Lucene search
K

7660 matches found

Vulnrichment
Vulnrichment
added 2022/04/11 8:20 p.m.7 views

CVE-2022-24833 Persistent Cross-site Scripting (XSS) vulnerability in PrivateBin

PrivateBin is minimalist, open source online pastebin clone where the server has zero knowledge of pasted data. In PrivateBin v1.4.0 a cross-site scripting XSS vulnerability was found. The vulnerability is present in all versions from v0.21 of the project, which was at the time still called...

8.2CVSS7.3AI score0.01271EPSS
Exploits1References2
CNVD
CNVD
added 2022/04/11 12:0 a.m.11 views

Huawei FLMG-10 Authorization Issues Vulnerability

Huawei FLMG-10 is a high-end Bluetooth remote control speaker from Huawei, China. The Huawei FLMG-10 suffers from an authorization issue vulnerability that stems from incorrect authentication issues. A local attacker can exploit the vulnerability to install a persistent and cryptic bootstrap or...

7.2CVSS7.4AI score0.00194EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/04/07 12:0 a.m.2 views

Huawei FLMG-10 授权问题漏洞

Huawei FLMG-10 is a high-end Bluetooth remote control speaker from Huawei, China. The Huawei FLMG-10 suffers from an authorization issue vulnerability that stems from incorrect authentication issues. A local attacker can exploit the vulnerability to install a persistent and cryptic bootstrap or...

7.2CVSS5.7AI score0.00194EPSS
Exploits0References3
Krebs on Security
Krebs on Security
added 2022/04/06 5:55 p.m.20 views

The Original APT: Advanced Persistent Teenagers

Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. But few organizations have a playbook for...

Exploits0
NVD
NVD
added 2022/04/04 8:15 p.m.25 views

CVE-2022-25613

Authenticated Persistent Cross-Site Scripting XSS vulnerability in FV Flowplayer Video Player WordPress plugin versions = 7.5.18.727 via &fvwpflowplayerfieldsplash parameter...

5.4CVSS0.00549EPSS
Exploits0References2
Prion
Prion
added 2022/04/04 8:15 p.m.16 views

Cross site scripting

Authenticated Persistent Cross-Site Scripting XSS vulnerability in FV Flowplayer Video Player WordPress plugin versions = 7.5.18.727 via &fvwpflowplayerfieldsplash parameter...

3.5CVSS5.3AI score0.00549EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/04/04 7:46 p.m.75 views

CVE-2022-25613

Summary : CVE-2022-25613 is an authenticated persistent Cross-Site Scripting (XSS) vulnerability in the WordPress FV Flowplayer Video Player plugin (versions

5.4CVSS4.7AI score0.00549EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2022/04/01 12:0 a.m.17 views

Textpattern CMS <= 4.8.8 Multiple Vulnerabilities

Textpattern CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:textpattern:textpattern";...

5.4CVSS5.6AI score0.01073EPSS
Exploits2References2
ThreatPost
ThreatPost
added 2022/03/31 6:9 p.m.308 views

Belarusian ‘Ghostwriter’ Actor Picks Up BitB for Ukraine-Related Attacks

Ghostwriter – a threat actor previously linked with the Belarusian Ministry of Defense – has glommed onto the recently disclosed, nearly invisible “Browser-in-the-Browser” BitB credential-phishing technique in order to continue its ongoing exploitation of the war in Ukraine. In a Wednesday post,...

8.4AI score
Exploits0References9
Packet Storm
Packet Storm
added 2022/03/30 12:0 a.m.232 views

Medical Hub Directory Site 1.0 Cross Site Scripting

Title: Medical Hub Directory Site 1.0 XSS Stored Author: Hejap Zairy Date: 30.07.2022 Vendor: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/mhds.zip Reference:...

Exploits0
OSV
OSV
added 2022/03/29 6:15 a.m.3 views

CVE-2022-1087

A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The manipulation of the field Title with script tags leads to persistent cross site scripting. The attack may be initiated remotely and requires an authentication. A...

5.4CVSS4.2AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/03/29 5:50 a.m.7 views

CVE-2022-1087 htmly Edit Profile Module cross site scripting

A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The manipulation of the field Title with script tags leads to persistent cross site scripting. The attack may be initiated remotely and requires an authentication. A...

3.5CVSS5.5AI score0.00921EPSS
Exploits1References3
CVE
CVE
added 2022/03/29 5:50 a.m.70 views

CVE-2022-1075

CVE-2022-1075 affects College Website Management System 1.0. The vulnerable code path is /cwms/classes/Master.php?f=save_contact in the Contact Handler, where input manipulation can result in persistent cross-site scripting. The issue may be exploitable remotely and requires authentication. No re...

5.4CVSS4.3AI score0.00444EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/03/29 2:15 a.m.10 views

CVE-2022-24957

DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will ...

5.4CVSS0.00694EPSS
Exploits1References2
OSV
OSV
added 2022/03/29 2:15 a.m.2 views

CVE-2022-24957

DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will ...

5.4CVSS5.8AI score0.00694EPSS
Exploits1References2
Prion
Prion
added 2022/03/29 2:15 a.m.12 views

Input validation

DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will ...

3.5CVSS5.2AI score0.00694EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/03/29 1:11 a.m.12 views

CVE-2022-24957

DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will ...

5.4AI score0.00694EPSS
Exploits1References2
CVE
CVE
added 2022/03/29 1:11 a.m.77 views

CVE-2022-24957

DHC Vision eQMS (v5.4.8.322 and earlier) is affected by a Persistent XSS due to insufficient encoding of untrusted input/output. An attacker must create/edit an information object and use the XSS payload as the name; any user opening the object’s version or history tab can be attacked. No remedia...

5.4CVSS5.2AI score0.00694EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/03/25 7:15 p.m.11 views

Cross site scripting

Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities in Simple Event Planner WordPress plugin = 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &customeventorganiser, &customorganiseremail, &customorganisercontact...

3.5CVSS5.4AI score0.00549EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/03/25 6:2 p.m.14 views

CVE-2022-25612 WordPress Simple Event Planner plugin <= 1.5.4 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities in Simple Event Planner WordPress plugin = 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &customeventorganiser, &customorganiseremail, &customorganisercontact...

4.1CVSS5.7AI score0.00549EPSS
Exploits0References2
Rows per page
Query Builder