Lucene search
+L

80 matches found

NVD
NVD
added 2021/04/06 4:15 p.m.38 views

CVE-2021-30140

LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content such as SVG with HTML content, the payload is executed upon a click. This is fixed in 3.5...

5.4CVSS0.0136EPSS
Exploits3References5
Prion
Prion
added 2021/04/06 4:15 p.m.15 views

Cross site scripting

LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content such as SVG with HTML content, the payload is executed upon a click. This is fixed in 3.5...

3.5CVSS5AI score0.0136EPSS
Exploits3References5Affected Software1
Cvelist
Cvelist
added 2021/04/06 3:46 p.m.38 views

CVE-2021-30140

LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content such as SVG with HTML content, the payload is executed upon a click. This is fixed in 3.5...

5.4CVSS5.3AI score0.0136EPSS
Exploits3References5
CNVD
CNVD
added 2020/06/23 12:0 a.m.9 views

Verint Workforce Optimization (WFO) Injection Vulnerability

Verint Workforce Optimization is a unified suite of software and services for capturing interactions and managing employee performance across an enterprise or target area. A security vulnerability exists in Verint Workforce Optimization WFO version 15.2. An attacker could exploit the vulnerabilit...

5.4CVSS6.6AI score0.00979EPSS
Exploits1References1
OSV
OSV
added 2020/06/22 6:15 p.m.5 views

CVE-2020-13480

Verint Workforce Optimization WFO 15.2 allows HTML injection via the "send email" feature...

5.4CVSS6.1AI score0.00979EPSS
Exploits1References3
NVD
NVD
added 2020/06/22 6:15 p.m.21 views

CVE-2020-13480

Verint Workforce Optimization WFO 15.2 allows HTML injection via the "send email" feature...

5.4CVSS0.00979EPSS
Exploits1References3
Prion
Prion
added 2020/06/22 6:15 p.m.15 views

Design/Logic Flaw

Verint Workforce Optimization WFO 15.2 allows HTML injection via the "send email" feature...

3.5CVSS5.7AI score0.00979EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/06/22 5:31 p.m.29 views

CVE-2020-13480

Verint Workforce Optimization WFO 15.2 allows HTML injection via the "send email" feature...

5.7AI score0.00979EPSS
Exploits1References3
CVE
CVE
added 2020/06/22 5:31 p.m.44 views

CVE-2020-13480

The connected records confirm CVE-2020-13480 affects Verint Workforce Optimization (WFO) version 15.2 and is caused by HTML injection via the Send Email feature. The vulnerability details indicate an injection in a functional path that could affect email composition/handling within WFO. No exploi...

5.4CVSS5.7AI score0.00979EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2019/10/25 5:15 p.m.5 views

CVE-2019-4394

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232...

2.3CVSS5.8AI score0.00285EPSS
Exploits0References2
Prion
Prion
added 2019/10/11 11:15 p.m.12 views

Server side request forgery (ssrf)

sendemail in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent ...

5CVSS7.3AI score0.16948EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2019/10/11 11:15 p.m.7 views

PYSEC-2019-151

sendemail in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent ...

7.5CVSS7.1AI score0.16948EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2019/10/11 12:0 a.m.5 views

PT-2019-8550 · Graphite +2 · Graphite +2

Name of the Vulnerable Software and Affected Versions: Graphite versions through 1.1.5 Graphite version 1.1.5 Description: The send email function in graphite-web/webapp/graphite/composer/views.py is vulnerable to Server-Side Request Forgery SSRF. An attacker can use the vulnerable SSRF endpoint ...

8.7CVSS5.5AI score0.16948EPSS
Exploits4References40
OSV
OSV
added 2018/07/25 11:29 p.m.8 views

CVE-2018-14430

The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fwdata id1, fwdata id2, fwdata id3, fwdata id4, or email field of the contact form, exploitable with an fwsendemail action to wp-admin/admin-ajax.php...

6.1CVSS5.8AI score0.01255EPSS
Exploits2References2
Vulnerability Lab
Vulnerability Lab
added 2016/08/01 12:0 a.m.42 views

Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities

Document Title: =============== Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1882 Release Date: ============= 2016-08-01 Vulnerability Laboratory ID VL-ID: ====================================...

7.1AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2016/07/31 12:0 a.m.24 views

Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities

Document Title: =============== Zoll ePCR v2.6.4 iOS - Multiple Persistent Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1882 Release Date: ============= 2016-07-31 Vulnerability Laboratory ID VL-ID: ====================================...

7.4AI score
Exploits0
Openbugbounty
Openbugbounty
added 2015/12/28 11:18 a.m.12 views

astana.gov.kz XSS vulnerability

Vulnerable URL: http://astana.gov.kz/kk/resetting/send-email Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 0 VIP website status:| No Chec...

6.3AI score
Exploits0
CNVD
CNVD
added 2015/11/27 12:0 a.m.3 views

D-Link DIR-866L 'HNAP' and 'Send Email' Function Buffer Overflow Vulnerability

D-Link DIR-866L is a wireless router product from AUO D-Link. A buffer overflow vulnerability exists in the D-Link DIR-866L. An attacker can exploit this vulnerability to execute arbitrary code in an affected application, which may also result in a denial of service...

8.1AI score
Exploits0References1
seebug.org
seebug.org
added 2015/11/25 12:0 a.m.17 views

D-Link DIR-615 PING和Send Email缓冲区溢出漏洞

No description provided by source...

7.1AI score
Exploits0
CNVD
CNVD
added 2015/11/22 12:0 a.m.4 views

D-Link DIR-615 'PING' and 'Send Email' Buffer Overflow Vulnerability

The D-Link DIR-615 is a wireless router product from AUO. A buffer overflow vulnerability exists in the D-Link DIR-615 'PING' and 'Send Email', which allows remote attackers to exploit the vulnerability to submit a special request to crash the service...

7.5AI score
Exploits0References1
Rows per page
Query Builder