Lucene search
K

8 matches found

CNNVD
CNNVD
added 2024/07/09 12:0 a.m.6 views

Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments that stems from an insecure authorization issue in the /providers interface. A low-privileged attacker can exploit the vulnerability to create privileged users provide...

8.8CVSS6.8AI score0.00349EPSS
Exploits0References2
NVD
NVD
added 2023/05/24 8:15 p.m.21 views

CVE-2023-33791

A stored cross-site scripting XSS vulnerability in the Create Provider Accounts /circuits/provider-accounts/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

5.4CVSS5.3AI score0.00394EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/05/24 8:15 p.m.9 views

CVE-2023-33791

A stored cross-site scripting XSS vulnerability in the Create Provider Accounts /circuits/provider-accounts/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

5.4CVSS6.2AI score0.00394EPSS
Exploits1References2
Prion
Prion
added 2023/05/24 8:15 p.m.17 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Create Provider Accounts /circuits/provider-accounts/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

4.9CVSS5.3AI score0.00394EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/24 12:0 a.m.3 views

PT-2023-24494 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Provider Accounts function, specifically at the /circuits/provider-accounts/ API endpoint, allowing attackers to execute arbitrary web scripts or...

5.4CVSS5.4AI score0.00394EPSS
Exploits1References3
OSV
OSV
added 2023/05/24 12:0 a.m.9 views

CVE-2023-33791

A stored cross-site scripting XSS vulnerability in the Create Provider Accounts /circuits/provider-accounts/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

5.4CVSS5.7AI score0.00394EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/09/08 1:15 a.m.4 views

CVE-2022-37145

The PlexTrac platform prior to version 1.17.0 does not restrict excessive authentication attempts for accounts configured to use the PlexTrac authentication provider. An unauthenticated remote attacker could perform a bruteforce attack on the login page with no time or attempt limitation in an...

7.5CVSS7.2AI score0.00887EPSS
Exploits0References3
OSV
OSV
added 2019/10/29 7:15 p.m.2 views

CVE-2019-5533

In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter authorization check mistakenly allows enterprise users to obtain information of Managed Service Provider accounts. Among the information is username, first and last name, phone numbers and e-mail addre...

4.3CVSS5.8AI score0.17883EPSS
Exploits2References1
Rows per page
Query Builder