Lucene search
K

90 matches found

Positive Technologies
Positive Technologies
added 2022/11/15 12:0 a.m.5 views

PT-2022-24624 · Unknown · Common User Interface

Name of the Vulnerable Software and Affected Versions: Common User Interface Component affected versions not specified Description: The issue is related to some UI elements of the Common User Interface Component not properly sanitizing output, making them prone to output arbitrary HTML, which can...

6.1CVSS5.9AI score0.00271EPSS
Exploits0References3
CVE
CVE
added 2022/10/31 12:0 a.m.63 views

CVE-2022-3783

The CVE-2022-3783 issue affects node-red-dashboard, specifically the ui_text Format Handler’s file components/ui-component/ui-component-ctrl.js. The vulnerability enables cross-site scripting (XSS) and could be exploited remotely. Public references indicate a patch exists (patch SHA 9305d1a82f19b...

6.1CVSS4.8AI score0.00598EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/10/31 12:0 a.m.51 views

CVE-2022-3783 node-red-dashboard ui_text Format ui-component-ctrl.js cross site scripting

A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component uitext Format Handler. The manipulation leads to cross site scripting. The attack may be...

3.5CVSS6.2AI score0.00598EPSS
Exploits1References3
FreeBSD
FreeBSD
added 2022/09/21 12:0 a.m.26 views

jenkins -- XSS vulnerability

Jenkins Security Advisory: Description High SECURITY-2886 / CVE-2022-41224 Jenkins 2.367 through 2.369 both inclusive does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI. This results in a stored cross-site scripting XSS vulnerability exploitable...

5.4CVSS0.4AI score0.0089EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/08/26 12:3 a.m.20 views

SmallRye Health UI Cross-site Scripting vulnerability

It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks...

6.1CVSS6.3AI score0.00442EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2022/08/25 7:36 p.m.24 views

CVE-2021-3914

It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks...

6.1AI score0.00442EPSS
Exploits0References2
NVD
NVD
added 2022/08/01 9:15 p.m.32 views

CVE-2022-31193

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a...

7.1CVSS0.00579EPSS
Exploits0References3
NVD
NVD
added 2022/08/01 9:15 p.m.39 views

CVE-2022-31191

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI...

7.1CVSS0.00624EPSS
Exploits0References5
Prion
Prion
added 2022/08/01 9:15 p.m.19 views

Design/Logic Flaw

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an "Internal System Error" occurs in the JSPUI, then entire exception including stack trace is available. Information in this stacktrace may ...

5CVSS5.1AI score0.00582EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/08/01 8:30 p.m.38 views

CVE-2022-31192 Cross Site Scripting possible in DSpace JSPUI "Request a Copy" feature

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item...

7.1CVSS6.1AI score0.00611EPSS
Exploits0References5
OSV
OSV
added 2022/08/01 8:25 p.m.34 views

CVE-2022-31193 URL Redirection to Untrusted Site in Dspace JSPUI

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a...

7.1CVSS6.3AI score0.00579EPSS
Exploits0References5
CVE
CVE
added 2022/08/01 8:20 p.m.96 views

CVE-2022-31189

The CVE-2022-31189 issue affects the DSpace JSPUI component. When an internal system error occurs in the JSPUI, the application exposes the entire exception stack trace, which can disclose sensitive information. Affected product: DSpace JSPUI (UI for the repository app). Root cause: unsealed erro...

5.3CVSS5.1AI score0.00582EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/23 12:0 a.m.9 views

The vulnerability of the UI & Visualization component of the Oracle Hyperion BI+ service allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the UI & visualization component of the Oracle Hyperion BI+ service exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information using the HTTP protocol...

4.3CVSS5.9AI score0.01093EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/06/20 8:20 p.m.4 views

MAL-2022-6944 Malicious code in visitor-ui-component-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 95f13a6c30831b007d0a2ad374f667a871ceda94737f3f1593edcc5f2b9fcd12 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:20 p.m.4 views

Malicious code in visitor-ui-component-library (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 95f13a6c30831b007d0a2ad374f667a871ceda94737f3f1593edcc5f2b9fcd12 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:20 p.m.9 views

MAL-2022-6945 Malicious code in visitor-ui-component-library-icons (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3a49ce3e79a28efd550ad3f4e2395fef81eb43c22efdaf89af060d89fd4649e6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:13 p.m.10 views

MAL-2022-6748 Malicious code in ui-component-icon (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9610c2f8d11b979d1eb35782d93fafa64ebfa1b8a1220d3ac0243f40beab69a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:13 p.m.7 views

Malicious code in ui-component-icon (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9610c2f8d11b979d1eb35782d93fafa64ebfa1b8a1220d3ac0243f40beab69a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/12/16 12:0 a.m.8 views

The vulnerability of the Google Chrome browser’s UI component, allowing a hacker to execute arbitrary code

The vulnerability of the Google Chrome browser’s UI component is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8AI score0.01237EPSS
Exploits0References12Affected Software7
Tenable Nessus
Tenable Nessus
added 2021/09/01 12:0 a.m.32 views

Cisco Application Policy Infrastructure Controller Stored XSS (cisco-sa-capic-scss-bFT75YrM)

According to its self-reported version, Cisco Application Policy Infrastructure Controller is affected by a stored cross-site scripting XSS vulnerability in its Web UI component due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can...

5.4CVSS6.2AI score0.00599EPSS
Exploits0References3
Rows per page
Query Builder