Lucene search
K

17 matches found

Snyk
Snyk
added 2026/05/28 1:39 p.m.9 views

Malicious Package

Overview @databus-service-ui/scroll-up-content is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 6:12 p.m.10 views

Malicious code in @databus-service-ui/ui-event (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b82b3af71dce087a185cffa6f3691ad5a4e4c3d9e35154070ef4ad0dd4f15b10 scripts/postinstall.js performs two install-time attacks against any machine that runs npm install. 1 Credential exfiltration: it iterates process.en...

6.4AI score
Exploits0References2
OSV
OSV
added 2026/05/25 6:12 p.m.9 views

MAL-2026-4351 Malicious code in @databus-service-ui/ui-event (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b82b3af71dce087a185cffa6f3691ad5a4e4c3d9e35154070ef4ad0dd4f15b10 scripts/postinstall.js performs two install-time attacks against any machine that runs npm install. 1 Credential exfiltration: it iterates process.en...

6.4AI score
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-6586

Malware in sbrugna...

6.5CVSS6AI score0.00934EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2014-0970

Malware in sbrugna...

4.3CVSS6.4AI score0.01161EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/03/20 12:0 a.m.10 views

RHEL 7 : Red Hat CloudForms (RHSA-2018:0380)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0380 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual...

6.5CVSS6.5AI score0.02231EPSS
Exploits0References329
OpenVAS
OpenVAS
added 2019/06/07 12:0 a.m.31 views

Ubuntu: Security Advisory (USN-3991-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.1AI score0.09393EPSS
Exploits6References3
Veracode
Veracode
added 2019/01/15 9:20 a.m.29 views

Cross-site Scripting (XSS)

cloudforms is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as a flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. An attacker could use this flaw to execute...

6.5CVSS4.9AI score0.00934EPSS
Exploits0References327Affected Software30
Prion
Prion
added 2018/07/27 3:29 p.m.27 views

Cross site scripting

A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. Please note that CS...

3.5CVSS5.2AI score0.00934EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2018/07/27 3:0 p.m.92 views

CVE-2017-15125

CloudForms is affected by CVE-2017-15125 due to a stored XSS flaw in the self-service UI snapshot feature where the name field is not properly sanitized for HTML/JavaScript input. An attacker could exploit this to execute a stored XSS attack against an application administrator; CSP mitigates the...

6.5CVSS5.2AI score0.00934EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2014/10/07 10:55 a.m.15 views

CVE-2014-0940

Multiple cross-site scripting XSS vulnerabilities in IBM Tivoli Service Automation Manager 7.2.2.2 before 7.2.2.2-TIV-TSAM-LA0041 allow remote attackers to inject arbitrary web script or HTML via vectors involving the 1 REST API or 2 Self Service UI...

4.3CVSS5.5AI score0.01161EPSS
Exploits0References5
Prion
Prion
added 2014/10/07 10:55 a.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in IBM Tivoli Service Automation Manager 7.2.2.2 before 7.2.2.2-TIV-TSAM-LA0041 allow remote attackers to inject arbitrary web script or HTML via vectors involving the 1 REST API or 2 Self Service UI...

4.3CVSS5.8AI score0.01161EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2014/10/07 10:0 a.m.20 views

CVE-2014-0940

Multiple cross-site scripting XSS vulnerabilities in IBM Tivoli Service Automation Manager 7.2.2.2 before 7.2.2.2-TIV-TSAM-LA0041 allow remote attackers to inject arbitrary web script or HTML via vectors involving the 1 REST API or 2 Self Service UI...

5.5AI score0.01161EPSS
Exploits0References5
NVD
NVD
added 2009/09/18 9:30 p.m.16 views

CVE-2009-3262

Cross-site scripting XSS vulnerability in the Self Service UI SSUI in IBM Tivoli Identity Manager ITIM 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile...

3.5CVSS5.1AI score0.00833EPSS
Exploits1References3
Prion
Prion
added 2009/09/18 9:30 p.m.11 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Self Service UI SSUI in IBM Tivoli Identity Manager ITIM 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile...

3.5CVSS5.5AI score0.00833EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2009/09/18 9:0 p.m.17 views

CVE-2009-3262

Cross-site scripting XSS vulnerability in the Self Service UI SSUI in IBM Tivoli Identity Manager ITIM 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile...

5.1AI score0.00833EPSS
Exploits1References3
Cvelist
Cvelist
added 2009/07/05 4:0 p.m.24 views

CVE-2009-2316

Multiple cross-site scripting XSS vulnerabilities in IBM Tivoli Identity Manager ITIM 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in 1 the self-service UI interface or 2 the console interface. NOTE: it was later reported that 4.6.0 is also...

5.6AI score0.01707EPSS
Exploits0References13
Rows per page
Query Builder