Lucene search
K

112 matches found

OpenVAS
OpenVAS
added 2018/08/20 12:0 a.m.17 views

Nextcloud Server 'Autocomplete field' Stored XSS Vulnerability (NC-SA-2018-008)

Nextcloud Server is prone to a stored cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.4CVSS5.1AI score0.00769EPSS
Exploits0References1
OSV
OSV
added 2018/08/13 7:29 p.m.17 views

CVE-2018-3781

A missing sanitization of search results for an autocomplete field in NextCloud Talk 3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...

5.4CVSS5.6AI score
Exploits0References2
Prion
Prion
added 2018/08/13 7:29 p.m.20 views

Cross site scripting

A missing sanitization of search results for an autocomplete field in NextCloud Talk 3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...

3.5CVSS6AI score0.0062EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
added 2018/08/10 12:0 a.m.25 views

Stored XSS in autocomplete suggestions for chat @-mentions (NC-SA-2018-009)

A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...

3.5CVSS2.6AI score0.0062EPSS
Exploits0Affected Software1
Oracle linux
Oracle linux
added 2018/07/11 12:0 a.m.41 views

gnupg2 security update

2.0.14-9 - fix CVE-2018-12020 - missing sanitization of original filename...

7.5CVSS2AI score0.08654EPSS
Exploits0
NVD
NVD
added 2018/07/05 4:29 p.m.24 views

CVE-2018-3763

In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like...

4.8CVSS4.9AI score0.00609EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/07/05 4:0 p.m.25 views

CVE-2018-3763

In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like...

4.9AI score0.00609EPSS
Exploits0References1
Nextcloud
Nextcloud
added 2018/06/21 12:0 a.m.30 views

Stored XSS in calendar via group shares (NC-SA-2018-004)

A missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins...

3.5CVSS4.1AI score0.00609EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2018/06/07 12:0 a.m.5 views

PT-2018-16150 · Unknown · Crud-File-Server

Name of the Vulnerable Software and Affected Versions: crud-file-server versions prior to 0.8.0 Description: The issue is related to a lack of validation of file names, leading to a Cross-Site Scripting vulnerability. This is due to insufficient sanitization of filenames when the directory index ...

6.1CVSS5.9AI score0.01046EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2018/02/19 5:29 p.m.18 views

CVE-2018-7226

An issue was discovered in vcSetXCutTextProc in VNConsole.c in LinuxVNC and VNCommand from the LibVNC/vncterm distribution through 0.9.10. Missing sanitization of the client-specified message length may cause integer overflow or possibly have unspecified other impact via a specially crafted VNC...

9.8CVSS7.2AI score0.02323EPSS
Exploits0References3
0day.today
0day.today
added 2016/03/21 12:0 a.m.80 views

Microsoft Windows 8.1 / 10 (x86) - Secondary Logon Standard Handles Missing Sanitization Privilege E

Exploit for windows platform in category local exploits / Sources: https://bugs.chromium.org/p/project-zero/issues/detail?id=687 https://googleprojectzero.blogspot.ca/2016/03/exploiting-leaked-thread-handle.html Windows: Secondary Logon Standard Handles Missing Sanitization EoP Platform: Windows...

7.2CVSS0.2AI score0.37164EPSS
Exploits14
Snyk
Snyk
added 2015/08/06 9:0 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to no proper sanitization of xlink:href attributes. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. Th...

7.1CVSS5.3AI score0.01382EPSS
Exploits0References3
Rows per page
Query Builder