Lucene search
K

260 matches found

OSV
OSV
added 2022/02/04 9:15 p.m.9 views

CVE-2021-46671

options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client...

5.3CVSS5.1AI score
Exploits0References3
CNVD
CNVD
added 2022/01/28 12:0 a.m.19 views

SPIP SVG Cross-Site Scripting Vulnerability

SPIP is a Web-based content publishing system. A cross-site scripting vulnerability exists in SPIP, which stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit the vulnerability to execute client-side code...

5.4CVSS2.2AI score0.00772EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/28 12:0 a.m.97 views

SPIP interfaces.php cross-site scripting vulnerability

SPIP is a web-based content publishing system. A cross-site scripting vulnerability exists in SPIP, which stems from a lack of proper validation of client-side data in the interfaces.php component of the WEB application. An attacker could exploit this vulnerability to execute client-side code...

5.4CVSS2.2AI score0.00628EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/01/28 12:0 a.m.6 views

livehelperchat 跨站脚本漏洞

livehelperchat is available through Live Helper Chat, which provides free live support on the website. livehelperchat suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit the...

6.5CVSS5.4AI score0.0064EPSS
Exploits1References3
CNVD
CNVD
added 2022/01/27 12:0 a.m.13 views

ForestBlog Cross-Site Scripting Vulnerability

ForestBlog is an application. A personal blog. ForestBlog suffers from a cross-site scripting vulnerability that stems from the WEB application's lack of proper validation of client-side data. An attacker can exploit the vulnerability to execute JavaScript code on the client side...

6.1CVSS6AI score0.00588EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/26 12:0 a.m.15 views

YetiForceCrm Cross-Site Request Forgery Vulnerability (CNVD-2022-08153)

YetiForceCrm is an open source Crm system from the Polish company YetiForce. A cross-site request forgery vulnerability exists in YetiForceCrm prior to version 6.3.0, which stems from a lack of proper validation of client-side data by the WEB application. An attacker could exploit this...

8CVSS7.7AI score0.00531EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/01/26 12:0 a.m.5 views

livehelperchat 跨站脚本漏洞

livehelperchat is available through live helper chat and can be used to provide live support on the website for free. Livehelperchat has a cross-site scripting vulnerability in version 3.93 that stems from the lack of proper validation of client-side data in the WEB application. An attacker can...

6.5CVSS5.4AI score0.00687EPSS
Exploits1References3
CNVD
CNVD
added 2022/01/26 12:0 a.m.20 views

Construction Industry Solutions Conis Construction Cloud跨站脚本漏洞

Construction Industry Solutions Conis Construction Cloud is an end-to-end cloud and mobile software solution from Construction Industry Solutions, Inc. A cross-site scripting vulnerability exists in Construction Industry Solutions Conis Construction Cloud, which stems from the lack of proper...

6.1CVSS1.8AI score0.01085EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/25 12:0 a.m.14 views

showdoc cross-site scripting vulnerability

showdoc is an open source tool ideal for IT teams to share documents online. showdoc suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit the vulnerability to execute client-side code...

6.5CVSS4.1AI score0.00642EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/25 12:0 a.m.20 views

AppCMS Cross-Site Scripting Vulnerability (CNVD-2022-08032)

AppCMS is a content management system CMS for mobile application downloads. a cross-site scripting vulnerability exists in AppCMS, which stems from the lack of proper validation of client-side data in the WEB application. An attacker could exploit this vulnerability to execute client-side code...

6.1CVSS3.4AI score0.02542EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/01/24 12:0 a.m.5 views

MediaWiki 跨站脚本漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki ShortDescription A cross-site scripting vulnerability exists that stems from a lack of...

6.1CVSS6.1AI score0.01EPSS
Exploits1References5
CNVD
CNVD
added 2022/01/24 12:0 a.m.26 views

pimcore Cross-Site Scripting Vulnerability (CNVD-2022-07497)

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce frameworks and product information management applications. pimcore has a cross-site scripting...

6.6CVSS2.3AI score0.01456EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/01/24 12:0 a.m.6 views

YetiForceCrm 跨站请求伪造漏洞

YetiForceCrm is an open source Crm system from the Polish company YetiForce. A cross-site request forgery vulnerability exists in YetiForceCrm prior to version 6.3.0, which stems from a lack of proper validation of client-side data by the WEB application. An attacker could exploit this...

8CVSS5.9AI score0.00531EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/01/24 12:0 a.m.8 views

Construction Industry Solutions Conis Construction Cloud 跨站脚本漏洞

Construction Industry Solutions Conis Construction Cloud is an end-to-end cloud and mobile software solution from Construction Industry Solutions, Inc. A cross-site scripting vulnerability exists in Construction Industry Solutions Conis Construction Cloud, which stems from the lack of proper...

6.1CVSS5.3AI score0.01085EPSS
Exploits1References4
CNVD
CNVD
added 2022/01/21 12:0 a.m.21 views

pimcore Cross-Site Scripting Vulnerability (CNVD-2022-07500)

Pimcore is an open source Web content management platform for creating and managing Web applications from the Austrian company Pimcore. The platform integrates Web content management, e-commerce frameworks and product information management applications.Pimcore has cross-site scripting...

6.6CVSS3.3AI score0.0154EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/18 12:0 a.m.16 views

WordPress WP Booking System plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress WP Booking System plugin has a cross-site scripting vulnerability in versions prior to 2.0.15...

5.4CVSS1.7AI score0.00675EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/01/13 12:0 a.m.5 views

GitLab 跨站脚本漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. GitLab suffers from a cross-site scripting vulnerability that stems from the la...

8.7CVSS6.7AI score0.01042EPSS
Exploits0References6
CNVD
CNVD
added 2022/01/12 12:0 a.m.17 views

keystone cross-site scripting vulnerability

Keystone is one of the most powerful Node.js headless Cms. used to help you build and scale faster than any other Cms or application framework. keystone suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data in web applications. An...

7.1CVSS3.5AI score0.02601EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/10 12:0 a.m.24 views

github-readme-stats cross-site scripting vulnerability

github-readme-stats is an open source project. github-readme-stats suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by WEB applications, which can be exploited by attackers to execute client-side code...

6.1CVSS3.9AI score0.00628EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/07 12:0 a.m.21 views

Sourcecodester Vehicle Service Management System Cross-Site Scripting Vulnerability (CNVD-2022-02806)

Sourcecodester Vehicle Service Management System is an open source PHP project. Sourcecodester Vehicle Service Management System has a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data in the WEB application, which can be exploited by attackers t...

4.8CVSS3.5AI score0.01142EPSS
Exploits1References1
Rows per page
Query Builder