Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5006 matches found

NVD
NVDadded 2022/10/31 9:15 p.m.12 views

CVE-2022-39016

Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload...

8.8CVSS0.00558EPSS
Exploits0References1
OSV
OSVadded 2022/10/31 9:15 p.m.3 views

CVE-2022-39016

Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload...

8.8CVSS5.8AI score0.00558EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2022/10/31 8:6 p.m.7 views

CVE-2022-39016 Javascript injection in PDFtron in M-Files Hubshare

Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload...

8.2CVSS6.9AI score0.00558EPSS
Exploits0References1
CVE
CVEadded 2022/10/31 8:6 p.m.71 views

CVE-2022-39016

The CVE-2022-39016 issue affects M‑Files Hubshare prior to 3.3.10.9, where a Javascript injection in PDFtron enables an authenticated attacker to perform an account takeover via a crafted PDF upload. Impact is described as takeover with high confidentiality, integrity, and availability implicatio...

8.8CVSS8.4AI score0.00558EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2022/10/31 7:15 a.m.1 views

CVE-2022-39025

U-Office Force PrintMessage function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS Reflected Cross-Site Scripting attack...

6.1CVSS5.8AI score0.00404EPSS
Exploits0References1
OSV
OSVadded 2022/10/31 7:15 a.m.1 views

CVE-2022-39024

U-Office Force Bulletin function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS Reflected Cross-Site Scripting attack...

6.1CVSS5.8AI score
Exploits0References1
OSV
OSVadded 2022/10/31 7:15 a.m.1 views

CVE-2022-39027

U-Office Force Forum function has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript and perform XSS Stored Cross-Site Scripting attack...

5.4CVSS5.8AI score0.00167EPSS
Exploits0References1
Prion
Prionadded 2022/10/31 7:15 a.m.27 views

Cross site scripting

U-Office Force Forum function has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript and perform XSS Stored Cross-Site Scripting attack...

4.9CVSS5.4AI score0.00167EPSS
Exploits0References1Affected Software1
Prion
Prionadded 2022/10/31 7:15 a.m.20 views

Cross site scripting

U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform XSS Stored Cross-Site Scripting attack...

4.9CVSS5.3AI score0.00154EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2022/10/31 6:40 a.m.5 views

CVE-2022-40739 Ragic, Inc. Ragic - Reflected XSS

Ragic report generation page has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript to perform XSS Reflected Cross-Site Scripting attack...

5.4CVSS6.2AI score0.00264EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2022/10/31 6:40 a.m.10 views

CVE-2022-39027 e-Excellence Inc. U-Office Force - Stored XSS

U-Office Force Forum function has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript and perform XSS Stored Cross-Site Scripting attack...

5.4CVSS5.4AI score0.00167EPSS
Exploits0References1
Cvelist
Cvelistadded 2022/10/31 6:40 a.m.18 views

CVE-2022-39027 e-Excellence Inc. U-Office Force - Stored XSS

U-Office Force Forum function has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript and perform XSS Stored Cross-Site Scripting attack...

5.4CVSS5.6AI score0.00167EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2022/10/31 6:40 a.m.6 views

CVE-2022-39026 e-Excellence Inc. U-Office Force - Stored XSS

U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform XSS Stored Cross-Site Scripting attack...

5.4CVSS5.4AI score0.00154EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2022/10/31 6:40 a.m.8 views

CVE-2022-39025 e-Excellence Inc. U-Office Force - Reflected XSS

U-Office Force PrintMessage function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS Reflected Cross-Site Scripting attack...

6.1CVSS6.2AI score0.00404EPSS
Exploits0References1
CNNVD
CNNVDadded 2022/10/31 12:0 a.m.1 views

Forma Learning Management System 跨站脚本漏洞

Forma Learning Management System LMS is a Learning Management System LMS. A security vulnerability exists in Forma Learning Management System 3.1.0 and prior versions, which originated from a vulnerability that allows remote attackers to inject JavaScript code into the backurl parameter, which ca...

6.1CVSS6.5AI score0.00185EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2022/10/31 12:0 a.m.4 views

PT-2022-24672 · Pdftron Systems +1 · Pdftron +1

Name of the Vulnerable Software and Affected Versions: M-Files Hubshare versions prior to 3.3.10.9 Description: The issue allows authenticated attackers to perform an account takeover via a crafted PDF upload, exploiting a Javascript injection in PDFtron. Recommendations: For versions prior to...

8.8CVSS8.5AI score0.00558EPSS
Exploits0References2
CNNVD
CNNVDadded 2022/10/31 12:0 a.m.1 views

M-Files Hubshare 注入漏洞

M-Files Hubshare is a collaboration solution from M-Files, Inc. designed to seamlessly share files, documents and collaborative content. A security vulnerability exists in M-Files Hubshare versions prior to 3.3.10.9, which stems from a vulnerability in its PDFtron that allows an authenticated...

8.8CVSS7.9AI score0.00558EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2022/10/31 12:0 a.m.2 views

PT-2022-26020 · Forma Lms · Forma Lms

Name of the Vulnerable Software and Affected Versions: Forma LMS versions 3.1.0 and earlier Description: The issue allows a remote attacker to inject javascript code on the back url parameter in the "appLms/index.php?modname=faq&op=play" function, potentially leading to the theft of user cookies...

6.1CVSS6.4AI score0.00185EPSS
Exploits0References3
CNNVD
CNNVDadded 2022/10/31 12:0 a.m.2 views

e-Excellence U-Office Force 跨站脚本漏洞

e-Excellence U-Office Force is an e-Office platform from China's First Class Technology e-Excellence. U-Office Force suffers from a cross-site scripting vulnerability that stems from insufficient filtering of special characters in its Forum feature, which allows an unauthenticated, remote attacke...

5.4CVSS5.1AI score0.00167EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2022/10/31 12:0 a.m.2 views

PT-2022-24680 · U-Office · U-Office

Name of the Vulnerable Software and Affected Versions: U-Office affected versions not specified Description: The issue is related to insufficient filtering for special characters in the Force Bulletin function, allowing an unauthenticated remote attacker to inject JavaScript and perform a Reflect...

6.1CVSS6.1AI score0.00644EPSS
Exploits0References2
Rows per page
Query Builder