Lucene search
K

14 matches found

Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.14 views

PT-2026-45855

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.5 authentik versions prior to 2026.2.3 Description An issue exists in the Simple Flow Executor SFE, which is a component used to manage the sequence of steps in an authentication flow. Due to the...

9.3CVSS5.6AI score0.00318EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.5 views

CVE-2024-13993

Nagios XI versions prior to 2024R1.1.2 are vulnerable to a reflected cross-site scripting XSS via the login page when accessed with older web browsers. Insufficient validation or escaping of user-supplied input reflected by the login page can allow an attacker to craft a malicious link that, when...

6.1CVSS5.9AI score0.00725EPSS
Exploits0References1
OSV
OSV
added 2025/10/30 10:15 p.m.2 views

CVE-2024-13993

Nagios XI versions prior to 2024R1.1.2 are vulnerable to a reflected cross-site scripting XSS via the login page when accessed with older web browsers. Insufficient validation or escaping of user-supplied input reflected by the login page can allow an attacker to craft a malicious link that, when...

6.1CVSS5.7AI score0.00725EPSS
Exploits0References3
NVD
NVD
added 2025/10/30 10:15 p.m.7 views

CVE-2024-13993

Nagios XI versions prior to 2024R1.1.2 are vulnerable to a reflected cross-site scripting XSS via the login page when accessed with older web browsers. Insufficient validation or escaping of user-supplied input reflected by the login page can allow an attacker to craft a malicious link that, when...

6.1CVSS0.00725EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-24666

Malicious code in bioql PyPI...

6.1CVSS6.5AI score0.00207EPSS
Exploits1References1
OSV
OSV
added 2025/08/12 12:13 a.m.2 views

GHSA-XCXH-6CV4-Q8P8 HFS user adding a "web link" in HFS is vulnerable to "target=_blank" exploit

Summary When adding a "web link" to the HFS virtual filesystem, the frontend opens it with target="blank" but without the rel="noopener noreferrer" attribute. This allows the opened page to use the window.opener property to change the location of the original HFS tab. Details While most modern...

6.3CVSS6.5AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.3 views

PT-2025-34325 · Npm · Hfs

Summary When adding a "web link" to the HFS virtual filesystem, the frontend opens it with target=" blank" but without the rel="noopener noreferrer" attribute. This allows the opened page to use the window.opener property to change the location of the original HFS tab. Details While most modern...

6.3CVSS6.6AI score
Exploits0References4
Veracode
Veracode
added 2024/07/03 3:45 p.m.20 views

Supply Chain Attack

Fides is vulnerable to Supply Chain Attack. The vulnerability is due to mishandling of client-side script dependencies and the use of a compromised third-party domain like polyfill.io. The vulnerability allows an attacker to serve malicious scripts to users of legacy browsers when they load...

6.5AI score0.01427EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2024/07/02 9:20 p.m.32 views

Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js

Note On Thursday, June 27, 2024, Cloudflare and Namecheap intervened at a domain level to ensure polyfill.io and its subdomains could not resolve to the compromised service, rendering this vulnerability unexploitable. The following sections describe this vulnerability prior to the domain level...

9.8CVSS6.8AI score0.01427EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2024/07/02 7:50 p.m.104 views

CVE-2024-38537

Fides (Ethical) vulnerability CVE-2024-38537 affects the client-side script fides.js, which in a limited edge case used the polyfill.io domain to support legacy browsers (IE11) lacking fetch. If the polyfill.io domain was compromised, legacy-browser users could download and execute malicious scri...

9.8CVSS3.7AI score0.01427EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2020/07/29 3:21 p.m.2 views

amq-on: CSRF (in graphQL requests)

A flaw was found in the AMQ Online console, where it is vulnerable to a Cross-Site Request Forgery attack CSRF, which is exploitable in cases where preflight checks are not instigated or bypassed. This flaw allows an attacker to target authorized users using an older browser with Adobe Flash. The...

5.9CVSS5.7AI score0.00321EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/11/27 12:0 a.m.30 views

Missing 'X-XSS-Protection' Header

The HTTP 'X-XSS-Protection' response header is a feature of old browsers that allows websites to control their XSS auditors.\n\nThe server is not configured to return a 'X-XSS-Protection' header which means that any pages on this website could be at risk of a Cross-Site Scripting XSS attack. This...

5.5AI score
Exploits0References2
ArchLinux
ArchLinux
added 2016/12/12 12:0 a.m.502 views

[ASA-201612-12] python2-html5lib: cross-site scripting

Arch Linux Security Advisory ASA-201612-12 ========================================== Severity: Low Date : 2016-12-12 CVE-ID : CVE-2016-9909 CVE-2016-9910 Package : python2-html5lib Type : cross-site scripting Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The packag...

6.1CVSS3AI score0.02141EPSS
Exploits0References6
ArchLinux
ArchLinux
added 2016/12/12 12:0 a.m.505 views

[ASA-201612-13] python-html5lib: cross-site scripting

Arch Linux Security Advisory ASA-201612-13 ========================================== Severity: Low Date : 2016-12-12 CVE-ID : CVE-2016-9909 CVE-2016-9910 Package : python-html5lib Type : cross-site scripting Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package...

6.1CVSS3AI score0.02141EPSS
Exploits0References6
Rows per page
Query Builder