Lucene search
K

182 matches found

OSV
OSV
added 2024/06/13 1:15 p.m.5 views

CVE-2024-36395

Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...

6.1CVSS5.8AI score0.00254EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/13 12:0 a.m.5 views

Verint Workforce Optimization Cross-Site Scripting Vulnerability

Verint Systems Verint Workforce Optimization WFO is an employee performance management solution from Verint Systems, USA. The product supports workforce management, call recording, automated quality management, performance management, text and desktop analytics, and more. A cross-site scripting...

6.1CVSS6.1AI score0.00254EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/04 12:0 a.m.10 views

PT-2024-7359

Name of the Vulnerable Software and Affected Versions: Cfx.re FXServer versions v9601 and earlier wpDiscuz affected versions not specified Description: The issue is related to incorrect access control and the failure to neutralize script-related HTML tags on a web page. This can allow a remote...

9.1CVSS6.3AI score0.02393EPSS
Exploits3References10
Positive Technologies
Positive Technologies
added 2024/05/28 12:0 a.m.5 views

PT-2024-26895 · Cocalc · Cocalc

Name of the Vulnerable Software and Affected Versions: CoCalc versions prior to the version containing commit 419862a9c9879c Description: The issue concerns the markdown parser in CoCalc, which allows tags to be included and executed when published. There are no known workarounds for this issue...

7.6CVSS7.1AI score0.00406EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/05/22 9:48 a.m.5 views

golang: html/template: improper handling of special tags within script contexts

A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of " contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped...

6.1CVSS7AI score0.00798EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2023/12/12 5:29 p.m.5 views

golang: html/template: improper handling of special tags within script contexts

A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of " contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped...

6.1CVSS6.7AI score0.00798EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2023/12/12 5:25 p.m.5 views

golang: html/template: improper handling of special tags within script contexts

A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of " contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped...

6.1CVSS6.7AI score0.00798EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2023/11/15 7:24 a.m.8 views

golang: html/template: improper handling of special tags within script contexts

A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of " contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped...

6.1CVSS6.7AI score0.00798EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2023/11/14 4:4 p.m.6 views

golang: html/template: improper handling of special tags within script contexts

A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of " contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped...

6.1CVSS6.7AI score0.00798EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2023/10/31 2:23 p.m.5 views

golang: html/template: improper handling of special tags within script contexts

A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of " contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped...

6.1CVSS6.7AI score0.00798EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/09/15 12:0 a.m.4 views

Saphira Connect Cross-Site Scripting Vulnerability

Saphira Connect is a mobile application for telephone exchange and call center servers from Saphira Connect, Inc. A cross-site scripting vulnerability exists in versions prior to Saphira Connect 9 that stems from incorrect neutralization of script-related HTML tags in web pages...

6.1CVSS5.9AI score0.00784EPSS
Exploits0References3
Prion
Prion
added 2023/04/24 5:15 p.m.18 views

Path traversal

Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upload an .exe file or a file containing embedded...

6CVSS8.9AI score0.01024EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.5 views

Fortinet FortiAuthenticator 跨站脚本漏洞

Fortinet FortiAuthenticator is a centralized user identity management solution from Fortinet. Fortinet FortiAuthenticator suffers from a cross-site scripting vulnerability that stems from an improper neutralization of script-related HTML tags in a web page, which can be exploited by an attacker t...

6.1CVSS5.8AI score0.00494EPSS
Exploits0References2
OSV
OSV
added 2023/03/30 9:15 a.m.4 views

CVE-2023-1013

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Virames Vira-Investing allows Cross-Site Scripting XSS.This issue affects Vira-Investing: before 1.0.84.86...

6.1CVSS6.4AI score0.00357EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/03/07 12:0 a.m.4 views

PT-2023-12533 · Ubit Information Technologies · Ubit Information Technologies Student Information Management System

Name of the Vulnerable Software and Affected Versions: UBIT Information Technologies Student Information Management System versions before 20211126 Description: The issue is related to Improper Neutralization of Script-Related HTML Tags in a Web Page, also known as Basic XSS. This allows for...

6.1CVSS6.4AI score0.00357EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/03/06 12:0 a.m.3 views

PT-2023-21150 · Unknown · Quickentity-Editor-Next

Name of the Vulnerable Software and Affected Versions: quickentity-editor-next versions prior to 1.28.1 Description: The issue concerns an open source, system local, video game asset editor. In affected versions, HTML tags in entity names are not sanitized, leading to an XSS vulnerability. This...

8.2CVSS6.4AI score0.00323EPSS
Exploits0References6
Zero Day Initiative
Zero Day Initiative
added 2023/02/24 12:0 a.m.47 views

Microsoft Windows Untrusted Script Execution Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing o...

7.8CVSS8.7AI score0.00737EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:55 a.m.7 views

SUSE CVE-2010-4524

Cross-site scripting XSS vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by ipt and ipt sequences...

4.3CVSS5.7AI score0.027EPSS
Exploits1References4
NVD
NVD
added 2022/11/03 4:15 p.m.31 views

CVE-2022-39371

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Script related HTML tags in assets inventory information are not properly neutralized. This issue has...

7.5CVSS0.00442EPSS
Exploits0References1
OSV
OSV
added 2022/09/13 11:15 p.m.6 views

CVE-2022-38771

The mobile application in Transtek Mojodat FAM Fixed Asset Management 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request...

9.8CVSS5.8AI score0.01017EPSS
Exploits0References2
Rows per page
Query Builder