Lucene search
K

195 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-39333

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that t...

5.3CVSS6.8AI score0.00936EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/02/20 12:0 a.m.5 views

PT-2025-7291 · Phpjabbers · Phpjabbers Car Park Booking System

Name of the Vulnerable Software and Affected Versions: PHPJabbers Car Park Booking System version 3.0 Description: The issue concerns multiple HTML injection vulnerabilities in the name, plugin sms api key, plugin sms country code, and title parameters. This allows for potential malicious code...

6.1CVSS7AI score0.00325EPSS
Exploits2References7
OSV
OSV
added 2025/02/10 3:27 p.m.14 views

CVE-2024-11831 Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by...

5.4CVSS7.1AI score0.01081EPSS
Exploits0References30
HackRead
HackRead
added 2025/02/07 9:35 p.m.17 views

ASP.NET Vulnerability Lets Hackers Hijack Servers, Inject Malicious Code

Microsoft cybersecurity experts have identified a vulnerability flaw affecting ASP.NET applications, putting thousands of web servers at risk.…...

7.2AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/02/05 4:14 p.m.8 views

CVE-2025-20204 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied...

4.8CVSS6AI score0.00314EPSS
Exploits0References1
CVE
CVE
added 2025/02/05 4:14 p.m.76 views

CVE-2025-20204

CVE-2025-20204 affects Cisco Identity Services Engine (ISE) web-based management interface. The issue is a cross-site scripting (XSS) vulnerability caused by insufficient validation of user-supplied input, enabling an authenticated attacker with valid admin credentials to inject malicious script ...

4.8CVSS6AI score0.00314EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2025/02/05 1:29 a.m.14 views

Cross-Site Scripting (XSS)

Axios is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper origin determination and unsafe handling of the href attribute in the lib/helpers/isURLSameOrigin.js file, which does not use a proper URL object. It allows an attacker to manipulate the href attribute and injec...

9.8CVSS6.1AI score0.00369EPSS
Exploits0References5Affected Software2
CNNVD
CNNVD
added 2025/01/30 12:0 a.m.5 views

EmbedAI 跨站脚本漏洞

EmbedAI is a platform from EmbedAI that enables users to use their data to create AI chatbots powered by ChatGPT. EmbedAI suffers from a cross-site scripting vulnerability. An attacker exploiting this vulnerability could inject malicious JavaScript code into messages...

8.6CVSS6.2AI score0.00229EPSS
Exploits0References1
NVD
NVD
added 2025/01/27 9:15 a.m.15 views

CVE-2025-24814

Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that 1 use the "FileSystemConfigSetService" component the default in "standalone" or "user-managed" mode, and 2 are running without authentication and authorization are vulnerable to a sort...

5.5CVSS0.01136EPSS
Exploits0References3
NVD
NVD
added 2025/01/14 1:15 a.m.8 views

CVE-2025-0060

SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which can read sensitive information from the server and send it to the attacker. The attacker could further use this information to impersonate as a high privileged...

6.5CVSS0.00386EPSS
Exploits0References2
CVE
CVE
added 2025/01/14 12:0 a.m.54 views

CVE-2024-50861

GestioIP v3.5.7 is affected by a Stored XSS in the ip_mod_dns_key_form.cgi flow. An attacker can inject code into the TSIG Key field, which is stored in the database and triggers XSS when the DNS Key page is viewed, enabling data exfiltration and CSRF. The Red Hat CVE entry and Exploit/packetstor...

6.1CVSS5.8AI score0.00782EPSS
Exploits3References3Affected Software1
CVE
CVE
added 2025/01/08 4:19 p.m.71 views

CVE-2025-20166

CVE-2025-20166 affects Cisco Common Services Platform Collector (CSPC). The vulnerability is an authenticated, remote cross-site scripting (XSS) flaw in the CSPC web-based management interface caused by insufficient validation of user-supplied input. An attacker with at least a low-privileged acc...

5.4CVSS5.3AI score0.00357EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/08 12:0 a.m.8 views

PT-2025-1022 · Cisco · Cisco Common Services Platform Collector

Name of the Vulnerable Software and Affected Versions: Cisco Common Services Platform Collector CSPC affected versions not specified Description: A vulnerability in the web-based management interface of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to...

5.5CVSS5.2AI score0.00276EPSS
Exploits0References9
OSV
OSV
added 2025/01/02 10:43 p.m.5 views

GHSA-WW33-JPPQ-QFRP phpMyFAQ Vulnerable to Stored HTML Injection at FAQ

Summary Due to insufficient validation on the content of new FAQ posts, it is possible for authenticated users to inject malicious HTML or JavaScript code that can impact other users viewing the FAQ. This vulnerability arises when user-provided inputs in FAQ entries are not sanitized or escaped...

5.2CVSS6.2AI score0.00403EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2024/12/30 10:40 a.m.6 views

When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions

News has been making headlines over the weekend of the extensive attack campaign targeting browser extensions and injecting them with malicious code to steal user credentials. Currently, over 25 extensions, with an install base of over two million users, have been found to be compromised, and...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2024/11/28 11:30 a.m.5 views

The Future of Serverless Security in 2025: From Logs to Runtime Protection

Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around...

8.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/11/26 12:0 a.m.8 views

PT-2024-35795 · Spip · Spip

Name of the Vulnerable Software and Affected Versions: SPIP version 4.3.3 Description: A cross-site scripting XSS vulnerability in the Article module of SPIP allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter. This...

4.8CVSS5.4AI score0.00361EPSS
Exploits1References9
Cvelist
Cvelist
added 2024/11/22 3:34 p.m.18 views

CVE-2024-32767 Photo Station

A cross-site scripting XSS vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo Station 6.4.3 2024/07/12 a...

6.3CVSS0.00361EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/11/21 12:0 a.m.10 views

Zimbra Collaboration Server 9.0.0 < 9.0.0 Patch 41, 10.0 < 10.0.9, 10.1.0 < 10.1.1 XSS

An issue was discovered in Zimbra Collaboration ZCS through 10.0. Zimbra Webmail Modern UI is vulnerable to a stored Cross-Site Scripting XSS attack due to improper sanitization of user input. This allows an attacker to inject malicious code into specific fields of an e-mail message. When the...

5.4CVSS5.6AI score0.00312EPSS
Exploits0References6
Veracode
Veracode
added 2024/10/08 6:34 a.m.6 views

Cross Site Scripting(XSS)

sulu/sulu is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the improper handling of user input in the media download URL within the SuluMediaBundle component, allowing attackers to inject malicious code that can be executed in the browser of users who access the compromised...

6.1CVSS6.2AI score0.00331EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder