CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5006 matches found

OSV•added 2021/08/30 4:15 p.m.•13 views

CVE-2021-27910

Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "errorrelatedto" parameters of the POST request of the bounce management callback will be permanently stored and execute...

6.1CVSS6.7AI score

Exploits0References1

NVD•added 2021/08/30 4:15 p.m.•9 views

CVE-2021-27910

8.2CVSS0.00435EPSS

Exploits0References1

Prion•added 2021/08/30 4:15 p.m.•8 views

Design/Logic Flaw

4.3CVSS6.6AI score0.00435EPSS

Exploits0References1Affected Software1

Cvelist•added 2021/08/30 3:55 p.m.•12 views

CVE-2021-27910 Stored XSS vulnerability on Bounce Management Callback

8.2CVSS8.6AI score0.00435EPSS

Exploits0References1

CVE•added 2021/08/30 3:55 p.m.•67 views

CVE-2021-27910

CVE-2021-27910 describes a stored XSS in Mautic via the bounce management callback. The vulnerability arises from insufficient sanitization of the POST parameters error and error_related_to in the callback endpoint (POST /mailer//callback). An attacker with access to the callback can inject arbit...

8.2CVSS6.9AI score0.00435EPSS

Exploits0References1Affected Software1

CNNVD•added 2021/08/30 12:0 a.m.•1 views

Atlassian Jira 跨站脚本漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A security vulnerability exists in the Editor plug-in for Atlassian Jira Server and Data Center versions prior to 8.5.18, 8.6.0 ...

6.1CVSS6.4AI score0.00344EPSS

Exploits0References1

CNNVD•added 2021/08/30 12:0 a.m.•2 views

Hedgedoc 跨站脚本漏洞

HedgeDoc is a platform for writing and sharing Markdown. cross-site scripting vulnerabilities exist in versions of HedgeDoc prior to 1.9.0. An attacker could exploit the vulnerability by embedding an iframe hosting malicious code into a slideshow or embedding a HedgeDoc instance into another page...

8.1CVSS5.6AI score0.00313EPSS

Exploits0References5

CNNVD•added 2021/08/30 12:0 a.m.•1 views

Atlassian Jira 跨站脚本漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is mainly used to track and manage all types of issues and defects in the workplace. A security vulnerability exists in Atlassian Jira Server and Data Center versions prior to 8.18.0, which originates from...

4.8CVSS5.5AI score0.00215EPSS

Exploits0References1

OSV•added 2021/08/26 11:15 a.m.•8 views

CVE-2020-14161

It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint...

6.1CVSS6.6AI score

Exploits0References3

NVD•added 2021/08/26 11:15 a.m.•9 views

CVE-2020-14161

It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint...

6.1CVSS0.00307EPSS

Exploits0References3

Prion•added 2021/08/26 11:15 a.m.•14 views

Hardcoded credentials

It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint...

4.3CVSS6.2AI score0.00307EPSS

Exploits0References3Affected Software1

CVE•added 2021/08/26 10:57 a.m.•40 views

CVE-2020-14161

CVE-2020-14161 affects Gotenberg and is exploited as a Server-Side Request Forgery (SSRF) via the /convert/html endpoint. The root cause is insecure handling of the src in HTML elements, enabling an attacker to reference internal files (e.g., file:// URIs) through the chromium module used by the ...

6.1CVSS6.1AI score0.00307EPSS

Exploits0References3Affected Software1

Cvelist•added 2021/08/26 10:57 a.m.•13 views

CVE-2020-14161

It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint...

6.2AI score0.00307EPSS

Exploits0References3

CNNVD•added 2021/08/17 12:0 a.m.•1 views

SuiteCRM 跨站脚本漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM Suitecrm team. A security vulnerability in the web interface of SuiteCRM before 7.11.19 allows remote attackers to upload malicious files by bypassing content type filters and introducing arbitrary JavaScript...

6.1CVSS6.4AI score0.00723EPSS

Exploits1References4

NVD•added 2021/08/16 3:15 a.m.•7 views

CVE-2021-38709

In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staffmessaging messaging system for XSS...

6.1CVSS0.00317EPSS

Exploits0References1

OSV•added 2021/08/16 3:15 a.m.•1 views

CVE-2021-38709

In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staffmessaging messaging system for XSS...

6.1CVSS6.4AI score

Exploits0References1