Lucene search
K

32 matches found

OSV
OSV
added 2024/01/18 7:15 p.m.7 views

CVE-2023-49943

Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS by a low-privileged technician via a task's name in a time sheet...

5.4CVSS5.8AI score0.01759EPSS
Exploits0References2
NVD
NVD
added 2024/01/18 7:15 p.m.22 views

CVE-2023-49943

Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS by a low-privileged technician via a task's name in a time sheet...

5.4CVSS5.2AI score0.01759EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/01/18 12:0 a.m.7 views

PT-2024-13838 · Zoho · Zoho Manageengine Servicedesk Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ServiceDesk Plus MSP versions prior to 14504 Description: The issue allows stored XSS via a task's name in a time sheet, which can be exploited by a low-privileged technician. Recommendations: For versions prior to 14504,...

5.4CVSS5.1AI score0.01759EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/12/18 12:0 a.m.6 views

ctrlo lenio 跨站脚本漏洞

lenio is an open source facility management system from ctrlo. A security vulnerability exists in ctrlo lenio that stems from an unknown section of its views/index.tt file that operates on the parameters task.name/task.site.org.name allowing attackers to implement cross-site scripting...

6.1CVSS5.6AI score0.00385EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.4 views

Jenkins Plugin eXtreme Feedback Panel 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...

5.4CVSS5.7AI score0.00668EPSS
Exploits0References5
Microsoft KB
Microsoft KB
added 2021/01/05 12:0 a.m.4 views

January 5, 2021, update for Project 2016 (KB4493159)

January 5, 2021, update for Project 2016 KB4493159 This article describes update 4493159 for Microsoft Project 2016 that was released on January 5, 2021.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply...

6.3AI score
Exploits0
CNNVD
CNNVD
added 2020/12/29 12:0 a.m.7 views

nopCommerce 跨站脚本漏洞

nopCommerce is a set of open source general e-commerce platform. A cross-site scripting vulnerability exists in nopCommerce Store version 4.30, which stems from the Schedule tasks name field not being effectively filtered for XSS statements. This vulnerability allows an attacker to inject an XSS...

4.8CVSS5.7AI score0.01082EPSS
Exploits3References2
Prion
Prion
added 2019/09/28 12:15 a.m.12 views

Design/Logic Flaw

DISPUTED Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them alread...

4.3CVSS5.9AI score0.00818EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2017/12/19 7:29 p.m.14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs...

3.5CVSS5.6AI score0.01056EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2017/12/19 7:29 p.m.19 views

CVE-2013-6465

Multiple cross-site scripting XSS vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs...

5.4CVSS5.1AI score0.01056EPSS
Exploits0References3
NVD
NVD
added 2017/03/17 2:59 p.m.16 views

CVE-2015-3883

Multiple cross-site scripting XSS vulnerabilities in qdPM 8.3 allow remote attackers to inject arbitrary web script or HTML via the 1 searchkeywords parameter to index.php/users page; the 2 "Name of application" on index.php/configuration; 3 a new project name on index.php/projects; 4 the task na...

6.1CVSS6.1AI score0.00797EPSS
Exploits1References2
CNVD
CNVD
added 2015/04/14 12:0 a.m.5 views

Comala Workflows newtask.action taskName has multiple reflected cross-site scripting vulnerabilities

Comala Workflows is a WEB-based application. Comala Workflows newtask.action script handles A cross-site scripting vulnerability exists in taskName, which can be exploited by a remote attacker to construct a malicious URI and trick the user into parsing it, which can be used to obtain a sensitive...

6.3AI score
Exploits0References1
Rows per page
Query Builder