Lucene search
K

94 matches found

WPVulnDB
WPVulnDB
added 2023/05/19 12:0 a.m.15 views

Groundhogg <= 2.7.9.8 - Privilege Escalation via CSRF

The plugin lacks CSRF protection when generating the auto login link through a shortcode, enabling attackers to manipulate the assigned user in the link...

8CVSS6.8AI score0.00399EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 4:13 a.m.10 views

SUSE CVE-2019-10092

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the modproxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with...

7.1CVSS7.4AI score0.81466EPSS
Exploits4References10
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.3 views

SUSE CVE-2021-25631

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist but results in ShellExecute attempting to launch an executable type...

9.3CVSS6.9AI score0.0417EPSS
Exploits1References3
NVD
NVD
added 2023/01/10 9:15 p.m.26 views

CVE-2022-38482

A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4...

4.3CVSS4.6AI score0.0056EPSS
Exploits0References3
OSV
OSV
added 2023/01/10 9:15 p.m.5 views

CVE-2022-38482

A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4...

4.3CVSS5.8AI score0.0056EPSS
Exploits0References3
Prion
Prion
added 2023/01/10 9:15 p.m.16 views

Code injection

A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4...

4.3CVSS4.7AI score0.0056EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/10 12:0 a.m.3 views

PT-2023-13610 · Mega · Mega Hopex

Name of the Vulnerable Software and Affected Versions: Mega HOPEX versions 15.2.0.6110 through V5CP4 Description: A link-manipulation issue was discovered. Recommendations: For Mega HOPEX versions 15.2.0.6110 through V5CP4, update to version V5CP4 or later to resolve the issue...

4.3CVSS7.2AI score0.0056EPSS
Exploits0References6
CVE
CVE
added 2023/01/10 12:0 a.m.56 views

CVE-2022-38482

Mega HOPEX vulnerability CVE-2022-38482 affects versions 15.2.0.6110 through V5CP4, with a link-manipulation issue. Root cause is not elaborated in the provided documents beyond the version range. Remediation: upgrade to V5CP4 or later. No exploitation details are provided in the sources; in-the-...

4.3CVSS4.7AI score0.0056EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/01/10 12:0 a.m.4 views

MEGA International HOPEX 后置链接漏洞

MEGA International HOPEX is a single software platform from MEGA International, France. combining integrated software solutions including privacy and data management, business process analysis and risk management. A security vulnerability exists in MEGA International HOPEX version 15.2.0.6110,...

4.3CVSS5AI score0.0056EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/01/10 12:0 a.m.8 views

CVE-2022-38482

A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4...

4.3CVSS6.9AI score0.0056EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/01/10 12:0 a.m.28 views

CVE-2022-38482

A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4...

4.3CVSS5AI score0.0056EPSS
Exploits0References3
NVD
NVD
added 2022/12/29 8:15 a.m.20 views

CVE-2018-25058

A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible ...

6.1CVSS0.00518EPSS
Exploits0References5
CVE
CVE
added 2022/12/29 7:56 a.m.51 views

CVE-2018-25058

The CVE-2018-25058 issue affects Twitter-Post-Fetcher up to version 17.x, specifically the js/twitterFetcher.js component of the Link Target Handler. The vulnerability enables a web link to an untrusted target via window.opener access and can be triggered remotely. A fix is available in version 1...

6.1CVSS5.3AI score0.00518EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2022/12/22 10:15 a.m.18 views

Design/Logic Flaw

A vulnerability was found in ahorner text-helpers up to 1.0.x. It has been declared as critical. This vulnerability affects unknown code of the file lib/texthelpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The...

5.8CVSS6.4AI score0.00573EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/09/28 4:15 a.m.20 views

CVE-2022-38699

Armoury Crate Service’s logging function has insufficient validation to check if the log file is a symbolic link. A physical attacker with general user privilege can modify the log file property to a symbolic link that points to arbitrary system file, causing the logging function to overwrite the...

5.9CVSS0.00311EPSS
Exploits0References1
CVE
CVE
added 2022/09/19 6:0 p.m.71 views

CVE-2022-34893

CVE-2022-34893 – Trend Micro Security 2022 (consumer) is a local privilege-escalation flaw described as a “link following vulnerability” in multiple sources. The root cause involves manipulation of a mountpoint via a symbolic link, enabling a low-privileged attacker with local access to escalate ...

7.8CVSS7.8AI score0.00275EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/09/08 1:15 p.m.3 views

CVE-2022-20863

A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an unauthenticated, remote attacker to manipulate links or other content within the messaging interface. This vulnerability exists because the affected software does not properly handle character...

5.3CVSS5.8AI score0.00796EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/09/05 12:0 a.m.6 views

OTRS 跨站脚本漏洞

OTRS is an application from the German company OTRS. A service management software. A security vulnerability exists in OTRS version 7.0.x prior to 7.0.37, and OTRS version 8.0.x prior to 8.0.25, which originates from an attacker logged in to OTRS as an administrator user, who may be able to...

4.8CVSS5.2AI score0.00531EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/05/26 11:25 p.m.27 views

CVE-2022-30687

Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files...

6.9AI score0.00435EPSS
Exploits0References2
Huntr
Huntr
added 2022/05/15 4:27 p.m.27 views

Stored XSS on drawio

Sumary Draw io has a feature to put links on a text, due to a bad sanitization it allows to put javascript:// scheme on a anchor tag which allows to execute javascript code Steps to reproduce 1. Create a text box and set word size to 50 2. Click with the rigth button and "Edit link" 3. Put...

3.5CVSS1.4AI score0.00592EPSS
Exploits1References2
Rows per page
Query Builder