Lucene search
K

132 matches found

OSV
OSV
added 2019/07/18 4:15 p.m.6 views

CVE-2019-13948

SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element...

5.4CVSS6AI score0.00702EPSS
Exploits1References2
OSV
OSV
added 2019/07/15 4:15 a.m.3 views

CVE-2019-1010028

phpscriptsmall.com School College Portal with ERP Script 2.6.1 and earlier is affected by: Cross Site Scripting XSS. The impact is: Attack administrators and teachers, students and more. The component is: /pro-school/index.php?student/message/sendreply/. The attack vector is:...

6.1CVSS6.3AI score0.00675EPSS
Exploits1References1
OSV
OSV
added 2019/01/30 8:29 p.m.5 views

CVE-2019-3911

Reflected cross-site scripting XSS vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /r2/query endpoints...

6.1CVSS6.4AI score0.03813EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2019/01/30 12:0 a.m.5 views

PT-2019-16766 · Labkey · Labkey Server Community Edition

Name of the Vulnerable Software and Affected Versions: LabKey Server Community Edition versions prior to 18.3.0-61806.763 Description: A reflected cross-site scripting issue allows an unauthenticated remote attacker to inject arbitrary javascript. This is achieved via the onerror parameter in the...

6.1CVSS6.1AI score0.03813EPSS
Exploits1References2
OSV
OSV
added 2018/11/21 10:21 p.m.1 views

GHSA-WG85-P6J7-GP3W SimpleMDE XSS Vulnerability

SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with and characters, which is mishandled during construction of an A element...

6.1CVSS5.9AI score0.00788EPSS
Exploits1References4
CVE
CVE
added 2018/11/07 3:0 p.m.48 views

CVE-2018-19057

CVE-2018-19057 affects SimpleMDE 1.11.2. The vulnerability is a cross-site scripting (XSS) issue triggered by an onerror attribute on a crafted IMG element, or by certain input containing [ and ( characters, which is mishandled during the construction of an A element. The issue is described acros...

6.1CVSS5.9AI score0.00788EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/10/23 12:0 a.m.3 views

TeaKKi Cross-Site Scripting Vulnerability

TeaKKi is a team document collaboration software. The software features document synchronization, category management and rights management. A cross-site scripting vulnerability exists in TeaKKi version 2.7. The vulnerability can be exploited by remote attackers to inject arbitrary web script or...

6.1CVSS5.9AI score0.00826EPSS
Exploits1References1
NVD
NVD
added 2018/10/20 9:29 p.m.11 views

CVE-2018-18540

TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL...

6.1CVSS6AI score0.00826EPSS
Exploits1References1
Prion
Prion
added 2018/10/20 9:29 p.m.11 views

Cross site scripting

TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL...

4.3CVSS5.9AI score0.00826EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/10/20 9:29 p.m.3 views

CVE-2018-18540

TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL...

6.1CVSS5.8AI score0.00826EPSS
Exploits1References1
NVD
NVD
added 2018/07/08 12:29 p.m.13 views

CVE-2018-13433

Boostnote v0.11.7 allows XSS during highlighting of Markdown text, as demonstrated by an onerror attribute of an IMG element...

6.1CVSS6.1AI score0.00865EPSS
Exploits1References1
NVD
NVD
added 2018/07/05 10:29 p.m.29 views

CVE-2018-13339

Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035...

6.1CVSS5.5AI score0.00937EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2018/07/03 12:29 p.m.13 views

CVE-2018-13065

ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured...

6.1CVSS6.3AI score0.01353EPSS
Exploits3References2
Prion
Prion
added 2018/07/03 12:29 p.m.21 views

Code injection

DISPUTED ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured...

4.3CVSS5.9AI score0.01353EPSS
Exploits3References3Affected Software1
CVE
CVE
added 2018/07/03 11:0 a.m.52 views

CVE-2018-13065

CVE-2018-13065 affects ModSecurity 3.0.0 with a Cross-Site Scripting issue: XSS via an IMG onError attribute. The core detail across connected sources is that an attacker could inject script through an onError on an IMG tag; some sources note a third party disputes applicability without a Core Ru...

6.1CVSS5.9AI score0.01353EPSS
Exploits3References3Affected Software1
Exploit DB
Exploit DB
added 2018/07/03 12:0 a.m.66 views

ModSecurity 3.0.0 - Cross-Site Scripting

ModSecurity 3.0.0 - Cross-Site Scripting. CVE-2018-13065. Webapps exploit for Linux platform. Tags: Cross-Site Scripting XSS Exploit Title: ModSecurity 3.0.0 - Cross-Site Scripting Date: 2018-07-02 Vendor Homepage: https://www.modsecurity.org Software: ModSecurity Category: Web Application Firewa...

6.1CVSS6AI score0.01353EPSS
Exploits3
Positive Technologies
Positive Technologies
added 2018/07/03 12:0 a.m.5 views

PT-2018-11565 · Owasp · Modsecurity

Name of the Vulnerable Software and Affected Versions: ModSecurity version 3.0.0 Description: The issue concerns an XSS vulnerability via an onerror attribute of an IMG element. It is noted that a third party has disputed this issue, suggesting it may only apply to environments without a Core Rul...

6.1CVSS5.9AI score0.01353EPSS
Exploits3References9
OSV
OSV
added 2018/06/11 9:29 p.m.3 views

CVE-2017-5387

The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox 51...

3.3CVSS6.6AI score0.00402EPSS
Exploits1References4
NVD
NVD
added 2018/06/11 9:29 p.m.18 views

CVE-2017-5387

The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox 51...

3.3CVSS2.9AI score0.00402EPSS
Exploits1References4
Prion
Prion
added 2018/06/11 9:29 p.m.16 views

Double free

The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox 51...

2.1CVSS5.1AI score0.00402EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder