS
Exploits0References1
OSV
OSV
added 2021/03/05 12:15 p.m.15 views

CVE-2021-27907

Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The...

5.4CVSS5.5AI score
Exploits0References1
Prion
Prion
added 2021/03/05 12:15 p.m.33 views

Cross site scripting

Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The...

3.5CVSS5.5AI score0.86393EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/03/05 11:35 a.m.16 views

CVE-2021-27907 Apache Superset stored XSS on Dashboard markdown

Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The...

5.7AI score0.86393EPSS
Exploits0References1
CNVD
CNVD
added 2021/03/05 12:0 a.m.11 views

IBM Engineering Test Management Cross-Site Scripting Vulnerability (CNVD-2021-14749)

IBM Engineering Test Management is a collaborative quality management solution that provides end-to-end test planning and test asset management with broad coverage from requirements to defects. A cross-site scripting vulnerability exists in IBM Engineering Test Management. An attacker could explo...

6.4CVSS6AI score0.00539EPSS
Exploits0References1
CNVD
CNVD
added 2021/03/05 12:0 a.m.9 views

IBM Engineering Workflow Management Cross-Site Scripting Vulnerability (CNVD-2021-14750)

IBM Engineering Workflow Management EWM is a team collaboration tool that integrates a variety of development tasks, including iteration planning, process definition, change management, defect tracking, source code control, build automation, and reporting. A cross-site scripting vulnerability...

5.4CVSS6AI score0.00539EPSS
Exploits0References1
Prion
Prion
added 2021/03/04 7:15 p.m.21 views

Cross site scripting

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192435...

3.5CVSS5.1AI score0.00539EPSS
Exploits0References2Affected Software7
Cvelist
Cvelist
added 2021/03/04 7:5 p.m.22 views

CVE-2021-20351

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194708...

5.4CVSS5.3AI score0.00541EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/03/04 7:5 p.m.30 views

CVE-2020-4975

IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192435...

5.4CVSS5.2AI score0.00539EPSS
Exploits0References2
CNVD
CNVD
added 2021/03/02 12:0 a.m.7 views

IBM Jazz Foundation Cross-Site Scripting Vulnerability (CNVD-2021-14787)

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines Corporation IBM. IBM Jazz Foundation suffers from a cross-site scripting vulnerability that can be exploited by an attacker to embed arbitrary JavaScript code in t...

5.4CVSS6.1AI score0.00539EPSS
Exploits0References1
CNVD
CNVD
added 2021/03/02 12:0 a.m.9 views

IBM Engineering Requirements Management DOORS Next Cross-Site Scripting Vulnerability (CNVD-2021-32648)

IBM Engineering Requirements Management DOORS Next is a scalable solution from International Business Machines Corporation IBM. The solution helps you capture, track, analyze and manage systems and advanced IT application development. IBM Engineering Requirements Management DOORS Next suffers fro...

6.4CVSS6.1AI score0.0068EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2021/02/23 12:15 p.m.60 views

The mystery of the Silver Sparrow Mac malware

Cyber security company Red Canary published findings last week about a new piece of Mac malware called Silver Sparrow. This malware is notable in being one of the first to include native code for Apples new M1 chips, but what is unknown about this malware is actually more interesting than what is...

0.9AI score
Exploits0
0day.today
0day.today
added 2021/02/23 12:0 a.m.37 views

Monica 2.19.1 - (last_name) Stored XSS Vulnerability

Exploit Title: Monica 2.19.1 - 'lastname' Stored XSS Exploit Author: BouSalman Vendor Homepage: https://www.monicahq.com/ Software Link: https://github.com/monicahq/monica/releases Version: Monica 2.19.1 Tested on: Ubuntu 18.04 CVE : CVE-2021-27370 POST /people HTTP/1.1 Host: 192.168.99.162...

5.4CVSS5.9AI score0.03271EPSS
Exploits4
Prion
Prion
added 2021/02/22 3:15 p.m.15 views

Cross site request forgery (csrf)

Automated Logic Corporation ALC WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request...

4.3CVSS6.2AI score0.00971EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/02/22 2:43 p.m.12 views

CVE-2020-19762

Automated Logic Corporation ALC WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request...

6.4AI score0.00971EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2021/02/22 12:0 a.m.30 views

Huawei EulerOS: Security Advisory for pki-core (EulerOS-SA-2021-1346)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.8AI score0.87218EPSS
Exploits4References2
CNVD
CNVD
added 2021/02/19 12:0 a.m.6 views

IBM Jazz Reporting Service Cross-Site Scripting Vulnerability (CNVD-2021-11047)

IBM Jazz Reporting Service helps you quickly and easily integrate data from a variety of data sources across your tools and projects, and provides a set of ready-to-use reports for sharing information about your lifecycle management projects. A cross-site scripting vulnerability exists in IBM Jaz...

5.4CVSS5.9AI score0.00502EPSS
Exploits0References1
CNVD
CNVD
added 2021/02/19 12:0 a.m.9 views

IBM Maximo for Civil Infrastructure Cross-Site Scripting Vulnerability

IBM Maximo for Civil Infrastructure integrates inspection, defect tracking and maintenance activities to help organizations improve asset life, keep critical systems up and running and reduce the total cost of ownership of civil infrastructure. A cross-site scripting vulnerability exists in IBM...

5.4CVSS6.1AI score0.00502EPSS
Exploits0References1
Rows per page
Query Builder