Lucene search
K

7660 matches found

Prion
Prion
added 2022/02/11 6:15 p.m.14 views

Cross site scripting

The mtxtNom y mtxtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data...

3.5CVSS5.2AI score0.00434EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/02/11 12:0 a.m.3 views

PT-2022-11246 · Tcman Gim · Tcman Gim

Name of the Vulnerable Software and Affected Versions: TCMAN GIM version 8.01 Description: The issue allows an attacker to perform persistent XSS attacks using the m txtNom and m txtCognoms parameters. This could be used to carry out browser-based attacks, including browser hijacking or theft of...

5.4CVSS5.2AI score0.00434EPSS
Exploits0References3
NVD
NVD
added 2022/02/10 6:15 p.m.20 views

CVE-2022-0020

A stored cross-site scripting XSS vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators...

6.8CVSS0.01711EPSS
Exploits3References2
OSV
OSV
added 2022/02/10 6:15 p.m.4 views

CVE-2022-0020

A stored cross-site scripting XSS vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators...

5.4CVSS5.8AI score0.01711EPSS
Exploits3References2
Prion
Prion
added 2022/02/10 6:15 p.m.20 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators...

3.5CVSS5.1AI score0.01711EPSS
Exploits3References2Affected Software1
CNVD
CNVD
added 2022/02/10 12:0 a.m.17 views

Apache Pulsar Input Validation Error Vulnerability

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenant, persistent storage, multi-machine room cross-region data replication,...

6.5CVSS6.3AI score0.01775EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/02/09 11:15 p.m.5 views

CVE-2022-23047

Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configuresite"...

4.8CVSS5.8AI score0.02891EPSS
Exploits1References4
OSV
OSV
added 2022/02/09 11:15 p.m.15 views

CVE-2022-23047

Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configuresite"...

4.8CVSS6.7AI score
Exploits0References3
Prion
Prion
added 2022/02/09 11:15 p.m.16 views

Code injection

Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configuresite"...

3.5CVSS5.1AI score0.02891EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2022/02/09 12:0 a.m.6 views

Palo Alto Network Cortex XSOAR 跨站脚本漏洞

Palo Alto Networks Cortex Xsoar is a Security Orchestration Automation and Response Soar platform from Palo Alto Networks, USA. A cross-site scripting vulnerability exists in Palo Alto Networks Cortex XSOAR that allows an attacker to store a persistent javascript exploit code that could lead to t...

6.8CVSS6.3AI score0.01711EPSS
Exploits3References6
Tenable Nessus
Tenable Nessus
added 2022/02/09 12:0 a.m.33 views

AlmaLinux 8 : gnupg2 (ALSA-2020:4490)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4490 advisory. - GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery CSRF vulnerability in dirmngr that can result in Attacker controlled CSRF, Informatio...

8.8CVSS6.9AI score0.02663EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2022/02/08 8:0 a.m.5 views

CVE-2021-4046

The mtxtNom y mtxtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data...

5.4CVSS5.9AI score0.00434EPSS
Exploits0References3Affected Software1
The Hacker News
The Hacker News
added 2022/02/04 5:45 a.m.32 views

Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users

A threat actor, likely Chinese in origin, is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform as part of spear-phishing campaigns that commenced in December 2021. The espionage operation — codenamed "EmailThief" — was detailed by cybersecurity compa...

1AI score
Exploits0
Veracode
Veracode
added 2022/02/03 11:3 a.m.18 views

Improper Input Validation

org.apache.pulsar, pulsar is vulnerable to improper input validation. The vulnerability exists due to improper access restrictions in internalResetCursorOnPosition function in PersistentTopicsBase.javafile which allows an attacker to bypass security and read the ledger...

6.5CVSS5.3AI score0.01775EPSS
Exploits1References6Affected Software1
Microsoft Secure
Microsoft Secure
added 2022/02/02 5:0 p.m.28 views

The evolution of a Mac trojan: UpdateAgent’s progression

Our discovery and analysis of a sophisticated Mac trojan in October exposed a year-long evolution of a malware family—and depicts the rising complexity of threats across platforms. The trojan, tracked as UpdateAgent, started as a relatively basic information-stealer but was observed distributing...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2022/02/02 12:9 p.m.26 views

New Malware Used by SolarWinds Attackers Went Undetected for Years

The threat actor behind the supply chain compromise of SolarWinds has continued to expand its malware arsenal with new tools and techniques that were deployed in attacks as early as 2019, once indicative of the elusive nature of the campaigns and the adversary's ability to maintain persistent...

1.3AI score
Exploits0
OSV
OSV
added 2022/01/28 10:15 p.m.20 views

GHSA-PRFF-6J8Q-VRV7 Cross-site Scripting in microweber

There is a persistent XSS Vulnerability exsists in the checkout page where we can able to execute any javascription in the last name field...

5.4CVSS5.2AI score0.00856EPSS
Exploits1References4
NVD
NVD
added 2022/01/28 8:15 p.m.18 views

CVE-2021-23174

Authenticated admin+ Persistent Cross-Site Scripting XSS vulnerability discovered in Download Monitor WordPress plugin versions = 4.4.6 Vulnerable parameters: &posttitle, &downloadablefileversion0...

4.8CVSS0.83223EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/01/28 7:9 p.m.17 views

CVE-2021-23174 WordPress Download Monitor plugin <= 4.4.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Authenticated admin+ Persistent Cross-Site Scripting XSS vulnerability discovered in Download Monitor WordPress plugin versions = 4.4.6 Vulnerable parameters: &posttitle, &downloadablefileversion0...

3.4CVSS5.4AI score0.83223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2022/01/27 1:33 p.m.38 views

CVE-2021-4091

A double free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash...

7.5CVSS2.2AI score0.01983EPSS
Exploits0References3
Rows per page
Query Builder