Lucene search
K

7657 matches found

Prion
Prion
added 2022/03/10 5:46 p.m.12 views

Cross site scripting

Persistent cross-site scripting XSS in the web interface of ipDIO allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into specific fields. The XSS payload will be executed when a legitimate user attempts to upload, copy, download, or delete an...

3.5CVSS5.6AI score0.00628EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/03/10 5:45 p.m.16 views

Cross site scripting

Persistent cross-site scripting in the web interface of ipDIO allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into a specific parameter. The XSS payload will be executed when a legitimate user attempts to review history...

4.3CVSS6.4AI score0.00871EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/03/03 10:15 p.m.4 views

CVE-2022-25220

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding...

4.8CVSS5.9AI score0.00548EPSS
Exploits1References2
NVD
NVD
added 2022/03/03 10:15 p.m.11 views

CVE-2022-25220

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding...

4.8CVSS0.00548EPSS
Exploits1References2
OSV
OSV
added 2022/03/03 10:15 p.m.5 views

CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...

5.4CVSS6.1AI score0.00516EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/03/03 10:15 p.m.5 views

CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...

5.4CVSS5.9AI score0.00516EPSS
Exploits1References3
NVD
NVD
added 2022/03/03 10:15 p.m.12 views

CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...

5.4CVSS0.00516EPSS
Exploits1References2
Prion
Prion
added 2022/03/03 10:15 p.m.19 views

Code injection

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding...

3.5CVSS5.1AI score0.00548EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/03/03 9:57 p.m.18 views

CVE-2022-25220

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding...

5.4AI score0.00548EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/03/03 9:55 p.m.14 views

CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...

5.8AI score0.00516EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/03/03 12:0 a.m.5 views

PeTeReport 跨站脚本漏洞

PeTeReport is an open source application vulnerability reporting tool. Designed to assist penetration testing/red team efforts by simplifying the task of report writing and generation, PeTeReport version 0.5 contains a cross-site scripting vulnerability that stems from the software's lack of...

4.8CVSS5.3AI score0.00548EPSS
Exploits1References4
Citrix
Citrix
added 2022/02/28 12:0 a.m.10 views

Citrix Provisioning Services - How To Gather CDF Traces

Starting in 1912 LTSR Citrix Provisioning Services improves on the CDF integration that kicked off in the earlier 7.0 days. This now includes the ability to natively maintain persistent rolling CDF trace logs on each PVS Server and Targets if necessary without the need for additional capture...

7AI score
Exploits0
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.16 views

WordPress WordPress Persistent Login plugin <= 1.3.23 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WordPress Persistent Login plugin versions = 1.3.23. Solution Update the WordPress Persistent Login plugin to the latest available version at least 2.0.0...

3.9AI score
Exploits0References2Affected Software1
CISA
CISA
added 2022/02/28 12:0 a.m.32 views

Broadcom Software Discloses APT Actors Deploying Daxin Malware in Global Espionage Campaign

Broadcom Software—an industry member of CISA’s Joint Cyber Defense Collaborative JCDC—uncovers an advanced persistent threat APT campaign against select governments and other critical infrastructure targets in a publication titled Daxin: Stealthy Backdoor Designed for Attacks Against Hardened...

6.8AI score
Exploits0References7
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.14 views

WordPress WordPress Persistent Login plugin <= 1.3.23 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WordPress Persistent Login plugin versions = 1.3.23. Solution Update the WordPress Persistent Login plugin to the latest available version at least 2.0.0...

2.2AI score
Exploits0References2Affected Software1
Malwarebytes
Malwarebytes
added 2022/02/25 6:54 p.m.22 views

CISA warns of cyberespionage by Iranian APT “MuddyWater”

Cybersecurity agencies in the US and UK have issued a joint cybersecurity advisory CSA on MuddyWater, a government-sponsored Iranian advanced persistent threat APT actor. The Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, the US Cyber Command Cyber...

0.8AI score
Exploits0
OSV
OSV
added 2022/02/25 4:15 a.m.4 views

CVE-2022-23835

The Visual Voice Mail VVM application through 2022-02-24 for Android allows persistent access if an attacker temporarily controls an application that has the READSMS permission, and reads an IMAP credentialing message that is by design not displayed to the victim within the AOSP SMS/MMS messaging...

8.1CVSS7.3AI score0.01406EPSS
Exploits1References2
CVE
CVE
added 2022/02/25 3:31 a.m.80 views

CVE-2022-23835

The CVE-2022-23835 issue affects Visual Voice Mail (VVM) for Android (up to 2022-02-24). A local attacker who temporarily controls an app with the READ_SMS permission can read an IMAP credentialing message that the AOSP SMS/MMS app does not display to the user, allowing persistent access to VVM d...

8.1CVSS7.8AI score0.01406EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/02/25 3:31 a.m.27 views

CVE-2022-23835

The Visual Voice Mail VVM application through 2022-02-24 for Android allows persistent access if an attacker temporarily controls an application that has the READSMS permission, and reads an IMAP credentialing message that is by design not displayed to the victim within the AOSP SMS/MMS messaging...

8.1AI score0.01406EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2022/02/23 8:39 a.m.162 views

Chinese Experts Uncover Details of Equation Group's Bvp47 Covert Hacking Tool

Researchers from China's Pangu Lab have disclosed details of a "top-tier" backdoor put to use by the Equation Group, an advanced persistent threat APT with alleged ties to the cyber-warfare intelligence-gathering unit of the U.S. National Security Agency NSA. Dubbed "Bvp47" owing to numerous...

7.4AI score
Exploits0
Rows per page
Query Builder