CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

CVE•added 2024/07/02 12:0 a.m.•51 views

CVE-2024-39143

CVE-2024-39143 describes a stored cross-site scripting (XSS) vulnerability in ResidenceCMS 2.10.1. A low-privilege user can save malicious HTML in a property content field, which is then stored and rendered on secondary views, potentially triggering payloads (including when visited by an administ...

5.4CVSS4.9AI score0.00273EPSS

Exploits3References1Affected Software1

Positive Technologies•added 2024/07/02 12:0 a.m.•2 views

PT-2024-28361 · Unknown · Residencecms

Name of the Vulnerable Software and Affected Versions: ResidenceCMS version 2.10.1 Description: A stored cross-site scripting XSS issue exists, allowing a low-privilege user to create malicious property content with HTML inside, which acts as a stored XSS payload. Recommendations: For ResidenceCM...

5.4CVSS5.2AI score0.00273EPSS

Exploits3References4

Veracode•added 2023/03/28 12:3 p.m.•18 views

Prototype Pollution

collection.js is vulnerable to Prototype Pollution. The vulnerability exists due lack of sanization in the extend function of extend.js which allows an attacker to inject malicious property's such as proto, resulting in prototype pollution...

7.5CVSS7.2AI score0.00153EPSS

Exploits1References5Affected Software1

Veracode•added 2022/10/21 3:21 p.m.•32 views

Prototype Pollution

uglify-js is vulnerable to prototype pollution. The vulnerability exists in DEFNODE function of ast.js via the name variable which allows an attacker to inject malicious property resulting in prototype pollution...

9.8CVSS8.8AI score0.00839EPSS

Exploits1References5Affected Software2

Veracode•added 2022/08/29 5:4 a.m.•26 views

Prototype Pollution

mongoose is vulnerable to pollution prototype. The vulnerability exists in add and path functions in lib/schema.js because it allows setting proto when creating schema with dotted properties which allows a remote attacker to inject and execute malicious property resulting in prototype pollution...

3.3AI score

Exploits0References5Affected Software1

Veracode•added 2022/07/07 2:9 p.m.•20 views

Prototype Pollution

deep.assign is vulnerable to prototype pollution. The vulnerability exists in deepAssign function due to improper parameters validation which allows an attacker to inject malicious property resulting in prototype pollution...

9.8CVSS5.4AI score0.005EPSS

Exploits1References4Affected Software1

Veracode•added 2022/04/07 4:36 a.m.•53 views

Prototype Pollution

async is vulnerable to prototype pollution. An attacker is able to inject malicious property types via mapValues method and gain unintended privileges due to prototype pollution vulnerability...

7.8CVSS5.2AI score0.00657EPSS

Exploits1References12Affected Software5

Check Point Advisories•added 2014/10/05 12:0 a.m.•3 views

VisiWave VWR File Parsing (CVE-2011-2386)

A remote code execution vulnerability exists in VisiWave's Site Survey Report. The vulnerability is caused by a failure to validate a user controlled property. A remote attacker can exploit this vulnerability by using a malicious property, potentially causing arbitrary code to be injected and...

9.3CVSS7.4AI score0.72006EPSS

Exploits2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by