Lucene search
K

149 matches found

Veracode
Veracode
added 2022/02/14 10:31 a.m.39 views

Arbitrary Code Execution

vm2 is vulnerable to arbitrary code execution. Remote attackers are able to inject and execute crafted malicious scripts on the host machine via direct access to host error objects generated by node internals during generation of a stacktraces...

9.8CVSS5.8AI score0.02876EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2021/12/14 3:50 p.m.9 views

CVE-2021-39318 H5P CSS Editor <= 1.0 Reflected Cross-Site Scripting

The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the /h5p-css-editor.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

6.1CVSS6.1AI score0.00757EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2021/12/14 3:50 p.m.4 views

CVE-2021-42367 Variation Swatches for WooCommerce <= 2.1.1 Authenticated Stored Cross-Site Scripting

The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the /includes/class-menu-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. Due to missing authorization...

6.4CVSS5.9AI score0.00531EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2021/09/10 1:34 p.m.3 views

CVE-2021-38336 Edit Comments XT <= 1.0 Reflected Cross-Site Scripting

The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /edit-comments-xt.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

6.1CVSS6.1AI score0.00866EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/07/19 12:5 p.m.25 views

CVE-2021-3279

sz.chat version 4 allows injection of web scripts and HTML in the message box...

6.7AI score0.00839EPSS
Exploits1References2
NVD
NVD
added 2019/06/20 4:15 p.m.19 views

CVE-2018-16248

b3log Solo 2.9.3 has XSS in the Input page under the "Publish Articles" menu with an ID of "articleTags" stored in the "tag" JSON field, which allows remote attackers to inject arbitrary Web scripts or HTML via a carefully crafted site name in an admin-authenticated HTTP request...

6.1CVSS6AI score0.00996EPSS
Exploits1References1
CVE
CVE
added 2014/03/05 11:0 a.m.49 views

CVE-2013-6320

CVE-2013-6320 is an XSS vulnerability affecting IBM Algo One as used in MetaData Management Tools (UDS 4.7.0–5.0.0), and in Algo Security Access Control Management (ACSWeb in Algo) (4.7.0–4.9.0) and AlgoWebApps (5.0.0). The underlying issue is a cross-site scripting flaw that allows remote authen...

3.5CVSS5AI score0.00765EPSS
Exploits1References2Affected Software1
seebug.org
seebug.org
added 2008/10/15 12:0 a.m.45 views

Cisco Unity多个远程安全漏洞

BUGTRAQ ID: 31642 CVECAN ID: CVE-2008-4545,CVE-2008-4544,CVE-2008-4543,CVE-2008-4542 Cisco Unity是一个语音和统一的消息平台。 Cisco Unity中存在多个安全漏洞,可能允许恶意用户泄露敏感信息、导致拒绝服务或注入恶意脚本。 1 Cisco Unity中存在跨站脚本漏洞,远程攻击者可以向数据库提供恶意数据,当下一次管理员登录并访问依赖于存储信息的页面时,就可以执行跨站脚本。 2...

7.1CVSS6.4AI score0.02354EPSS
Exploits1
NVD
NVD
added 2006/06/01 10:2 a.m.19 views

CVE-2006-2751

Cross-site scripting XSS vulnerability in Open Searchable Image Catalogue OSIC 0.7.0.1 and earlier allows remote attackers to inject arbitrary web scripts or HTML via the itemlist parameter in search.php...

4.3CVSS5.8AI score0.01299EPSS
Exploits0References6
Rows per page
Query Builder