Lucene search
K

7660 matches found

Prion
Prion
added 2022/05/20 9:15 p.m.16 views

Cross site scripting

Multiple Authenticated administrator or higher user role Persistent Cross-Site Scripting XSS vulnerabilities in TMS-Plugins wpDataTables plugin = 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters...

3.5CVSS5AI score0.00489EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/05/20 8:48 p.m.78 views

CVE-2022-29432

CVE-2022-29432 covers multiple authenticated persistent XSS vulnerabilities in the WordPress plugin wpDataTables (versions

4.8CVSS4.7AI score0.00489EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/05/20 8:44 p.m.21 views

CVE-2022-29430 WordPress PNG to JPG plugin <= 4.0 - Cross-Site Request Forgery (CSRF) leading to Persistent Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability in KubiQ's PNG to JPG plugin = 4.0 at WordPress via Cross-Site Request Forgery CSRF. Vulnerable parameter &jpgquality...

4.7CVSS6.3AI score0.00336EPSS
Exploits0References2
OSV
OSV
added 2022/05/20 1:15 p.m.3 views

CVE-2022-29880

A vulnerability has been identified in SICAM T All versions V3.0. Affected devices do not properly validate input in the configuration interface. This could allow an authenticated attacker to place persistent XSS attacks to perform arbitrary actions in the name of a logged user which accesses the...

6.5CVSS6.7AI score0.00582EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2022/05/18 2:1 p.m.30 views

APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days

Most advanced persistent threat groups APTs use known vulnerabilities in their attacks against organizations, suggesting the need to prioritize faster patching rather than chasing zero-day flaws as a more effective security strategy, new research has found. Security researchers at the University ...

7.5AI score
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/05/18 6:5 a.m.4 views

Malicious code in pco_api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f9c8289fc4eb78d3e66ed76818f5f799edc0dbee5bebe64774a03a2c3148158b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/05/17 7:51 p.m.7 views

CVE-2022-29436 WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Persistent Cross-Site Scripting (XSS)

Persistent Cross-Site Scripting XSS vulnerability in Alexander Stokmann's Code Snippets Extended plugin = 1.4.7 on WordPress via Cross-Site Request Forgery vulnerable parameters &title, &snippetcode...

4.7CVSS5.3AI score0.00358EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/05/17 7:51 p.m.21 views

CVE-2022-29436 WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Persistent Cross-Site Scripting (XSS)

Persistent Cross-Site Scripting XSS vulnerability in Alexander Stokmann's Code Snippets Extended plugin = 1.4.7 on WordPress via Cross-Site Request Forgery vulnerable parameters &title, &snippetcode...

4.7CVSS6.4AI score0.00358EPSS
Exploits0References2
Securelist
Securelist
added 2022/05/17 2:0 p.m.24 views

Evaluation of cyber activities and the threat landscape in Ukraine

Introduction When the war in Ukraine broke out, many analysts were surprised to discover that what was simultaneously happening in the cyber domain did not match their predictions1. Since the beginning of the fighting, new cyberattacks taking place in Ukraine have been identified every week, whic...

7AI score
Exploits0
Rockylinux
Rockylinux
added 2022/05/17 7:52 a.m.8 views

new packages: device-mapper-persistent-data

An update is available for device-mapper-persistent-data. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, se...

2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/05/17 6:55 a.m.4 views

Malicious code in sameethinghere101 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 69e7a5e4c08ca379961c0f3d1a2dda0bebf47d65f153e2956e890451cb54fbd7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/05/17 12:32 a.m.12 views

GHSA-65CQ-WHR4-7C2V Persistent XSS vulnerability in Jenkins OWASP Dependency-Check Plugin

The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...

6.1CVSS5.9AI score0.00948EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/17 12:32 a.m.23 views

Persistent XSS vulnerability in Jenkins OWASP Dependency-Check Plugin

The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...

6.1CVSS6.1AI score0.00948EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/17 12:29 a.m.7 views

GHSA-63CJ-3R94-234V Persistent XSS vulnerability in Jenkins DRY Plugin

The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...

5.4CVSS5.2AI score0.00743EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/17 12:29 a.m.16 views

Persistent XSS vulnerability in Jenkins DRY Plugin

The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...

5.4CVSS6.1AI score0.00743EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 12:20 a.m.24 views

Withdrawn Advisory: Home Assistant Frontend XSS Vulnerability

Withdrawn Advisory This advisory has been withdrawn because we cannot confirm home-assistant-frontend is or was ever published to npm. Original Description In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS...

6.1CVSS6.9AI score0.00772EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/17 12:20 a.m.15 views

GHSA-7WFQ-WMX2-3WR4 Withdrawn Advisory: Home Assistant Frontend XSS Vulnerability

Withdrawn Advisory This advisory has been withdrawn because we cannot confirm home-assistant-frontend is or was ever published to npm. Original Description In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS...

6.1CVSS6.2AI score0.00772EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/14 3:49 a.m.18 views

Shopware XSS Vulnerability

Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the...

6.1CVSS7AI score0.04812EPSS
Exploits7References4Affected Software1
OSV
OSV
added 2022/05/14 3:14 a.m.26 views

GHSA-QF3F-7X69-QFV3 phpMyAdmin DoS Vulnerability

An issue was discovered in phpMyAdmin. An unauthenticated user is able to execute a denial-of-service DoS attack by forcing persistent connections when phpMyAdmin is running with $cfg'AllowArbitraryServer'=true. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versio...

5.9CVSS7.4AI score0.01799EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/14 1:40 a.m.20 views

The Reporting Addon for CUBA Platform has Persistent XSS

The Reporting Addon aka Reports Addon through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the "Reports Reports" name field...

5.4CVSS6AI score0.00667EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder