Lucene search
K

3949 matches found

CVE
CVE
added 2023/08/02 12:0 a.m.52 views

CVE-2022-46484

The CVE-2022-46484 entry affects Data Illusion Survey Software Solutions NGSurvey (NGSurvey) v2.4.28 and earlier. The vulnerability enables information disclosure by allowing attackers to view the access password, which in turn could be used to access and arbitrarily submit surveys. The connected...

7.5CVSS7.4AI score0.00711EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/02 12:0 a.m.23 views

CVE-2022-46485

Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a "Text Field", "Comment Field" or "Contact Details"...

6.9AI score0.01038EPSS
Exploits1References1
Patchstack
Patchstack
added 2023/07/27 12:0 a.m.20 views

WordPress Quiz And Survey Master Plugin < 8.1.11 is vulnerable to Cross Site Scripting (XSS)

Software Quiz And Survey Master Type Plugin Vulnerable versions 8.1.11 Fixed in 8.1.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3575 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9853dd82cef9 Credits Andreas Damen...

5.4CVSS5.7AI score0.00469EPSS
Exploits2References3Affected Software1
SUSE CVE
SUSE CVE
added 2023/07/25 2:18 a.m.2 views

SUSE CVE-2023-38057

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...

5.4CVSS6.4AI score0.0033EPSS
Exploits0References3
OSV
OSV
added 2023/07/24 9:15 a.m.2 views

CVE-2023-38057

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...

5.4CVSS5.3AI score0.0033EPSS
Exploits0References1
NVD
NVD
added 2023/07/24 9:15 a.m.14 views

CVE-2023-38057

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...

5.4CVSS4.8AI score0.0033EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/07/24 9:15 a.m.31 views

CVE-2023-38057

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...

5.4CVSS5.7AI score0.0033EPSS
Exploits0References1
OSV
OSV
added 2023/07/24 9:15 a.m.2 views

UBUNTU-CVE-2023-38057

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...

5.4CVSS5.3AI score0.0033EPSS
Exploits0References2
Prion
Prion
added 2023/07/24 9:15 a.m.25 views

Cross site scripting

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...

4.9CVSS5.3AI score0.0033EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/07/24 8:27 a.m.19 views

CVE-2023-38057 XSS stored in survey answers

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...

4.1CVSS5.5AI score0.0033EPSS
Exploits0References1
CVE
CVE
added 2023/07/24 8:27 a.m.73 views

CVE-2023-38057

CVE-2023-38057 affects OTRS Survey modules: 7.0.x prior to 7.0.32, 8.0.x prior to 8.0.13, and the ((OTRS)) Community Edition Survey module from 6.0.x through 6.0.22. The vulnerability is caused by improper input validation in the survey module, allowing an attacker who has a link to a valid, unan...

5.4CVSS4.6AI score0.0033EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/24 8:27 a.m.16 views

CVE-2023-38057 XSS stored in survey answers

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...

4.1CVSS6.1AI score0.0033EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.5 views

WordPress Wadi Survey Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Wadi Survey Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 66a29d3b3fbb Credits Rafie Muhammad Patchstack Required...

6.3AI score0.00284EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/17 12:0 a.m.14 views

WordPress Quiz And Survey Master Plugin <= 8.1.10 is vulnerable to Broken Access Control

Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.1.10 Fixed in 8.1.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-37984 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 046309de9fe7 Credits qilin99 Required...

6.3AI score0.00377EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/07/07 8:15 p.m.3 views

CVE-2023-20133

A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability exists because of insufficient validation of user-supplied input in Webex Events class...

5.4CVSS6AI score0.00517EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/07/07 7:47 p.m.24 views

CVE-2023-20133

A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability exists because of insufficient validation of user-supplied input in Webex Events class...

5.4CVSS5.5AI score0.00517EPSS
Exploits0References1
Huntr
Huntr
added 2023/06/29 8:52 a.m.9 views

Unauthorized access to Survey menu entries

Description The application is not properly verifying the authorization of users accessing survey menu entries. Proof of Concept 1. Login as a user with limited privilege. In my case the user permission is set as follows and has no access to surveys. 2. Visit...

6.7AI score
Exploits0References1
Huntr
Huntr
added 2023/06/28 10:17 p.m.8 views

The user can put their survey in the survey groups even though this survey group is not in public mode

Description The user can put their survey in the survey groups even though this survey group is not in public mode Proof of Concept Step 1: The survey group SG03 isn't in public mode \ Step 2: In the "Survey groups" tab, User2 with only survey permission only sees the survey group Default \ Step ...

6.9AI score
Exploits0
Huntr
Huntr
added 2023/06/28 12:48 p.m.6 views

Stored XSS on Survey "Notification and data function"

Description Users with edit and update survey permission can perform an XSS Proof of Concept Log in with any user with this permission Update the "Send basic admin notification email to" field with this value test" Access the survey and the payload will be triggerred...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/06/27 2:0 a.m.17 views

81% concerned about ChatGPT security and safety risks, Malwarebytes survey shows

Seven months after ChatGPT burst into our lives, it seems the lustre of the chatbot-that's-going-to-change-everything is starting to fade. A new survey by Malwarebytes exposes deep reservations about ChatGPT, with optimism in startlingly short supply. Of the respondents familiar with ChatGPT: 81%...

7.1AI score
Exploits0
Rows per page
Query Builder