Lucene search
K

4739 matches found

Packet Storm
Packet Storm
added 2021/02/19 12:0 a.m.350 views

Beauty Parlour Management System 1.0 Cross Site Scripting

Exploit Title: Beauty Parlour Management System 1.0 - 'Add Services' Cross-Site Scripting Date: 19/2/2021 Exploit Author: Thinkland Security Team Vendor Homepage: https://phpgurukul.com/beauty-parlour-management-system-using-php-and-mysql/ Software Link:...

Exploits0
Prion
Prion
added 2021/02/18 3:15 p.m.16 views

Cross site scripting

IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

3.5CVSS5.2AI score0.00502EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2021/02/18 12:0 a.m.6 views

RACOM M!DGE Cross-Site Scripting Vulnerability

The RACOM M!DGE is a cellular router designed for SCADA and telemetry mission-critical applications and is ideally suited for many different wireless applications. A cross-site scripting vulnerability exists in the RACOM M!DGE firmware version 4.4.40.105. An attacker can exploit this vulnerabilit...

4.8CVSS6.5AI score0.00468EPSS
Exploits0References1
CNVD
CNVD
added 2021/02/18 12:0 a.m.6 views

RACOM M!DGE cross-site scripting vulnerability (CNVD-2021-12627)

The RACOM M!DGE is a cellular router designed for SCADA and telemetry mission-critical applications and is ideally suited for many different wireless applications. A cross-site scripting vulnerability exists in the RACOM M!DGE firmware version 4.4.40.105. The vulnerability can be exploited by an...

4.8CVSS6.5AI score0.00468EPSS
Exploits0References1
NVD
NVD
added 2021/02/16 6:15 p.m.14 views

CVE-2021-21316

less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be execut...

7.8CVSS0.00988EPSS
Exploits0References5
OSV
OSV
added 2021/02/16 6:15 p.m.17 views

CVE-2021-21316

less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be execut...

7.8CVSS6.7AI score
Exploits0References5
NVD
NVD
added 2021/02/16 4:15 p.m.13 views

CVE-2020-29025

A vulnerability in SiteManager-Embedded SM-E Web server which may allow attacker to construct a URL that if visited by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application. Thi...

6.1CVSS0.00588EPSS
Exploits0References1
Prion
Prion
added 2021/02/16 4:15 p.m.17 views

Design/Logic Flaw

A vulnerability in SiteManager-Embedded SM-E Web server which may allow attacker to construct a URL that if visited by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application. Thi...

4.3CVSS6.3AI score0.00588EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/02/12 3:15 a.m.16 views

Cross site scripting

A Stored Cross Site ScriptingXSS Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious JavaScript which can ste...

3.5CVSS5.4AI score0.01615EPSS
Exploits2References5Affected Software1
Cvelist
Cvelist
added 2021/02/11 4:30 p.m.25 views

CVE-2020-4768

IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

4.4CVSS5.2AI score0.00466EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2021/02/11 12:0 a.m.360 views

PEEL Shopping 9.3.0 Cross Site Scripting

Exploit Title: PEEL Shopping 9.3.0 - 'address' Stored Cross-Site Scripting Date: 2021-02-11 Exploit Author: Anmol K Sachan Vendor Homepage: https://www.peel.fr/ Software Link: https://sourceforge.net/projects/peel-shopping/ Software: : PEEL SHOPPING 9.3.0 Vulnerability Type: Stored Cross-site...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2021/02/09 1:9 p.m.29 views

CVE-2020-22841

Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module...

5.4AI score0.03537EPSS
Exploits2References3
Prion
Prion
added 2021/02/02 9:15 p.m.13 views

Cross site scripting

A cross-site scripting XSS vulnerability in Pryaniki 6.44.3 allows remote authenticated users to upload an arbitrary file. The JavaScript code will execute when someone visits the attachment...

3.5CVSS5.2AI score0.0075EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/02/02 8:43 p.m.19 views

CVE-2021-3395

A cross-site scripting XSS vulnerability in Pryaniki 6.44.3 allows remote authenticated users to upload an arbitrary file. The JavaScript code will execute when someone visits the attachment...

5.4AI score0.0075EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2021/02/01 2:2 p.m.40 views

CVE-2021-25646

Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a...

9CVSS1.2AI score0.99217EPSS
Exploits7References4
CNVD
CNVD
added 2021/02/01 12:0 a.m.9 views

RSA Archer Cross-Site Scripting Vulnerability (CNVD-2021-24477)

RSA Archer is the GRC Enterprise Risk Management Suite. A stored cross-site scripting vulnerability exists in Archer versions prior to 6.8 P4. An attacker can exploit this vulnerability to execute HTML or JavaScript code...

5.4CVSS5.8AI score0.0081EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2021/02/01 12:0 a.m.379 views

Vehicle Parking Tracker System 1.0 - 'Owner Name' Stored Cross-Site Scripting

Exploit Title: Vehicle Parking Tracker System 1.0 - 'Owner Name' Stored Cross-Site Scripting Date: 2021-01-30 Exploit Author: Anmol K Sachan Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/vehicle-parking-management-system-using-php-and-mysql/ Software: : Vehicle...

7.4AI score
Exploits0
OSV
OSV
added 2021/01/29 8:15 p.m.31 views

CVE-2021-25646

Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a...

8.8CVSS6.8AI score
Exploits0References16
NVD
NVD
added 2021/01/29 7:15 p.m.12 views

CVE-2020-24670

The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' attribute of 'dashboardXml' parameter...

5.4CVSS5.7AI score0.0062EPSS
Exploits0References2
NVD
NVD
added 2021/01/29 7:15 p.m.18 views

CVE-2020-24669

The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About...

5.4CVSS5.7AI score0.0062EPSS
Exploits0References2
Rows per page
Query Builder