Lucene search
K

106 matches found

CNVD
CNVD
added 2021/09/10 12:0 a.m.21 views

JEESNS Reflective Cross-Site Scripting Vulnerability (CNVD-2021-74052)

JEESNS is a social management system developed on the JAVA enterprise platform. The vulnerability can be exploited to execute arbitrary Web scripts or HTML via the system error message text field...

6.1CVSS1.7AI score0.03162EPSS
Exploits1References1
OSV
OSV
added 2021/09/09 11:15 p.m.21 views

CVE-2020-19282

A reflected cross-site scripting XSS vulnerability in Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field...

6.1CVSS5.7AI score
Exploits0References2
CVE
CVE
added 2021/09/09 10:10 p.m.79 views

CVE-2020-19282

Jeesns 1.4.2 is affected by a reflected cross-site scripting (XSS) vulnerability in the system error message text field. The issue allows an attacker to inject and execute arbitrary web scripts or HTML in a victim’s browser, potentially enabling session hijacking or data exposure. Root cause is a...

6.1CVSS5.8AI score0.03162EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/09/09 12:0 a.m.7 views

JEESNS 跨站脚本漏洞

JEESNS is a social management system developed on the JAVA enterprise platform. The vulnerability can be exploited to execute arbitrary Web scripts or HTML via the system error message text field...

6.1CVSS6AI score0.03162EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2021/09/09 12:0 a.m.7 views

PT-2021-10322

Name of the Vulnerable Software and Affected Versions: Jeesns version 1.4.2 Description: A reflected cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field. This enables attackers to potentially steal...

6.1CVSS5.6AI score0.03162EPSS
Exploits1References7
NVD
NVD
added 2021/07/01 1:15 p.m.33 views

CVE-2021-27477

When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET,PC10PE, PC10PE-16/16P, PC10E, FL/ET-T-V2H, PC10B,PC10B-P, Nano CPU, PC10P, and PC10GE receive an invalid frame,...

7.8CVSS0.01125EPSS
Exploits0References1
OSV
OSV
added 2021/07/01 1:15 p.m.4 views

CVE-2021-27477

When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET,PC10PE, PC10PE-16/16P, PC10E, FL/ET-T-V2H, PC10B,PC10B-P, Nano CPU, PC10P, and PC10GE receive an invalid frame,...

7.5CVSS6AI score0.01125EPSS
Exploits0References1
Prion
Prion
added 2021/07/01 1:15 p.m.16 views

Code injection

When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET,PC10PE, PC10PE-16/16P, PC10E, FL/ET-T-V2H, PC10B,PC10B-P, Nano CPU, PC10P, and PC10GE receive an invalid frame,...

7.8CVSS7.6AI score0.01125EPSS
Exploits0References1Affected Software22
CVE
CVE
added 2021/07/01 12:1 p.m.53 views

CVE-2021-27477

CVE-2021-27477 affects JTEKT TOYOPUC PLC family (PC10G-CPU, 2PORT-EFR, Plus CPU/EX/EX2, EFR/EFR2, 2P-EFR, PC10P-DP/DP-IO, Nano series, PC10PE/16/16P, PC10E, FL/ET-T-V2H, PC10B/PC10B-P, Nano CPU, PC10P, PC10GE and Plus variants). Root cause: improper restriction of operations within the bounds of ...

7.8CVSS7.6AI score0.01125EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/07/01 12:1 p.m.38 views

CVE-2021-27477

When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET,PC10PE, PC10PE-16/16P, PC10E, FL/ET-T-V2H, PC10B,PC10B-P, Nano CPU, PC10P, and PC10GE receive an invalid frame,...

7.9AI score0.01125EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/07/01 12:0 a.m.5 views

PT-2021-17465 · Jtekt · Toyopuc Plc

Name of the Vulnerable Software and Affected Versions: JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus EFR, Plus EFR2, Plus 2P-EFR, PC10P-DP, PC10P-DP-IO, Plus BUS-EX, Nano 10GX, Nano 2ET, PC10PE, PC10PE-16/16P, PC10E, FL/ET-T-V2H, PC10B, PC10B-P, Na...

7.8CVSS7.5AI score0.01125EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/03/23 12:0 a.m.5 views

Grid Solutions GE MU320E 安全漏洞

The MU320E is a process interface unit from GE with integrated analog and digital merge interfaces. An elevation of privilege vulnerability exists in GE MU320E firmware prior to version 04A00.1. The vulnerability stems from a communication error in the file system. An attacker could exploit the...

7.8CVSS5.5AI score0.00233EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2020/10/29 3:28 p.m.12 views

Home Depot Confirms Data Breach in Order Confirmation SNAFU

Home Depot has exposed the private order confirmations of hundreds of Canadian consumers, containing names, physical addresses, email addresses, order details and partial credit-card information. After customers began reporting that they had received hundreds of emails from the home-improvement...

6.9AI score
Exploits0References11
Hacker One
Hacker One
added 2020/10/28 5:17 a.m.24 views

U.S. Dept Of Defense: System Error Reveals Sensitive SQL Call Data

Summary: If you attempt to login at https://███.mil/sso/LoginRequest.do using a very long username, the application will respond showing a stack trace information with sensitive SQL data call information. This reveals too much information about SQL calls to the database. Please see the attached P...

0.7AI score
Exploits0
OSV
OSV
added 2020/09/03 3:48 p.m.14 views

GHSA-23VW-MHV5-GRV5 Denial of Service in @hapi/hapi

Versions of @hapi/hapi prior to 18.4.1 or 19.1.1 are vulnerable to Denial of Service. The CORS request handler has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. If no unhandled exception handler is available, the application will...

7AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2020/09/03 3:45 p.m.22 views

Denial of Service in @hapi/accept

Versions of @hapi/accept prior to 3.2.4 or 5.0.1 are vulnerable to Denial of Service. The Accept-Encoding HTTP header parser has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. Because hapi rethrows system errors as opposed to...

2.6AI score
Exploits0References2Affected Software1
OSV
OSV
added 2020/09/03 3:45 p.m.15 views

GHSA-9VRW-M88G-W75Q Denial of Service in @hapi/accept

Versions of @hapi/accept prior to 3.2.4 or 5.0.1 are vulnerable to Denial of Service. The Accept-Encoding HTTP header parser has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. Because hapi rethrows system errors as opposed to...

7AI score
Exploits0References1
Veracode
Veracode
added 2020/02/18 6:5 a.m.8 views

Denial Of Service (DoS)

@hapi/ammo is vulnerable to denial of service DoS. The Range HTTP header parser causes the function to throw a system error when the header value is invalid, allowing an attacker to crash the application using a malicious header value...

2.8AI score
Exploits0
Node.js
Node.js
added 2020/02/17 2:19 p.m.17 views

Denial of Service

Overview Affected versions of @commercial/hapi are vulnerable to Denial of Service. The CORS request handler has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. If no unhandled exception handler is available, the application will...

6.8AI score
Exploits0Affected Software1
Node.js
Node.js
added 2020/02/17 2:16 p.m.18 views

Denial of Service

Overview Versions of @hapi/hapi prior to 18.4.1 or 19.1.1 are vulnerable to Denial of Service. The CORS request handler has a vulnerability which will cause the function to throw a system error if the header contains some invalid values. If no unhandled exception handler is available, the...

6.8AI score
Exploits0Affected Software1
Rows per page
Query Builder