Lucene search
K

88 matches found

Prion
Prion
added 2023/04/04 11:15 p.m.14 views

Design/Logic Flaw

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

5.8CVSS6.2AI score0.00486EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/04/04 12:0 a.m.53 views

CVE-2023-0738

CVE-2023-0738 relates to OrangeScrum 2.0.11, where an external attacker can obtain arbitrary user accounts. The root cause described across sources is that the application returns malicious user input in responses with content-type text/html, enabling account disclosure via a reflected/input-outp...

6.1CVSS6.2AI score0.00486EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/04/04 12:0 a.m.20 views

CVE-2023-0738

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

6.4AI score0.00486EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:0 a.m.30 views

SUSE CVE-2016-5303

Cross-site scripting XSS vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form 1 action or 2 xlink attribute...

6.1CVSS6AI score0.01509EPSS
Exploits0References3
OSV
OSV
added 2023/02/09 4:15 p.m.14 views

CVE-2023-0624

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

6.1CVSS6.8AI score0.00486EPSS
Exploits1References2
NVD
NVD
added 2023/02/09 4:15 p.m.13 views

CVE-2023-0624

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

6.1CVSS6.2AI score0.00486EPSS
Exploits1References2
Prion
Prion
added 2023/02/09 4:15 p.m.12 views

Design/Logic Flaw

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

5.8CVSS6.2AI score0.00486EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/02/09 12:0 a.m.41 views

CVE-2023-0624

OrangeScrum 2.0.11 is affected by a cross-site scripting vulnerability described across multiple sources. The root cause, as stated, is that the application returns malicious user input in responses with a content-type of text/html, which can allow an external attacker to obtain arbitrary user ac...

6.1CVSS6.2AI score0.00486EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/02/09 12:0 a.m.14 views

CVE-2023-0624

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

6.4AI score0.00486EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/12/13 12:0 a.m.36 views

CVE-2022-43996

The csafprovider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories JSON format to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web browser, these advisories a...

5.5AI score0.00454EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/12/13 12:0 a.m.5 views

csaf_distribution 跨站脚本漏洞

csafdistribution is csaf-poc open source set of csaf tools. csafdistribution csafprovider versions prior to 0.8.2 has a security vulnerability , the vulnerability stems from its allows an attacker to achieve cross-site scripting through a well-crafted CSAF document uploaded as text/html...

5.4CVSS5.4AI score0.00454EPSS
Exploits0References2
OSV
OSV
added 2022/08/08 6:30 a.m.7 views

USN-5182-1 roundcube vulnerabilities

It was discovered that Roundcube Webmail allowed JavaScript code to be present in the CDATA of an HTML message. A remote attacker could possibly use this issue to execute a cross-site scripting XSS attack. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM...

9.8CVSS7.3AI score0.84456EPSS
Exploits7References13
Github Security Blog
Github Security Blog
added 2022/05/14 3:45 a.m.22 views

Cross-Site Request Forgery (CSRF) vulnerability in Jenkins global-build-stats plugin

Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting...

6.1CVSS6.3AI score0.00844EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/13 1:9 a.m.30 views

GHSA-5WQF-H3R3-GXVH Uncontrolled Resource Consumption in Apache CXF

Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service memory consumption via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error...

4.3CVSS8.7AI score0.03644EPSS
Exploits0References14
Github Security Blog
Github Security Blog
added 2022/04/05 6:30 p.m.28 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in directus

Impact Unauthorized JavaScript can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script tag. This satisfies the regular content security policy header, which in turn allows the file to run an...

8.8CVSS0.1AI score0.01018EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2021/12/21 12:0 a.m.6 views

PrestaShop 跨站脚本漏洞

Prestashop is a set of open source e-commerce solutions from the United States Prestashop. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop that stems from PrestaShop before 1.5.2 that allows XSS via the...

6.1CVSS6.2AI score0.00796EPSS
Exploits0References2
Hacker One
Hacker One
added 2021/06/22 6:28 p.m.26 views

Nextcloud: ApiService#fetch serves content as text/html and inline Content-Disposition

https://github.com/nextcloud/text/blame/0bc7c3300607d57ee512dbf61497daec23961a12/lib/Service/ApiService.phpL109-L120 Impact XSS...

4.3CVSS1.1AI score0.01106EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2021/02/09 12:0 a.m.7 views

PT-2021-17175 · Discord · Probot

Name of the Vulnerable Software and Affected Versions: ProBot bot through 2021-02-08 for Discord Description: The issue allows attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature, or possibly have unspecified other impact, because the...

9.8CVSS7.9AI score0.02585EPSS
Exploits2References6
BDU FSTEC
BDU FSTEC
added 2021/01/13 12:0 a.m.6 views

The vulnerability of Firefox browsers, Firefox ESR, and the Thunderbird email client is related to the lack of protective measures for website structure, allowing attackers to carry out cross-site scripting attacks.

The vulnerabilities of Firefox browsers, Firefox ESR, and the email client Thunderbird are related to the lack of security measures for handling web page structures. Exploiting these vulnerabilities allows a remote attacker to perform cross-site scripting attacks by redirecting users to the...

6.1CVSS7AI score0.01546EPSS
Exploits1References15Affected Software9
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/17 10:37 a.m.11 views

Security Bulletin: IBM Cloud Functions web actions API endpoint change

Summary In order to improve the stability of the service and to prevent potential weaknesses in the services' web actions functionality we introduced a new IBM Cloud Functions API endpoint .functions.appdomain.cloud for web actions which use text/html response data. The previously used API endpoi...

1.5AI score
Exploits0Affected Software1
Rows per page
Query Builder