Lucene search
K

27 matches found

CNVD
CNVD
added 2018/04/10 12:0 a.m.45 views

Remote Code Execution Vulnerability in Spring Framework spring-messaging Module

Spring Framework is the United States Pivotal Software's set of open source Java, Java EE application framework. The framework helps developers build high-quality applications . A remote code execution vulnerability exists in the Spring Framework spring-messaging module. An attacker can exploit t...

9.8CVSS8.1AI score0.77245EPSS
Exploits5References1
UbuntuCve
UbuntuCve
added 2018/04/06 1:29 p.m.69 views

CVE-2018-1270

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

9.8CVSS7.6AI score0.77245EPSS
Exploits5References3
OSV
OSV
added 2018/04/06 1:29 p.m.5 views

UBUNTU-CVE-2018-1270

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

9.8CVSS7.7AI score0.77245EPSS
Exploits5References4
CVE
CVE
added 2011/02/22 11:0 p.m.39 views

CVE-2011-1066

CVE-2011-1066 is an XSS vulnerability in Drupal’s Messaging module (6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8). Exploitation requires an attacker with administer messaging permissions and can inject arbitrary web script or HTML via unspecified vectors. The provided documents do not ...

2.6CVSS5.8AI score0.01081EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2011/02/22 11:0 p.m.23 views

CVE-2011-1066

Cross-site scripting XSS vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to inject arbitrary web script or HTML via unspecified vectors...

5.7AI score0.01081EPSS
Exploits0References5
Drupal
Drupal
added 2011/02/16 12:0 a.m.11 views

SA-CONTRIB-2011-010 - Messaging - Cross Site Scripting

The Messaging module is a Framework to allow message sending in a channel independent way. It provides a common API for message composition and sending while allowing plug-ins for multiple messaging methods. The module does not sanitize some of the user-supplied data before displaying it, leading...

6.1AI score
Exploits0References9
securityvulns
securityvulns
added 2002/08/16 12:0 a.m.32 views

PHP-Nuke v5.6 - Users can compromise admin accts.

Tested on PHP-Nuke v5.6 with Mozilla on Linux should work on past versions and on most browsers Impact: --------------------------------------------- Allows any user to get admin access to a PHP-Nuke site. Summary: ---------------------------------------------- Due to a XSS flaw in PHPNuke's...

6.1AI score
Exploits0
Rows per page
Query Builder