Lucene search
K

7660 matches found

OSV
OSV
added 2022/05/14 1:40 a.m.7 views

GHSA-RFF7-964G-PPPX The Reporting Addon for CUBA Platform has Persistent XSS

The Reporting Addon aka Reports Addon through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the "Reports Reports" name field...

5.4CVSS5.3AI score0.00667EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2022/05/13 1:39 a.m.21 views

Yab Quarx persistent cross-site scripting vulnerability

Yab Quarx before 2.4.5 is prone to multiple persistent cross-site scripting vulnerabilities: Blog Title, FAQ Question, Pages Title, Widgets Name, and Menus Name...

6.1CVSS6.2AI score0.00985EPSS
Exploits2References7Affected Software1
OSV
OSV
added 2022/05/13 1:38 a.m.28 views

GHSA-P4XG-CPR9-VWVJ Red Hat Wildfly DoS

Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers...

7.5CVSS7.2AI score0.03133EPSS
Exploits0References15
Github Security Blog
Github Security Blog
added 2022/05/13 1:38 a.m.30 views

Red Hat Wildfly DoS

Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers...

7.5CVSS6.7AI score0.03133EPSS
Exploits0References15Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:7 a.m.24 views

Openstack Manila Persistent XSS in Metadata field

Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...

5.4CVSS5.6AI score0.01266EPSS
Exploits0References12Affected Software1
OSV
OSV
added 2022/05/13 1:5 a.m.1 views

GHSA-6RH5-23HX-J452 Improper Authorization in Jenkins Core

An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java that allows attackers with Overall/RunScripts permission to craft Remember Me cookies that would never expire, allowing e.g...

7.2CVSS5.9AI score0.01545EPSS
Exploits0References6
OSV
OSV
added 2022/05/11 6:15 p.m.3 views

CVE-2021-31330

A Cross-Site Scripting XSS vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent...

5.4CVSS5.8AI score0.00765EPSS
Exploits1References4
NVD
NVD
added 2022/05/11 6:15 p.m.17 views

CVE-2021-31330

A Cross-Site Scripting XSS vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent...

5.4CVSS0.00765EPSS
Exploits1References4
Prion
Prion
added 2022/05/11 6:15 p.m.17 views

Cross site scripting

A Cross-Site Scripting XSS vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent...

3.5CVSS5.2AI score0.00765EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2022/05/11 5:34 p.m.24 views

CVE-2021-31330

A Cross-Site Scripting XSS vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent...

5.4AI score0.00765EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2022/05/11 3:15 p.m.32 views

CVE-2022-1433

An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS...

6.1CVSS6.7AI score0.00789EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/05/11 2:27 p.m.29 views

CVE-2022-1433

An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS...

2.6CVSS6.9AI score0.00789EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2022/05/11 2:27 p.m.43 views

CVE-2022-1433

Removed by vendor...

6.1CVSS6.9AI score0.00789EPSS
Exploits0
OSV
OSV
added 2022/05/11 2:27 p.m.19 views

CVE-2022-1433

An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. Missing invalidation of Markdown caching causes potential payloads from a previously exploitable XSS...

2.6CVSS5.7AI score0.00789EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/05/10 9:47 a.m.18 views

CVE-2022-29880

A vulnerability has been identified in SICAM T All versions V3.0. Affected devices do not properly validate input in the configuration interface. This could allow an authenticated attacker to place persistent XSS attacks to perform arbitrary actions in the name of a logged user which accesses the...

6.5CVSS5.3AI score0.00582EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2022/05/10 8:14 a.m.15 views

device-mapper-persistent-data bug fix and enhancement update

An update is available for device-mapper-persistent-data. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, se...

2AI score
Exploits0
Prion
Prion
added 2022/05/06 6:15 p.m.12 views

Cross site scripting

Multiple Authenticated admin+ Persistent Cross-Site Scripting XSS vulnerabilities in Adam Skaat's Countdown & Clock plugin = 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-button-margin-right, &ycd-button-margin-bottom,...

3.5CVSS5AI score0.00533EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/05/06 5:37 p.m.23 views

CVE-2022-29422 WordPress Countdown & Clock plugin <= 2.3.2 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated admin+ Persistent Cross-Site Scripting XSS vulnerabilities in Adam Skaat's Countdown & Clock plugin = 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-button-margin-right, &ycd-button-margin-bottom,...

4.8CVSS5.4AI score0.00533EPSS
Exploits0References2
CVE
CVE
added 2022/05/06 5:37 p.m.73 views

CVE-2022-29422

CVE-2022-29422 concerns WordPress plugin Countdown & Clock (

4.8CVSS5.2AI score0.00533EPSS
Exploits0References2Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2022/05/04 3:48 p.m.80 views

XSS in JSON: Old-School Attacks for Modern Applications

I recently wrote a blog post on injection-type vulnerabilities and how they were knocked down a few spots from 1 to 3 on the new OWASP Top 10 for 2022. The main focus of that article was to demonstrate how stack traces could be — and still are — used via injection attacks to gather information...

7.5CVSS9.1AI score0.99677EPSS
Exploits100
Rows per page
Query Builder