Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:41 a.m.6 views

CVE-2022-26156

An issue was discovered in the web application in Cherwell Service Management CSM 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places...

6.1CVSS7.1AI score0.00713EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:5 a.m.5 views

CVE-2024-51094

An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, and opens it, the injected payload will be...

8CVSS6.9AI score0.00429EPSS
Exploits0References1
Veracode
Veracode
added 2025/03/13 3:24 a.m.9 views

Stored Cross-site Scripting (XSS)

github.com/lf-edge/ekuiper is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to improper input validation in the rule id parameter, allowing an attacker with modification rights to inject a malicious payload that executes in the victim's browser when the rule is modified...

5.4CVSS6AI score0.00313EPSS
Exploits0References10Affected Software1
Veracode
Veracode
added 2024/11/12 2:0 a.m.10 views

Cross-Site Scripting (XSS)

Glossarizer is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improperly converting encoded special characters into legitimate HTML, allowing attackers to inject a malicious XSS payload into a glossary entry...

9.9CVSS5.5AI score0.00455EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder