Lucene search
K

137 matches found

OSV
OSV
added 2023/03/06 6:30 p.m.36 views

GHSA-HFXP-J95J-CWRP uvdesk/community-skeleton vulnerable to Stored Cross-site Scripting

Cross-site Scripting XSS - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0...

4.8CVSS4.5AI score0.00398EPSS
Exploits1References4
NVD
NVD
added 2023/03/06 4:15 p.m.34 views

CVE-2023-1197

Cross-site Scripting XSS - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0...

4.8CVSS4.5AI score0.00398EPSS
Exploits1References2
Prion
Prion
added 2023/03/06 4:15 p.m.13 views

Cross site scripting

Cross-site Scripting XSS - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0...

5.4CVSS4.9AI score0.00398EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/06 12:0 a.m.4 views

CVE-2023-1197 Cross-site Scripting (XSS) - Stored in uvdesk/community-skeleton

Cross-site Scripting XSS - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0...

4.3CVSS6.2AI score0.00398EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/03/06 12:0 a.m.35 views

CVE-2023-1197 Cross-site Scripting (XSS) - Stored in uvdesk/community-skeleton

Cross-site Scripting XSS - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0...

4.3CVSS5.2AI score0.00398EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/03/06 12:0 a.m.1 views

PT-2023-16813 · Unknown · Uvdesk Community Skeleton

Name of the Vulnerable Software and Affected Versions: uvdesk/community-skeleton versions prior to 1.1.0 Description: The issue is related to Cross-site Scripting XSS - Stored, which occurs when an application stores user input and later displays it without proper validation or escaping, allowing...

4.8CVSS4.2AI score0.00398EPSS
Exploits1References7
CVE
CVE
added 2023/03/06 12:0 a.m.80 views

CVE-2023-1197

CVE-2023-1197 is a Stored XSS vulnerability in uvdesk/community-skeleton prior to 1.1.0. Multiple sources describe the issue as a Stored XSS affecting the UVDesk Community Skeleton web app, with exploitation tied to storing and displaying unvalidated user input. The commonly cited remediation is ...

4.8CVSS4.5AI score0.00398EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/03/06 12:0 a.m.5 views

community-skeleton 跨站脚本漏洞

community-skeleton is a service-oriented, event-driven, extensible open source helpdesk system. A cross-site scripting vulnerability exists in community-skeleton versions prior to 1.1.0. An attacker can exploit this vulnerability to perform cross-site scripting attacks...

4.8CVSS4.7AI score0.00398EPSS
Exploits1References3
OSV
OSV
added 2023/03/06 12:0 a.m.21 views

CVE-2023-1197 Cross-site Scripting (XSS) - Stored in uvdesk/community-skeleton

Cross-site Scripting XSS - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0...

4.3CVSS4.7AI score0.00398EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:9 a.m.3 views

SUSE CVE-2007-6755

The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation DualECDRBG algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection...

5.8CVSS8.6AI score0.01407EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:8 a.m.4 views

SUSE CVE-2016-1567

chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."...

8.1CVSS7.1AI score0.0264EPSS
Exploits1References2
OSV
OSV
added 2023/01/17 6:12 p.m.4 views

GSD-2023-1000801 selftests/bpf: Fix memory leak caused by not destroying skeleton

selftests/bpf: Fix memory leak caused by not destroying skeleton This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...

7.2AI score
Exploits0
CNNVD
CNNVD
added 2022/07/11 12:0 a.m.3 views

flask-mongo-skel 路径遍历漏洞

flask-mongo-skel is a Flask MongoDB framework from Shamail Tayyab's personal developer. flask-mongo-skel 2012-11-01 and earlier versions contain a path traversal vulnerability that stems from a failure of Flask's sendfile function to properly filter resource or file paths for The vulnerability is...

9.3CVSS5.7AI score0.01242EPSS
Exploits1References2
OSV
OSV
added 2022/06/20 8:17 p.m.10 views

MAL-2022-4057 Malicious code in js-lib-skeleton (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 300c23e0226af335d91bfff2ee623b8ef68db10029d130c174666ddd22860de4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:17 p.m.9 views

MAL-2022-6146 Malicious code in skeleton-js-task (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3c2f3c9c7ce2f71199cea3f5c79c2259aa9f2125d429af0729153ca520c76eff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:17 p.m.6 views

Malicious code in skeleton-js-task (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3c2f3c9c7ce2f71199cea3f5c79c2259aa9f2125d429af0729153ca520c76eff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:13 p.m.11 views

MAL-2022-5493 Malicious code in protractor-skeleton (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 398bc113b61996f88264d11340911401694d080a3831d6d91d2144c51c860a2f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:13 p.m.5 views

Malicious code in protractor-skeleton (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 398bc113b61996f88264d11340911401694d080a3831d6d91d2144c51c860a2f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/04/24 10:11 p.m.8 views

GSD-2022-1002099 libbpf: Fix possible NULL pointer dereference when destroying skeleton

libbpf: Fix possible NULL pointer dereference when destroying skeleton This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.110 by commit...

7.2AI score
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.24 views

Mageia: Security Advisory (MGASA-2019-0155)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.5AI score0.37618EPSS
Exploits1References5
Rows per page
Query Builder