Lucene search
+L

81 matches found

OSV
OSV
added 2017/10/11 7:29 p.m.6 views

CVE-2017-8016

RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application...

5.4CVSS5.9AI score0.0057EPSS
Exploits1References2
Cvelist
Cvelist
added 2017/10/11 7:0 p.m.28 views

CVE-2017-8016

RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application...

6AI score0.0057EPSS
Exploits1References2
CNVD
CNVD
added 2017/10/09 12:0 a.m.4 views

EMC RSA Archer GRC Platform Cross-Site Scripting Vulnerability

EMC RSA Archer GRC Platform is an enterprise IT governance and compliance governance product from EMC Corporation USA. The product enables the development of eGRC programs for managing enterprise risk, automating business processes, and more. A cross-site scripting vulnerability exists in EMC RSA...

5.4CVSS5.7AI score0.0057EPSS
Exploits1References1
Qualys Blog
Qualys Blog
added 2017/08/24 6:33 p.m.112 views

Qualys Cloud Platform 2.30 New Features

This release of the Qualys Cloud Platform version 2.30 includes updates and new features for Cloud Agent, EC2 Connector, Web Application Scanning, Web Application Firewall, and Security Assessment Questionnaire, highlights as follows. This posting has been updated on 9/6/2017 and 10/25/2017 to...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/06/21 7:22 p.m.19 views

Qualys Cloud Platform 2.28 New Features

This release of the Qualys Cloud Platform version 2.28 includes updates and new features for Cloud Agent, AssetView, ThreatPROTECT, Security Assessment Questionnaire and Web Application Scanning, highlights as follows: Cloud Agent Cloud Agent AIX Beta – beta release of Qualys Cloud Agent supporti...

6.7AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/06/13 5:45 p.m.23 views

Dynamic Questionnaire: Accelerate Quick and Efficient Responses with Question Gating

As you roll out Security Assessment Questionnaire to your vendors and internal stakeholders, it is necessary to avoid lengthy questionnaires containing many sections with questions that are not relevant to their area of work. It is important that respondents don’t get overwhelmed and spend a lot ...

6.8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2017/04/20 2:25 p.m.16 views

Qualys Cloud Platform 2.26 New Features

This release of the Qualys Cloud Platform version 2.26 includes updates and new features for Cloud Agent, AssetView, Security Assessment Questionnaire and Web Application Scanning as follows: Highlights Cloud Agent Platform View Module Activation Job Status – adds a button in Agent Management tab...

6.7AI score
Exploits0
CNVD
CNVD
added 2016/07/21 12:0 a.m.3 views

TYPO3 Questionnaire Extension Information Disclosure Vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF maintained by the Swiss TYPO3 Association. questionnaire is one of the questionnaire extension plugins. An information disclosure vulnerability exists in TYPO3 Questionnaire extension version 2.5.8 and earlier. An attacke...

6.2AI score
Exploits0References1
Typo3
Typo3
added 2016/05/31 12:0 a.m.593 views

Information Disclosure in extension "Questionnaire" (ke_questionnaire)

It has been discovered that the extension "Questionnaire" kequestionnaire is susceptible to Information Disclosure. Release Date: May 31, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 2.5.8 and below...

4.3CVSS6.2AI score0.01161EPSS
Exploits0Affected Software1
Prion
Prion
added 2014/01/10 12:2 p.m.14 views

Design/Logic Flaw

IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0.1.5 and earlier and 6.0.2 in IBM Atlas Suite aka Atlas Policy Suite do not properly validate...

6.4CVSS7AI score0.01358EPSS
Exploits0References3Affected Software3
NVD
NVD
added 2011/10/09 10:55 a.m.20 views

CVE-2010-4957

SQL injection vulnerability in the Questionnaire kequestionnaire extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS8.4AI score0.01288EPSS
Exploits0References6
NVD
NVD
added 2011/10/09 10:55 a.m.14 views

CVE-2010-4956

Cross-site scripting XSS vulnerability in the Questionnaire kequestionnaire extension before 2.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.7AI score0.01223EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2011/10/09 10:55 a.m.3 views

CVE-2010-4957

SQL injection vulnerability in the Questionnaire kequestionnaire extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS6.4AI score0.01288EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2011/10/09 10:55 a.m.2 views

CVE-2010-4956

Cross-site scripting XSS vulnerability in the Questionnaire kequestionnaire extension before 2.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.7AI score0.01223EPSS
Exploits0References9
Prion
Prion
added 2011/10/09 10:55 a.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Questionnaire kequestionnaire extension before 2.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.2AI score0.01223EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2011/10/09 10:0 a.m.48 views

CVE-2010-4957

CVE-2010-4957 affects the TYPO3 ke_questionnaire extension prior to version 2.2.3. The vulnerability is a SQL injection in the extension that allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Root cause details are limited to the generic SQL injection description ...

7.5CVSS8.7AI score0.01288EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2011/10/09 10:0 a.m.22 views

CVE-2010-4956

Cross-site scripting XSS vulnerability in the Questionnaire kequestionnaire extension before 2.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.7AI score0.01223EPSS
Exploits0References6
Cvelist
Cvelist
added 2011/10/09 10:0 a.m.30 views

CVE-2010-4957

SQL injection vulnerability in the Questionnaire kequestionnaire extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

8.4AI score0.01288EPSS
Exploits0References6
exploitpack
exploitpack
added 2011/08/17 12:0 a.m.14 views

Code Widgets Multiple Question - Multiple Choice Online Questionnaire SQL Injections

Code Widgets Multiple Question - Multiple Choice Online Questionnaire SQL Injections source: https://www.securityfocus.com/bid/49210/info Code Widgets Multiple Question - Multiple Choice Online Questionaire is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2011/08/17 12:0 a.m.18 views

Code Widgets Multiple Question - Multiple Choice Online Questionnaire SQL Injections

source: https://www.securityfocus.com/bid/49210/info Code Widgets Multiple Question - Multiple Choice Online Questionaire is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

7.4AI score
Exploits0
Rows per page
Query Builder