Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2024/04/17 7:15 p.m.9 views

CVE-2024-3323

Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie via sending malicious link, entici...

8.3CVSS8.3AI score0.00078EPSS
Exploits0References1
CVE
CVEadded 2024/03/18 2:2 p.m.61 views

CVE-2024-2597

AMSS++ 4.31 is affected by an XSS vulnerability in the /amssplus/modules/book/main/bookdetail_school_person.php endpoint, via the b_id parameter. The issue arises from insufficient encoding of user-controlled input, allowing a remote attacker to craft a URL that could be delivered to an authentic...

7.1CVSS6.3AI score0.00035EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2024/01/26 9:18 a.m.20 views

CVE-2024-23887 Cross-Site Scripting (XSS) vulnerability in Cups Easy

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/grncreate.php, in the grndate parameter. Exploitation of this vulnerability could...

8.2CVSS7.2AI score0.0007EPSS
Exploits0References1
NVD
NVDadded 2024/01/26 9:15 a.m.9 views

CVE-2024-23856

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/itemlist.php, in the description parameter. Exploitation of this vulnerability cou...

8.2CVSS7.2AI score0.00051EPSS
Exploits0References1
CVE
CVEadded 2024/01/26 9:14 a.m.46 views

CVE-2024-23878

CVE-2024-23878 affects Cups Easy (Purchase & Inventory) version 1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw caused by insufficient encoding of user-controlled input in the grnno parameter of /cupseasylive/grnprint.php. An attacker could entice an authenticated user to click a craf...

8.2CVSS5.8AI score0.00051EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2024/01/26 9:5 a.m.44 views

CVE-2024-23859

CVE-2024-23859 affects Cups Easy (Purchase & Inventory) v1.0. The XSS flaw arises from insufficient encoding in the flatamount parameter of /cupseasylive/taxstructurelinecreate.php. A remote attacker could lure an authenticated user to a crafted URL and potentially steal session cookies (impactin...

8.2CVSS5.8AI score0.00051EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2024/01/25 2:9 p.m.50 views

CVE-2024-23855

CVE-2024-23855 affects Cups Easy (Purchase & Inventory) version 1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw caused by insufficient encoding of user-controlled inputs in multiple parameters, reachable via /cupseasylive/taxcodemodify.php. Exploitation could allow an attacker to lure...

8.2CVSS5.8AI score0.00051EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2021/02/18 8:15 p.m.10 views

CVE-2020-35592

Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against other users and steal the session cookie...

5.4CVSS0.00172EPSS
Exploits1References2
Rows per page
Query Builder