Lucene search
+L

69 matches found

Cvelist
Cvelist
added 2023/05/09 3:42 p.m.29 views

CVE-2023-32071 XWiki Platform vulnerable to RXSS via editor parameter - importinline template

XWiki Platform is a generic wiki platform. Starting in versions 2.2-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, it's possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment. This has...

9CVSS9.4AI score0.71143EPSS
Exploits0References4
CVE
CVE
added 2023/05/08 12:0 a.m.39 views

CVE-2023-31180

WJJ Software InnoKB Server/Console 2.2.1 is affected by reflected cross-site scripting (RXSS) via an unspecified request. The vulnerability is documented across multiple feeds, with CVSS v3.1 metrics indicating Networks access, Low attack complexity, and user interaction required. There is no exp...

6.1CVSS6.2AI score0.00379EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/01/12 4:15 p.m.22 views

CVE-2022-39187

Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting RXSS vulnerability through unspecified vectors...

6.8CVSS6.3AI score0.0042EPSS
Exploits0References1
Prion
Prion
added 2023/01/12 4:15 p.m.19 views

Cross site scripting

Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting RXSS vulnerability through unspecified vectors...

5.8CVSS6AI score0.0042EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/01/12 12:0 a.m.42 views

CVE-2022-39187

CVE-2022-39187 concerns Rumpus - FTP server 9.0.7.1 with a Reflected cross-site scripting (RXSS) vulnerability through unspecified vectors. Multiple connected sources corroborate RXSS in this version; details on vectors, exploitability, and affected components are not consistently provided across...

6.8CVSS6.1AI score0.0042EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2022/12/29 5:49 p.m.25 views

U.S. Department of State: RXSS on https://travel.state.gov/content/travel/en/search.html

Vulnerability description not provided...

7.1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2022/10/28 12:0 a.m.29 views

[20221101] - Core - RXSS through reflection of user input in com_media

Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in commedia...

6.1CVSS6.4AI score0.00455EPSS
Exploits0Affected Software1
Prion
Prion
added 2022/10/25 5:15 p.m.16 views

Cross site scripting

AlgoSec – FireFlow Reflected Cross-Site-Scripting RXSS A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user victim. JavaScript code is executed on...

4.9CVSS5.5AI score0.00354EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/10/25 12:50 a.m.17 views

CVE-2022-36783 AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS)

AlgoSec – FireFlow Reflected Cross-Site-Scripting RXSS A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user victim. JavaScript code is executed on...

6.5CVSS6.7AI score0.00354EPSS
Exploits0References1
CVE
CVE
added 2022/10/25 12:50 a.m.73 views

CVE-2022-36783

CVE-2022-36783 affects AlgoSec FireFlow with a Reflected Cross-Site-Scripting (RXSS) vector. A malicious user can inject JavaScript into the IntersectudRule parameter on the search/result.html page by changing the request method from POST to GET and sharing the URL with a victim. This results in ...

6.5CVSS5.7AI score0.00354EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/08/10 2:20 a.m.31 views

CVE-2022-36801

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting RXSS vulnerability in the TeamManagement.jspa endpoint. The affected versions are before version 8.20.8...

6.2AI score0.64863EPSS
Exploits0References1
CVE
CVE
added 2022/08/10 2:20 a.m.135 views

CVE-2022-36801

CVE-2022-36801 affects Atlassian Jira Server and Data Center prior to 8.20.8. The issue is a Reflected XSS in the TeamManagement.jspa endpoint that allows anonymous remote attackers to inject arbitrary HTML or JavaScript. Several sources corroborate the affected version range and the vulnerabilit...

6.1CVSS6AI score0.64863EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2022/08/10 2:20 a.m.20 views

CVE-2022-36801

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting RXSS vulnerability in the TeamManagement.jspa endpoint. The affected versions are before version 8.20.8...

6.3AI score0.64863EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/08/09 12:0 a.m.7 views

PT-2022-4143 · Atlassian · Jira

Name of the Vulnerable Software and Affected Versions: Atlassian Jira Server and Data Center versions prior to 8.20.8 Description: The issue allows anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting RXSS vulnerability in the "TeamManagement.jspa...

10CVSS7AI score0.64863EPSS
Exploits0References6
Hacker One
Hacker One
added 2022/07/06 10:7 a.m.15 views

U.S. Dept Of Defense: RXSS on █████████

Description: the WhatSubmitted parameter not filtered, i can insert " character and execute code JS Impact Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate...

0.5AI score
Exploits0
Hacker One
Hacker One
added 2022/07/04 2:6 p.m.16 views

U.S. Dept Of Defense: [████████] RXSS via "CurrentFolder" parameter

A reflected cross-site scripting vulnerability was found on a website that allowed malicious scripts to be injected via the CurrentFolder parameter...

6.3AI score
Exploits0
Hacker One
Hacker One
added 2022/05/01 4:42 a.m.29 views

U.S. Dept Of Defense: RXSS on █████████

I found RXSS on https://███████/██████ Impact Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious...

0.5AI score
Exploits0
Hacker One
Hacker One
added 2022/01/28 11:48 p.m.24 views

Equifax-vdp: RXSS on https://equifax.gr8people.com on Password Reset page in the username parameter

Hello, While testing your program i came across a website that is owned by informatica and is vulnerable to RXSS on Password Reset page in the username parameter POC:...

1.3AI score
Exploits0
Hacker One
Hacker One
added 2021/11/21 8:11 p.m.43 views

U.S. Dept Of Defense: Rxss on █████████ via logout?service=javascript:alert(1)

Description: I found open redirect and xss Rxss at the ██████████ logout page, https://████/██████████/logout?service=https://google.com It also allows javascript URIs, leading to Xss Impact Attacker can trick users to visit malicious websites or can lead to phishing and many other type of attack...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2021/04/19 12:0 a.m.219 views

WordPress Photo Gallery 1.5.69 Cross Site Scripting

Researcher Name: ThuraMoeMyint Twitter: https://twitter.com/mgthuramoemyint Vendor Url: https://wordpress.org/plugins/photo-gallery/ "Photo Gallery by 10Web / Mobile-Friendly Image Gallery" photo-gallery Multiple RXSS The parameter bwgalbumbreadcrumb0 is able to inject malicious javascript code...

Exploits0
Rows per page
Query Builder