Lucene search
K

182 matches found

Cvelist
Cvelist
added 2021/01/13 3:49 p.m.22 views

CVE-2021-23899

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents...

9.6AI score0.02068EPSS
Exploits0References3
CVE
CVE
added 2020/12/28 11:30 p.m.78 views

CVE-2020-26287

Summary (CVE-2020-26287) : HedgeDoc prior to version 1.7.1 is vulnerable to cross-site scripting through injection of arbitrary [removed] tags in notes created via mermaid diagrams. The underlying issue stems from a permissive content security policy that allowed loading scripts from certain orig...

8.7CVSS8.9AI score0.01446EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2020/12/18 8:15 a.m.1 views

DEBIAN-CVE-2020-35478

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink. This affects MediaWiki 1.33.0 and later...

6.1CVSS6.3AI score0.01353EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2020/12/01 12:0 a.m.6 views

The vulnerability of the user interface of Cisco Webex Meetings software allows attackers to perform cross-site scripting attacks.

The vulnerability of the user interface of Cisco Webex Meetings software relates to the lack of measures taken to eliminate script-related tags on web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

6.1CVSS6AI score0.01009EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/11/18 12:0 a.m.4 views

The vulnerability in the web interface of the Cisco Webex Teams collaboration software allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the Cisco Webex Teams software interface relates to the failure to remove script-related HTML tags from web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

5.5CVSS5.2AI score0.00771EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2020/09/30 8:15 p.m.32 views

CVE-2020-25626

A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious tags, leadin...

6.1CVSS6.3AI score0.01286EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/08/19 12:0 a.m.7 views

The vulnerability of the WordPress website content management system lies in the lack of measures to eliminate script-related HTML tags on web pages, allowing attackers to compromise data integrity.

The vulnerability of the WordPress website content management system is related to the failure to remove script-related HTML tags from web pages. Exploiting this vulnerability allows a malicious actor to compromise data integrity...

6.5CVSS6.4AI score0.02805EPSS
Exploits0References6Affected Software3
BDU FSTEC
BDU FSTEC
added 2020/08/19 12:0 a.m.5 views

The vulnerability of the Knowledge Management component of the SAP NetWeaver software integration platform allows attackers to execute cross-site scripting attacks.

The vulnerability of the Knowledge Management component of the SAP NetWeaver software integration platform is related to the failure to remove script-related tags from web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

10CVSS6.3AI score0.01449EPSS
Exploits0References7Affected Software4
BDU FSTEC
BDU FSTEC
added 2020/08/19 12:0 a.m.8 views

The vulnerability of the WordPress website content management system lies in the lack of measures to eliminate script-related HTML tags on web pages, allowing attackers to compromise data integrity.

The vulnerability of the WordPress website content management system is related to the failure to remove scipt-related HTML tags from web pages. Exploiting this vulnerability could allow a malicious actor to compromise data integrity...

6.5CVSS6.6AI score0.03625EPSS
Exploits0References6Affected Software3
Positive Technologies
Positive Technologies
added 2020/06/12 12:0 a.m.3 views

PT-2020-3636 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.4.2 WordPress versions 3.7.34 through 5.3.4 Description: The issue is related to the lack of neutralization of script-related HTML tags on a web page, which can be exploited by a remote attacker to compromise dat...

9.8CVSS5.3AI score0.0451EPSS
Exploits0References43
OSV
OSV
added 2020/05/19 9:15 p.m.6 views

UBUNTU-CVE-2020-7656

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "" HTML tags that contain a whitespace character, i.e: "", which results in the enclosed script logic to be executed...

6.1CVSS6.8AI score0.06273EPSS
Exploits4References3
Snyk
Snyk
added 2020/05/19 11:26 a.m.4 views

Cross-site Scripting (XSS)

Overview jquery is a package that makes things like HTML document traversal and manipulation, event handling, animation, and Ajax much simpler with an easy-to-use API that works across a multitude of browsers. Affected versions of this package are vulnerable to Cross-site Scripting XSS. load fail...

6.1CVSS8.4AI score0.06273EPSS
Exploits4References2
WPVulnDB
WPVulnDB
added 2020/03/27 12:0 a.m.4 views

CM Pop-Up banners < 1.4.11 - Authenticated Stored XSS

When saving a new campaign, a user with editpages capabilities can store scripts in the campaign’s pop-up content. The code can then be executed on every page on the website. PoC A user with the editpages capability can store any script in the pop-up's content. The content is serialized and then...

1.1AI score
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2020/03/27 12:0 a.m.17 views

CM Pop-Up banners < 1.4.11 - Authenticated Stored XSS

When saving a new campaign, a user with editpages capabilities can store scripts in the campaign’s pop-up content. The code can then be executed on every page on the website. A user with the editpages capability can store any script in the pop-up's content. The content is serialized and then save...

7.4AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2018/12/27 12:0 a.m.6 views

The vulnerability of the IBM QRadar SIEM system for event collection and analysis arises from the failure to implement measures to neutralize script-related tags. This allows attackers to disclose protected information.

The vulnerability of the IBM QRadar SIEM event collection and analysis system is related to the failure to implement measures to neutralize script-related tags. Exploiting this vulnerability can allow a malicious actor to disclose protected information...

5.5CVSS5.9AI score0.0066EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2018/11/09 5:45 p.m.27 views

Cross-Site Scripting (XSS) in restify

Affected versions of restify are susceptible to a cross-site scripting vulnerability when using URL encoded script tags in a non-existent URL. Proof of Concept: Request https://localhost:3000/no5such3file7.pl?%22%3E%3Cscript%3Ealert73541;%3C/script%3E Will be included in response: alert73541;...

6.1CVSS1.2AI score0.00966EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2018/06/26 4:29 p.m.21 views

Session fixation

aio-libs aiohttp-session contains a Session Fixation vulnerability in loadsession function for RedisStorage see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttpsession/redisstorage.pyL42 that can result in Session Hijacking. This attack appear to be exploitable via Any method that...

4.3CVSS6.4AI score0.01181EPSS
Exploits1References2
NVD
NVD
added 2018/06/04 7:29 p.m.15 views

CVE-2017-16018

Restify is a framework for building REST APIs. Restify =2.0.0 =4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers...

6.1CVSS6.2AI score0.00966EPSS
Exploits1References2
Cvelist
Cvelist
added 2018/06/04 7:0 p.m.17 views

CVE-2017-16018

Restify is a framework for building REST APIs. Restify =2.0.0 =4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers...

6.2AI score0.00966EPSS
Exploits1References2
exploitpack
exploitpack
added 2018/05/18 12:0 a.m.21 views

Monstra CMS 3.0.4 - Cross-Site Scripting (2)

Monstra CMS 3.0.4 - Cross-Site Scripting 2 Exploit Title: Monstra CMS 3.0.4 - Cross-Site Scripting Date: 2018-05-17 Exploit Author: Berk Dusunur Vendor Homepage: https://monstra.org Software Link: https://monstra.org Version: before 3.0.4 Tested on: Pardus / Win10 AppServer Proof Of Concept Monst...

6.8AI score
Exploits0
Rows per page
Query Builder