Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5938 matches found

Cvelist
Cvelistadded 2018/11/27 9:0 p.m.18 views

CVE-2018-13331

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames...

6.9AI score0.01082EPSS
Exploits1References1
Cvelist
Cvelistadded 2018/11/27 9:0 p.m.19 views

CVE-2018-13335

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing shared folders via their descriptions...

6.5AI score0.00852EPSS
Exploits1References1
Cvelist
Cvelistadded 2018/11/27 9:0 p.m.22 views

CVE-2018-13351

Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the edit password form...

6.3AI score0.00856EPSS
Exploits1References1
CVE
CVEadded 2018/11/27 9:0 p.m.42 views

CVE-2018-13351

TerraMaster TOS 3.1.03 Control Panel contains a cross-site scripting vulnerability that allows attackers to execute JavaScript through the edit password form. The provided documents do not specify the vulnerable component version beyond 3.1.03, nor any patched remediation or available exploit det...

4.8CVSS6.2AI score0.00856EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2018/11/27 9:0 p.m.20 views

CVE-2018-13359

Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "modgroup" parameter...

8.8AI score0.1988EPSS
Exploits1References1
CVE
CVEadded 2018/11/27 9:0 p.m.47 views

CVE-2018-13334

TerraMaster TOS

6.1CVSS6.5AI score0.01082EPSS
Exploits1References1Affected Software1
Prion
Prionadded 2018/11/27 8:29 p.m.21 views

Cross site scripting

Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "optionssysname" parameter...

4.3CVSS6.2AI score0.01082EPSS
Exploits1References1Affected Software1
NVD
NVDadded 2018/11/27 8:29 p.m.19 views

CVE-2018-13334

Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "optionssysname" parameter...

6.1CVSS6.3AI score0.01082EPSS
Exploits1References1
CNVD
CNVDadded 2018/11/27 12:0 a.m.2 views

TOTOLINK A3002RU cross-site scripting vulnerability (CNVD-2018-24105)

TOTOLINK A3002RU is a wireless router product from Gion Electronics TOTOLINK. A cross-site scripting vulnerability exists in the password.htm page in TOTOLINK A3002RU version 1.0.8. A remote attacker can exploit this vulnerability to execute arbitrary JavaScript code with the help of a username...

6.1CVSS6.3AI score0.00672EPSS
Exploits0References1
Cvelist
Cvelistadded 2018/11/26 10:0 p.m.27 views

CVE-2018-13309

Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password...

6.4AI score0.00707EPSS
Exploits1References1
Tenable Nessus
Tenable Nessusadded 2018/11/26 12:0 a.m.25 views

Debian DLA-1592-1 : otrs2 security update

Two security vulnerabilities were discovered in OTRS, a Ticket Request System, that may lead to privilege escalation or arbitrary file write. CVE-2018-19141 An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS...

6.5CVSS6.6AI score0.00861EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2018/11/21 10:19 p.m.24 views

Valine HTML Injection

An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...

6.1CVSS6.2AI score0.01228EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2018/11/18 5:29 p.m.22 views

CVE-2018-19351

Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. In other words, nbconvert endpoints can execute JavaScript with access to the server API. In notebook/nbconvert/handlers.py,...

6.1CVSS6AI score
Exploits0References5
Prion
Prionadded 2018/11/15 6:29 a.m.16 views

Design/Logic Flaw

An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...

4.3CVSS6.2AI score0.01228EPSS
Exploits1References1Affected Software1
NVD
NVDadded 2018/11/15 6:29 a.m.17 views

CVE-2018-19289

An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...

6.1CVSS6.3AI score0.01228EPSS
Exploits1References1
OSV
OSVadded 2018/11/15 6:29 a.m.14 views

CVE-2018-19289

An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...

6.1CVSS6.3AI score
Exploits0References1
Cvelist
Cvelistadded 2018/11/15 6:0 a.m.22 views

CVE-2018-19289

An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...

6.2AI score0.01228EPSS
Exploits1References1
CVE
CVEadded 2018/11/15 6:0 a.m.52 views

CVE-2018-19289

Valine v1.3.3 is affected by CVE-2018-19289: HTML injection can be triggered via an EMBED element in conjunction with a .pdf file, enabling JavaScript execution. Connected sources (GHSA/OSV) corroborate HTML injection in Valine and mention the embed policy bypass. No remediation/version patch det...

6.1CVSS6.2AI score0.01228EPSS
Exploits1References1Affected Software1
OSV
OSVadded 2018/11/13 8:29 p.m.2 views

CVE-2018-2485

It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. This can include reading and writing of information and calling device specific JavaScript APIs in the application. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues a...

7.7CVSS5.9AI score0.01178EPSS
Exploits0References3
Prion
Prionadded 2018/11/13 8:29 p.m.20 views

Information disclosure

It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. This can include reading and writing of information and calling device specific JavaScript APIs in the application. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues a...

6.4CVSS7.5AI score0.01178EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder