Lucene search
K

195 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 8:8 a.m.5 views

CVE-2024-45510

An issue was discovered in Zimbra Collaboration ZCS through 10.0. Zimbra Webmail Modern UI is vulnerable to a stored Cross-Site Scripting XSS attack due to improper sanitization of user input. This allows an attacker to inject malicious code into specific fields of an e-mail message. When the...

5.4CVSS5.8AI score0.00312EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:42 a.m.6 views

CVE-2024-37392

A stored Cross-Site Scripting XSS vulnerability has been identified in SMSEagle software version 6.0. The vulnerability arises because the application did not properly sanitize user input in the SMS messages in the inbox. This could allow an attacker to inject malicious JavaScript code into an SM...

6.1CVSS5.5AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:23 a.m.21 views

CVE-2024-20540

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal Unified CCMP could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability exists...

5.4CVSS5.7AI score0.00265EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:26 a.m.11 views

CVE-2023-25719

ConnectWise Control before 22.9.10032 formerly known as ScreenConnect fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to...

8.8CVSS7.3AI score0.01065EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:36 a.m.9 views

CVE-2023-23372

A cross-site scripting XSS vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 a...

6.5CVSS5.7AI score0.00452EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:24 p.m.8 views

CVE-2022-21830

A blind self XSS vulnerability exists in RocketChat LiveChat...

6.1CVSS6AI score0.00758EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:9 p.m.12 views

CVE-2021-39496

Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into filename param to trigger Reflected XSS...

5.4CVSS7AI score0.00629EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:20 a.m.4 views

CVE-2019-17560

The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are...

9.1CVSS6.7AI score0.02007EPSS
Exploits0References1
Cisco
Cisco
added 2025/05/21 4:0 p.m.9 views

Cisco Identity Services Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the...

4.8CVSS6.2AI score0.00222EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/09 12:0 a.m.9 views

CVE-2025-45885

PHPGURUKUL Vehicle Parking Management System v1.13 is vulnerable to SQL injection in the /vpms/users/login.php file. Attackers can inject malicious code from the parameter 'emailcont' and use it directly in SQL queries...

9.8AI score0.00406EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.3 views

PT-2025-17115 · WordPress · Wp-Hijri

Name of the Vulnerable Software and Affected Versions: WP-Hijri versions 1.5.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to inject...

7.1CVSS7.7AI score0.00257EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2025/04/14 12:0 a.m.261 views

GestioIP 3.5.7 - Stored Cross-Site Scripting (Stored XSS)

Exploit Title: GestioIP 3.5.7 - GestioIP Vulnerability: Auth. Stored Cross-Site Scripting Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email: max.cybersecurity at belino.com GitHub disclosure link:...

6.1CVSS7.1AI score0.00782EPSS
Exploits3
Cvelist
Cvelist
added 2025/04/02 4:16 p.m.13 views

CVE-2025-20120

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected device. This...

6.1CVSS0.00301EPSS
Exploits0References1
CVE
CVE
added 2025/04/02 4:16 p.m.65 views

CVE-2025-20120

CVE-2025-20120 describes a stored cross-site scripting (XSS) vulnerability in the web-based management interfaces of Cisco’s EPNM and Prime Infrastructure. The root cause is insufficient validation of user-supplied input in the interface, allowing an unauthenticated, remote attacker to inject mal...

6.1CVSS6AI score0.00301EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/03/28 1:23 p.m.14 views

CVE-2025-2864 Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU

SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser reflected XSS...

2CVSS0.00215EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/28 1:23 p.m.12 views

CVE-2025-2864 Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU

SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser reflected XSS...

2CVSS7.2AI score0.00215EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/03/18 3:43 p.m.36 views

New 'Rules File Backdoor' Attack Lets Hackers Inject Malicious Code via AI Code Editors

Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence AI-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code. "This technique enables hackers to silently compromis...

7.7AI score
Exploits0
NVD
NVD
added 2025/03/13 6:15 a.m.11 views

CVE-2024-8402

An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. An input validation issue in the Google Cloud IAM integration feature could have enabled a Maintainer to...

7.4CVSS0.00228EPSS
Exploits1References2
NVD
NVD
added 2025/03/11 10:15 a.m.5 views

CVE-2024-56336

A vulnerability has been identified in SINAMICS S200 All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FS number is 02. The affected device contains an unlocked bootloader. This security oversight enables attackers to inject malicious code, or install untrusted...

9.8CVSS0.00513EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/11 9:48 a.m.4 views

CVE-2024-56336

A vulnerability has been identified in SINAMICS S200 All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FS number is 02. The affected device contains an unlocked bootloader. This security oversight enables attackers to inject malicious code, or install untrusted...

9.8CVSS9.4AI score0.00513EPSS
Exploits0References1
Rows per page
Query Builder