Lucene search
K

377 matches found

CVE
CVE
added 2024/04/10 5:8 p.m.80 views

CVE-2024-1599

This CVE entry is rejected/not used and does not represent an active vulnerability.

5.3AI score
Exploits0
Packet Storm
Packet Storm
added 2024/03/26 12:0 a.m.279 views

LimeSurvey Community 5.3.32 Cross Site Scripting

Exploit Title: Stored Cross-Site Scripting XSS in LimeSurvey Community Edition Version 5.3.32+220817 Exploit Author: Subhankar Singh Date: 2024-02-03 Vendor: LimeSurvey Software Link: https://community.limesurvey.org/releases/ Version: LimeSurvey Community Edition Version 5.3.32+220817 Tested on:...

7.2AI score0.00677EPSS
Exploits4
BDU FSTEC
BDU FSTEC
added 2024/03/25 12:0 a.m.6 views

The vulnerability of the control interface for the Citrix SD-WAN software allows a hacker to disclose protected information.

The vulnerability of the Citrix SD-WAN network management software interface is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to disclose sensitive information through a specially crafted HTTP request...

6.5CVSS6.5AI score0.00368EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2024/03/02 3:15 a.m.1 views

CVE-2024-25063

Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that the attacker should not have access to...

7.5CVSS5.8AI score0.00567EPSS
Exploits0References1
NVD
NVD
added 2024/03/02 3:15 a.m.17 views

CVE-2024-25064

Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values...

4.3CVSS4.5AI score0.00425EPSS
Exploits0References1
OSV
OSV
added 2024/03/02 3:15 a.m.4 views

CVE-2024-25064

Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values...

4.3CVSS5.8AI score0.00425EPSS
Exploits0References1
Prion
Prion
added 2024/03/02 3:15 a.m.20 views

Input validation

Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values...

4CVSS7.2AI score0.00425EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/03/02 2:54 a.m.105 views

CVE-2024-25063

CVE-2024-25063 affects HikCentral Professional (Hikvision). The issue is due to insufficient server-side validation (inadequate access control), potentially allowing an attacker to access URLs they should not reach. Public references in connected documents point to HikCentral Professional up to v...

7.5CVSS7.5AI score0.00567EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/01 12:0 a.m.6 views

PT-2024-2150 · Hikvision · Hikcentral Professional

Name of the Vulnerable Software and Affected Versions: HikCentral Professional affected versions not specified Description: The issue is related to insufficient server-side validation, which could allow an attacker to gain access to certain URLs that they should not have access to. This is a...

7.8CVSS7.1AI score0.00567EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2024/03/01 12:0 a.m.4 views

PT-2024-2300 · Hikvision · Hikcentral Professional

Name of the Vulnerable Software and Affected Versions: HikCentral Professional affected versions not specified Description: The issue is related to insufficient server-side validation, allowing an attacker with login privileges to access certain resources by changing parameter values. This could...

4.3CVSS7.2AI score0.00425EPSS
Exploits0References8
PyPA
PyPA
added 2024/01/23 11:15 p.m.6 views

PYSEC-2024-126

Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...

7.1CVSS5.9AI score0.01448EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2024/01/23 11:15 p.m.31 views

Cross site scripting

Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...

4.9CVSS5.6AI score0.01448EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2024/01/23 10:49 p.m.42 views

CVE-2023-47115 Label Studio XSS Vulnerability on Avatar Upload

Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary...

7.1CVSS6.4AI score0.01448EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/01/23 12:0 a.m.3 views

PT-2024-13407 · Django +1 · Django +1

Name of the Vulnerable Software and Affected Versions: Label Studio versions prior to 1.9.2 Description: The issue is a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the...

7.1CVSS5.6AI score0.01448EPSS
Exploits1References11
CNNVD
CNNVD
added 2023/12/15 12:0 a.m.5 views

WSO2 API Manager Security Vulnerability

WSO2 API Manager is an API lifecycle management solution from WSO2, Inc. A security vulnerability exists in WSO2 API Manager that stems from the lack of server-side input validation in the API Store...

5.3CVSS6.8AI score0.0052EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/12/15 12:0 a.m.5 views

PT-2023-32784 · Wso2 · Wso2

Name of the Vulnerable Software and Affected Versions: WSO2 products affected versions not specified Description: The issue is related to a lack of server-side input validation in the Forum feature, which could allow API rating manipulation. Recommendations: At the moment, there is no information...

5.3CVSS5AI score0.0052EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2023/12/13 1:30 p.m.36 views

Stored XSS via SVG File Upload

Impact A user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. Workaround Implement the server side file validation...

5.4CVSS6.8AI score0.00387EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/12/13 1:30 p.m.17 views

GHSA-6XMX-85X3-4CV2 Stored XSS via SVG File Upload

Impact A user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. Workaround Implement the server side file validation...

4.6AI score0.00387EPSS
Exploits0References4
Prion
Prion
added 2023/12/12 8:15 p.m.18 views

Input validation

Umbraco is an ASP.NET content management system CMS. Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a...

4.9CVSS7AI score0.00387EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/12/12 7:35 p.m.12 views

CVE-2023-49279 Umbraco CMS vulnerable to stored XSS via SVG File Upload

Umbraco is an ASP.NET content management system CMS. Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a...

3.7CVSS7.1AI score0.00387EPSS
Exploits0References2
Rows per page
Query Builder