Lucene search
K

72 matches found

NVD
NVD
added 2021/09/01 3:15 p.m.27 views

CVE-2021-36062

Adobe Connect version 11.2.2 and earlier is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious...

6.1CVSS0.0135EPSS
Exploits0References1
0day.today
0day.today
added 2021/02/19 12:0 a.m.71 views

OpenText Content Server 20.3 - multiple Stored Cross-Site Scripting Vulnerabilities

Exploit Title: OpenText Content Server 20.3 - 'multiple' Stored Cross-Site Scripting Exploit Author: Kamil Breński Vendor Homepage: https://www.opentext.com/ Software Link: https://www.opentext.com/products-and-solutions/products/enterprise-content-management/content-management Version: 20.3...

7.1AI score
Exploits0
Prion
Prion
added 2021/01/17 8:15 p.m.16 views

Design/Logic Flaw

An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability in the login page allows an attacker to craft a URL, with a constructor.constructor substring in the username field, that executes a payload when the user visits the /Account/Login page...

4.3CVSS5.8AI score0.007EPSS
Exploits1References2Affected Software1
Openbugbounty
Openbugbounty
added 2020/09/17 5:26 p.m.11 views

guamegi.or.kr Cross Site Scripting vulnerability OBB-1345096

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

0.6AI score
Exploits0
OSV
OSV
added 2020/09/14 1:15 p.m.18 views

CVE-2020-24660

An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...

9.8CVSS9.4AI score
Exploits0References4
NVD
NVD
added 2020/09/14 1:15 p.m.16 views

CVE-2020-24660

An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...

9.8CVSS0.02342EPSS
Exploits1References4
Prion
Prion
added 2020/09/14 1:15 p.m.17 views

Improper access control

An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...

7.5CVSS9.2AI score0.02342EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2020/09/14 12:51 p.m.115 views

CVE-2020-24660

CVE-2020-24660 affects LemonLDAP::NG (up to 2.0.8) when used with NGINX, and the Lemonldap::NG handler for Node.js (before 0.5.2). The issue allows an attacker to bypass URL-based access control on protected Virtual Hosts by submitting a non-normalized URI. The vulnerability can impact systems th...

9.8CVSS9.1AI score0.02342EPSS
Exploits1References4Affected Software2
Cvelist
Cvelist
added 2020/09/14 12:51 p.m.18 views

CVE-2020-24660

An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...

9.3AI score0.02342EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2020/09/14 12:51 p.m.13 views

CVE-2020-24660

An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass URL-based access control to protected Virtual Hosts by submitting a non-normalized URI. This also affects versions before 0.5.2 of the "Lemonldap::NG handler for Node.js" package...

9.8CVSS9.4AI score0.02342EPSS
Exploits1
Openbugbounty
Openbugbounty
added 2020/07/11 5:52 p.m.52 views

caaffordablehealthins.com Cross Site Scripting vulnerability OBB-1222141

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

0.7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/06/11 3:6 p.m.10 views

migu-music.com Cross Site Scripting vulnerability OBB-1192803

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

0.7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/05/06 12:48 p.m.12 views

temanteman.org Cross Site Request Forgery vulnerability

Open Bug Bounty ID: OBB-1156805 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

0.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/03/13 5:50 a.m.11 views

bdsav.de Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1117242 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

0.7AI score
Exploits0
wpexploit
wpexploit
added 2020/02/25 12:0 a.m.31 views

Pricing Table by Supsystic < 1.8.2 - Insecure Permissions on AJAX Actions

An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. Because there is no permission check on the ImportJSONTable, createFromTpl, and getJSONExportTable endpoints, unauthenticated users can retrieve pricing table information, create new tables, or...

7.5CVSS1.8AI score0.01677EPSS
Exploits2References1
ThreatPost
ThreatPost
added 2019/09/13 11:45 a.m.116 views

Cybercriminals Adding Sophistication to BEC Threats

Cybercriminals are boosting their game and employing new tactics to move up the chain of command with more sophisticated business email compromise BEC threats that pose a greater threat to organizations, according to a new report. Advanced BEC attacks–including impersonation attacks and CEO...

0.6AI score
Exploits0References10
Veracode
Veracode
added 2019/07/02 5:7 a.m.8 views

Open Redirection

apostrophe is vulnerable to open redirection. A lack of validation in the URL allows a remote attacker to redirect requests to a malicious site using trailing / appended at the end of the URL...

6.6AI score
Exploits0
Talos Blog
Talos Blog
added 2019/01/15 1:14 p.m.77 views

Emotet re-emerges after the holidays

While Emotet has been around for many years and is one of the most well-known pieces of malware in the wild, that doesn't mean attackers don't try to freshen it up. Cisco Talos recently discovered several new campaigns distributing the infamous banking trojan via email. These new campaigns have...

0.8AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/09/24 11:25 a.m.10 views

kuribayashi-dc.com XSS vulnerability

Open Bug Bounty ID: OBB-679560 Description| Value ---|--- Affected Website:| kuribayashi-dc.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Fortinet
Fortinet
added 2018/08/23 12:0 a.m.30 views

FortiWeb Recursive URL Decoding is not enabled by default

FortiWeb's "Recursive URL Decoding" feature can detect URL-based attacks among which XSS and SQL injection attempts even when the malicious URL is recursively encoded. However, this feature is not enabled by default in FortiWeb's system settings for FortiWeb version 6.0.0 and below...

3.1AI score
Exploits0Affected Software1
Rows per page
Query Builder