Lucene search
K

52 matches found

NVD
NVD
added 2023/09/27 3:18 p.m.33 views

CVE-2023-30959

In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction...

5.4CVSS4.5AI score0.00306EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/09/26 12:0 a.m.4 views

PT-2023-23087 · Apollo · Apollo

Name of the Vulnerable Software and Affected Versions: Apollo affected versions not specified Description: The issue allows comments added by users in Apollo change requests to contain a javascript URI link. When rendered, this link can result in a cross-site scripting XSS attack that requires us...

5.4CVSS5.2AI score0.00306EPSS
Exploits0References4
OSV
OSV
added 2023/04/07 7:22 p.m.30 views

GHSA-622W-995C-3C3H Goobi viewer Core has Cross-Site Scripting Vulnerability in User Comments

Impact A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core. An attacker could create a specially crafted comment, resulting in the execution of malicious script code in the user's browser when displaying the comment. Patches The vulnerability...

6.1CVSS6AI score0.00443EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/04/07 7:22 p.m.35 views

Goobi viewer Core has Cross-Site Scripting Vulnerability in User Comments

Impact A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core. An attacker could create a specially crafted comment, resulting in the execution of malicious script code in the user's browser when displaying the comment. Patches The vulnerability...

6.1CVSS5.9AI score0.00443EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/06 7:3 p.m.8 views

CVE-2023-29015 Goobi viewer Core has Cross-Site Scripting Vulnerability in User Comments

The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted comment, resulting ...

6.1CVSS6AI score0.00443EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/04/06 7:3 p.m.58 views

CVE-2023-29015 Goobi viewer Core has Cross-Site Scripting Vulnerability in User Comments

The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted comment, resulting ...

6.1CVSS6.2AI score0.00443EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/06 12:0 a.m.7 views

Intranda Goobi Viewer Core 跨站脚本漏洞

Intranda Goobi Viewer Core is a Web-based digital library system from Intranda, Germany. A cross-site scripting vulnerability exists in Intranda Goobi Viewer Core prior to version 23.03, which stems from a cross-site scripting XSS vulnerability in the user comments feature. The vulnerability can ...

6.1CVSS6AI score0.00443EPSS
Exploits0References3
Veracode
Veracode
added 2022/05/17 10:9 a.m.19 views

Arbitrary Code Injection

publifycore is vulnerable to arbitrary code injection. The vulnerability exists in htmlpostprocess in feedback.rb because the application doesn't filter the user comments which allows an attacker to inject html codes in the database...

6.5CVSS6.9AI score0.00855EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2022/02/28 12:0 a.m.4 views

GitLab Enterprise Edition和GitLab Community Edition 资源管理错误漏洞

GitLab Enterprise Edition is a content management system, and GitLab Community Edition is a community edition of GitLab from GitLab, Inc. A resource management error vulnerability exists in GitLab Enterprise Edition and GitLab Community Edition, which arises from user-supplied input in user...

5.7CVSS5.9AI score0.01464EPSS
Exploits1References6
Huntr
Huntr
added 2022/02/13 4:43 p.m.6 views

Improper Access Control in liangliangyy/djangoblog

Description "formvalid" function in comments/views.py file performs the task of saving user comments. However, this function doesn't check the status of article, so users can leave comments on draft article or public article with commentstatus is off. Proof of Concept - Step 1: Login as admin in...

7AI score
Exploits0
Veracode
Veracode
added 2022/01/19 8:5 a.m.13 views

Incorrect Notifications

wagtail is sending notifications incorrectly. All users who left a comment or reply somewhere on the site are getting the notifications for a new replies in comment threads replied or commented on pages by another user because it fails to restrict notifications for new replies to the participants...

4.3CVSS3.1AI score0.0097EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2021/08/17 5:45 a.m.18 views

Basecamp: Privilege Escalation leads to trash other users comment without having admin rights.

Privilege Escalation leads to trash other users comment without having admin rights...

3.3AI score
Exploits0
Github Security Blog
Github Security Blog
added 2021/05/06 6:53 p.m.112 views

Cross-site scripting in phpoffice/phpspreadsheet

This affects the package phpoffice/phpspreadsheet. The library is vulnerable to XSS when creating an html output from an excel file by adding a comment on any cell. The root cause of this issue is within the HTML writer where user comments are concatenated as part of link and this is returned as...

7.1CVSS5.7AI score0.01301EPSS
Exploits1References7Affected Software2
OSV
OSV
added 2021/05/06 6:53 p.m.58 views

GHSA-PVGF-MRR4-CW7R Cross-Site Request Forgery in ForkCMS

Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to 1 approve the mass of the user's comments, 2 restoring a deleted user, 3 installing or running modules, 4 resetting the...

8.8CVSS8.9AI score0.00676EPSS
Exploits0References3
Hacker One
Hacker One
added 2021/01/21 10:39 p.m.20 views

Automattic: Stored XSS on the "www.intensedebate.com/extras-widgets" url at "Recent comments by" module with malicious blog url

Summary: Hello team. I have found a place where filtration/encoding for special symbols used in blog/site url is not set which leads to Stored XSS on the user page who posted a comment on malicious blog/site. Platforms Affected: Affected page www.intensedebate.com/extras-widgets block "Recent...

6.3AI score
Exploits0
OSV
OSV
added 2021/01/11 4:15 p.m.13 views

CVE-2020-23960

Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to 1 approve the mass of the user's comments, 2 restoring a deleted user, 3 installing or running modules, 4 resetting the...

8.8CVSS7.5AI score
Exploits0References2
Prion
Prion
added 2021/01/11 4:15 p.m.17 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to 1 approve the mass of the user's comments, 2 restoring a deleted user, 3 installing or running modules, 4 resetting the...

6.8CVSS8.8AI score0.00676EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2019/09/25 12:0 a.m.2 views

XSS Vulnerability in anyoucms Frontend User Messages

anyoucms is a website building system. An XSS vulnerability exists in anyoucms front-end user comments, which can be exploited by attackers to execute script code...

6.5AI score
Exploits0
CNVD
CNVD
added 2018/09/29 12:0 a.m.4 views

Buffer Overflow Vulnerability in Multiple Fuji Electric Products

Fuji Electric FRENIC Loader, etc. are inverters from Fuji Electric Japan. A stack buffer overflow vulnerability exists in multiple Fuji Electric products, which stems from the program failing to properly detect user-submitted comments. A remote attacker could exploit the vulnerability to execute...

9.8CVSS10AI score0.03577EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2018/08/28 3:0 p.m.63 views

Official Cardi B website plagued by spammers

We come bearing tidings of proper website maintenance and general housekeeping for singer Cardi B or rather, for her web development team. At first glance, it appeared as though her website had been hacked a few days ago. But a look under the hood told a different story. We were surprised to see...

7AI score
Exploits0
Rows per page
Query Builder