Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5086 matches found

Veracode
Veracodeadded 2022/11/02 7:36 a.m.18 views

Cross-site Scripting (XSS)

github.com/eolinker/apinto-dashboard is vulnerable to cross-site scriptingXSS attacks. A remote authenticated attacker is able to inject and execute malicious javascript on the victim's machine via the argument callbacks in the /login file...

6.1CVSS6.2AI score0.00584EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2022/10/31 9:15 p.m.4 views

CVE-2022-39016

Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload...

8.8CVSS5.8AI score0.00491EPSS
Exploits0References1
NVD
NVDadded 2022/10/31 9:15 p.m.25 views

CVE-2022-39016

Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload...

8.8CVSS0.00491EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2022/10/31 8:6 p.m.7 views

CVE-2022-39016 Javascript injection in PDFtron in M-Files Hubshare

Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload...

8.2CVSS6.9AI score0.00491EPSS
Exploits0References1
CVE
CVEadded 2022/10/31 8:6 p.m.73 views

CVE-2022-39016

The CVE-2022-39016 issue affects M‑Files Hubshare prior to 3.3.10.9, where a Javascript injection in PDFtron enables an authenticated attacker to perform an account takeover via a crafted PDF upload. Impact is described as takeover with high confidentiality, integrity, and availability implicatio...

8.8CVSS8.4AI score0.00491EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2022/10/31 7:15 a.m.2 views

CVE-2022-39024

U-Office Force Bulletin function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS Reflected Cross-Site Scripting attack...

6.1CVSS5.8AI score0.00494EPSS
Exploits0References1
OSV
OSVadded 2022/10/31 7:15 a.m.2 views

CVE-2022-39027

U-Office Force Forum function has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript and perform XSS Stored Cross-Site Scripting attack...

5.4CVSS5.8AI score0.00429EPSS
Exploits0References1
OSV
OSVadded 2022/10/31 7:15 a.m.2 views

CVE-2022-39025

U-Office Force PrintMessage function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS Reflected Cross-Site Scripting attack...

6.1CVSS5.8AI score0.00494EPSS
Exploits0References1
Prion
Prionadded 2022/10/31 7:15 a.m.22 views

Cross site scripting

U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform XSS Stored Cross-Site Scripting attack...

4.9CVSS5.3AI score0.00429EPSS
Exploits0References1Affected Software1
Prion
Prionadded 2022/10/31 7:15 a.m.27 views

Cross site scripting

U-Office Force Forum function has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript and perform XSS Stored Cross-Site Scripting attack...

4.9CVSS5.4AI score0.00429EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2022/10/31 6:40 a.m.5 views

CVE-2022-40739 Ragic, Inc. Ragic - Reflected XSS

Ragic report generation page has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript to perform XSS Reflected Cross-Site Scripting attack...

5.4CVSS6.2AI score0.00429EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2022/10/31 6:40 a.m.10 views

CVE-2022-39027 e-Excellence Inc. U-Office Force - Stored XSS

U-Office Force Forum function has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript and perform XSS Stored Cross-Site Scripting attack...

5.4CVSS5.4AI score0.00429EPSS
Exploits0References1
Cvelist
Cvelistadded 2022/10/31 6:40 a.m.20 views

CVE-2022-39027 e-Excellence Inc. U-Office Force - Stored XSS

U-Office Force Forum function has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript and perform XSS Stored Cross-Site Scripting attack...

5.4CVSS5.6AI score0.00429EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2022/10/31 6:40 a.m.7 views

CVE-2022-39026 e-Excellence Inc. U-Office Force - Stored XSS

U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform XSS Stored Cross-Site Scripting attack...

5.4CVSS5.4AI score0.00429EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2022/10/31 6:40 a.m.9 views

CVE-2022-39025 e-Excellence Inc. U-Office Force - Reflected XSS

U-Office Force PrintMessage function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS Reflected Cross-Site Scripting attack...

6.1CVSS6.2AI score0.00494EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2022/10/31 12:0 a.m.3 views

PT-2022-24680 · U-Office · U-Office

Name of the Vulnerable Software and Affected Versions: U-Office affected versions not specified Description: The issue is related to insufficient filtering for special characters in the Force Bulletin function, allowing an unauthenticated remote attacker to inject JavaScript and perform a Reflect...

6.1CVSS6.1AI score0.00494EPSS
Exploits0References2
CNNVD
CNNVDadded 2022/10/31 12:0 a.m.2 views

Ragic 跨站脚本漏洞

Ragic is a No Code enterprise e-enablement tool from China Immediate Technology Ragic. A cross-site scripting vulnerability exists in versions of Ragic prior to 2022/06/28, which stems from insufficient filtering of special characters on the report generation page and can be exploited by a remote...

5.4CVSS5.6AI score0.00429EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2022/10/31 12:0 a.m.3 views

PT-2022-26020 · Forma Lms · Forma Lms

Name of the Vulnerable Software and Affected Versions: Forma LMS versions 3.1.0 and earlier Description: The issue allows a remote attacker to inject javascript code on the back url parameter in the "appLms/index.php?modname=faq&op=play" function, potentially leading to the theft of user cookies...

6.1CVSS6.4AI score0.00454EPSS
Exploits0References3
CNNVD
CNNVDadded 2022/10/31 12:0 a.m.3 views

Forma Learning Management System 跨站脚本漏洞

Forma Learning Management System LMS is a Learning Management System LMS. A security vulnerability exists in Forma Learning Management System 3.1.0 and prior versions, which originated from a vulnerability that allows remote attackers to inject JavaScript code into the backurl parameter, which ca...

6.1CVSS6.5AI score0.00454EPSS
Exploits0References2
CNNVD
CNNVDadded 2022/10/31 12:0 a.m.2 views

M-Files Hubshare 注入漏洞

M-Files Hubshare is a collaboration solution from M-Files, Inc. designed to seamlessly share files, documents and collaborative content. A security vulnerability exists in M-Files Hubshare versions prior to 3.3.10.9, which stems from a vulnerability in its PDFtron that allows an authenticated...

8.8CVSS7.9AI score0.00491EPSS
Exploits0References2
Rows per page
Query Builder