Lucene search
+L

119 matches found

CNNVD
CNNVD
added 2022/08/23 12:0 a.m.11 views

YetiForceCrm 跨站脚本漏洞

YetiForceCrm is an open source Crm system from the Polish company YetiForce. A cross-site scripting vulnerability exists in versions of YetiForceCrm prior to 6.4.0, which stems from a link field that allows users to create RSS feeds without properly sanitizing the input data from an external...

8.8CVSS4.8AI score0.00688EPSS
Exploits1References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:25 p.m.2 views

Malicious code in syndication-templates (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d1bc55bcb56f68bef6949a6b60ac49ec1b4039e609d7489b9fdae072db22c3f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:25 p.m.7 views

MAL-2022-6391 Malicious code in syndication-templates (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d1bc55bcb56f68bef6949a6b60ac49ec1b4039e609d7489b9fdae072db22c3f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/05/02 5:15 a.m.4 views

CVE-2022-29969

The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rss element if the feed is in $wgRSSUrlWhitelist and $wgRSSAllowLinkTag is true...

6.1CVSS6.3AI score0.00681EPSS
Exploits1References3
CNVD
CNVD
added 2019/10/23 12:0 a.m.5 views

WordPress syndication-links plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. syndication-links is used in one of the page links to add plug-ins. WordPress syndication-links plugin version 1.0.3 before the...

6.1CVSS6.3AI score0.01011EPSS
Exploits2References1
NVD
NVD
added 2019/10/22 8:15 p.m.21 views

CVE-2015-9495

The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier...

6.1CVSS6.1AI score0.01011EPSS
Exploits2References2
Prion
Prion
added 2019/10/22 8:15 p.m.13 views

Design/Logic Flaw

The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier...

4.3CVSS6.1AI score0.01011EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2019/10/22 7:24 p.m.23 views

CVE-2015-9495

The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier...

6.1AI score0.01011EPSS
Exploits2References2
CVE
CVE
added 2019/10/22 7:24 p.m.120 views

CVE-2015-9495

The CVE-2015-9495 vulnerability affects the WordPress plugin syndication-links up to version 1.0.2 (before 1.0.3). The root cause is an XSS flaw via the genericons/example.html anchor identifier, enabling injection of client-side script in the browser. Impact is described as partial integrity imp...

6.1CVSS6AI score0.01011EPSS
Exploits2References2Affected Software1
Positive Technologies
Positive Technologies
added 2019/06/21 12:0 a.m.4 views

PT-2019-12278 · Microsoft · Blogengine.Net

Name of the Vulnerable Software and Affected Versions: BlogEngine.NET versions 3.3.7 and earlier Description: The issue allows for an out-of-band XML External Entity XXE attack via an apml file to the "syndication.axd" API endpoint. This can potentially lead to unauthorized access to sensitive...

7.5CVSS7.1AI score0.01582EPSS
Exploits1References5
0day.today
0day.today
added 2018/09/16 12:0 a.m.60 views

MyBB 1.8.17 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: MyBB 1.8.17 - Cross-Site Scripting Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://mybb.com/download/ Version: 1.8.17 Tested on: Ubuntu 18.04 CVE: CVE-2018-15596 1. Description: On the forum RSS...

0.1AI score0.02261EPSS
Exploits5
Packet Storm
Packet Storm
added 2018/09/12 12:0 a.m.26 views

MyBB 1.8.17 Cross Site Scripting

Exploit Title: MyBB 1.8.17 - Cross-Site Scripting Date: 2018-08-11 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://mybb.com/download/ Version: 1.8.17 Tested on: Ubuntu 18.04 CVE: CVE-2018-15596 1. Description: On the forum RSS Syndication page you can generate a URL for...

6.3AI score0.02261EPSS
Exploits5
exploitpack
exploitpack
added 2018/09/12 12:0 a.m.61 views

MyBB 1.8.17 - Cross-Site Scripting

MyBB 1.8.17 - Cross-Site Scripting Exploit Title: MyBB 1.8.17 - Cross-Site Scripting Date: 2018-08-11 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://mybb.com/download/ Version: 1.8.17 Tested on: Ubuntu 18.04 CVE: CVE-2018-15596 1. Description: On the forum RSS...

4.3CVSS6.1AI score0.02261EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/09/12 12:0 a.m.37 views

MyBB 1.8.17 - Cross-Site Scripting

Exploit Title: MyBB 1.8.17 - Cross-Site Scripting Date: 2018-08-11 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://mybb.com/download/ Version: 1.8.17 Tested on: Ubuntu 18.04 CVE: CVE-2018-15596 1. Description: On the forum RSS Syndication page you can generate a URL for...

6.1CVSS6.3AI score0.02261EPSS
Exploits5
NVD
NVD
added 2018/08/28 7:29 p.m.24 views

CVE-2018-15596

An issue was discovered in inc/classfeedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles within title elements of the generated XML documents aren't sanitized, leading to...

6.1CVSS6.2AI score0.02261EPSS
Exploits5References2
OSV
OSV
added 2018/08/28 7:29 p.m.6 views

CVE-2018-15596

An issue was discovered in inc/classfeedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles within title elements of the generated XML documents aren't sanitized, leading to...

6.1CVSS5.8AI score0.02261EPSS
Exploits5References2
Prion
Prion
added 2018/08/28 7:29 p.m.13 views

Cross site scripting

An issue was discovered in inc/classfeedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles within title elements of the generated XML documents aren't sanitized, leading to...

4.3CVSS6.1AI score0.02261EPSS
Exploits5References2Affected Software1
CVE
CVE
added 2018/08/28 7:0 p.m.63 views

CVE-2018-15596

CVE-2018-15596 affects MyBB 1.8.17 via the RSS Syndication page where inc/class_feedgeneration.php generates XML with thread titles that are not sanitized, enabling Cross-Site Scripting (XSS). The vulnerability arises from unsanitized title elements in the Atom/RSS feed generated at /syndication....

6.1CVSS6.1AI score0.02261EPSS
Exploits5References2Affected Software1
Cvelist
Cvelist
added 2018/08/28 7:0 p.m.31 views

CVE-2018-15596

An issue was discovered in inc/classfeedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles within title elements of the generated XML documents aren't sanitized, leading to...

6.1AI score0.02261EPSS
Exploits5References2
RedHat Linux
RedHat Linux
added 2018/01/08 4:49 a.m.6 views

Mozilla: Local path string can be leaked from RSS feed

Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird 52.5.2...

4.3CVSS7.3AI score0.01648EPSS
Exploits0References5
Rows per page
Query Builder