Lucene search
K

28 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:7 a.m.11 views

CVE-2019-20443

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting XSS vulnerability in mediaType has been identified in the registry UI...

4.8CVSS5.6AI score0.008EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-47513

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00359EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-54046

Malicious code in bioql PyPI...

6.1CVSS4.8AI score0.00542EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/07/29 12:0 a.m.3 views

CVE-2025-52358

A cross-site scripting vulnerability in Vivaldi United Group iCONTROL+ Server including Firmware version 4.7.8.0.eden Logic version 5.32 and below. This issue allows attackers to inject JavaScript payloads within the error or edit-menu-item parameters which are then executed in the victim's brows...

5.9AI score0.00277EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/07/12 12:28 a.m.11 views

CVE-2025-28245

Cross-site scripting XSS vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification body...

6.1CVSS5.6AI score0.00273EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:6 a.m.11 views

CVE-2019-0874

A Cross-site Scripting XSS vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'...

6.1CVSS5.9AI score0.01983EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:7 a.m.10 views

CVE-2017-20115

A vulnerability was found in TrueConf Server 4.3.7 and classified as problematic. This issue affects some unknown processing of the file /admin/conferences/list/. The manipulation of the argument sort leads to basic cross site scripting Reflected. The attack may be initiated remotely. The exploit...

5.4CVSS6.1AI score0.00577EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/03/31 12:0 a.m.11 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : RabbitMQ Server vulnerability (USN-7399-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has a package installed that is affected by a vulnerability as referenced in the USN-7399-1 advisory. It was discovered that RabbitMQ Server's management UI did not sanitize certain input. An attacker could possibly use this issue t...

6.1CVSS6.1AI score0.00203EPSS
Exploits0References2
CVE
CVE
added 2025/03/07 3:36 p.m.82 views

CVE-2025-27518

CVE-2025-27518 affects Cognita (the RAG framework) backend server. The issue is an insecure CORS configuration that allows arbitrary websites to send cross-site requests to the Cognita application. Root cause: misconfigured CORS on the backend. Reported impact is that cross-origin requests could ...

6.9CVSS6.8AI score0.00457EPSS
Exploits0References3
NVD
NVD
added 2025/03/03 8:15 p.m.15 views

CVE-2024-51942

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...

4.8CVSS0.00245EPSS
Exploits0References1
CVE
CVE
added 2024/12/18 12:0 a.m.53 views

CVE-2024-55492

CVE-2024-55492 affects Winmail Server 4.4. The issue is a cross-site scripting (XSS) vulnerability via the f_user parameter containing a payload like %22%3E%3Csvg%20onload. Documented CVSS v3.1 base score 6.1 (Medium) with network attack vector, required user interaction, and changed scope; confi...

6.1CVSS6.2AI score0.00273EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/12/16 12:0 a.m.53 views

CVE-2024-55554

Intrexx Portal Server before 12.0.2 allows XSS via a user-defined portlet. Affected component: portal server web UI; root cause: input in portlet not properly sanitized. Impact: cross-site scripting with network access, requiring user interaction; CVSSv3.1 base score 5.4 (MEDIUM). Remediation: up...

5.4CVSS5.9AI score0.00218EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/07/19 12:0 a.m.13 views

WordPress WP Cloud Server Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Cloud Server Type Plugin Vulnerable versions = 1.3.0 Fixed in 2.0.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 8cdd8c408320 Credits Rafie Muhammad Patchstack Required...

6.2AI score0.00284EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2021/07/11 1:16 a.m.6 views

CVE-2021-29103 There is a reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below.

A reflected Cross Site Scripting XXS vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser...

6.1CVSS6.8AI score0.00744EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/07/11 1:11 a.m.7 views

CVE-2021-29105 There is a stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server Services Directory version 10.8.1 and below.

A stored Cross Site Scripting XSS vulnerability in Esri ArcGIS Server Services Directory version 10.8.1 and below may allow a remote authenticated attacker to pass and store malicious strings in the ArcGIS Services Directory...

5.4CVSS5.4AI score0.00602EPSS
Exploits0References1
NVD
NVD
added 2020/02/17 7:15 p.m.21 views

CVE-2015-5215

The default configuration of the Jinja templating engine used in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.1 does not enable auto-escaping, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via template variables. NOTE: This may be a duplica...

6.1CVSS5.9AI score0.01069EPSS
Exploits0References4
Cvelist
Cvelist
added 2018/02/14 12:0 p.m.26 views

CVE-2018-2383

Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53...

6.1AI score0.00654EPSS
Exploits0References2
CNVD
CNVD
added 2017/12/22 12:0 a.m.6 views

Trend Micro Smart Protection Server Cross-Site Scripting Vulnerability

Trend Micro Smart Protection Server is the next generation of cloud-based advanced protection solutions. Trend Micro Smart Protection Server suffers from a cross-site scripting vulnerability that could allow an attacker to steal cookie authentication credentials, execute arbitrary scripts, and mo...

6.1CVSS6.7AI score0.03036EPSS
Exploits5References1
Gentoo Linux
Gentoo Linux
added 2005/07/04 12:0 a.m.42 views

WordPress: Multiple vulnerabilities

Background WordPress is a PHP and MySQL based content management and publishing system. Description James Bercegay of the GulfTech Security Research Team discovered that WordPress insufficiently checks data passed to the XML-RPC server. He also discovered that WordPress has several cross-site...

7.5CVSS7AI score0.79071EPSS
Exploits5
exploitpack
exploitpack
added 2004/07/17 12:0 a.m.17 views

Merak Mail Server 7.4.5 - settings.html Multiple Cross-Site Scripting Vulnerabilities

Merak Mail Server 7.4.5 - settings.html Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/10966/info The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities. The vulnerabilities reported are: - Multiple cross-site...

Exploits0
Rows per page
Query Builder