Lucene search
+L

154 matches found

osv
osv
added 2023/04/27 10:34 p.m.33 views

GHSA-R7MM-JX6H-HV7M Cross-site Scripting (XSS) in Conditions tab of Pricing Rules

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply this patch manually...

4CVSS4.7AI score0.00356EPSS
Exploits1References5
cnvd
cnvd
added 2023/02/06 12:0 a.m.8 views

Flying Spin eBook Reader Windows Client has xss Vulnerability

Fly Turn eBook Reader is a powerful tool for reading and managing eBooks. An xss vulnerability exists in the Windows client of FlyTurn eBook Reader, which can be exploited by an attacker to obtain user cookie information...

6.6AI score
Exploits0
hackerone
hackerone
added 2022/12/24 12:12 a.m.27 views

Reddit: Reflected XSS via File Upload

Vulnerability description not provided...

7.1AI score
Exploits0
cnvd
cnvd
added 2022/11/23 12:0 a.m.49 views

Unspecified Vulnerability in Intelbras SG 2404 MR

The Intelbras SG 2404 MR is a switch with network management features from Intelbras, Brazil. A security vulnerability exists in Intelbras SG 2404 MR version 20180928-rel64938. An authenticated attacker can exploit the vulnerability to create an administrator account via a specially crafted user...

7.8CVSS7.4AI score0.0028EPSS
Exploits1References1
osv
osv
added 2022/11/15 10:15 p.m.7 views

UBUNTU-CVE-2022-30769

Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user...

4.6CVSS7.3AI score0.00476EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2022/10/31 12:0 a.m.5 views

PT-2022-26020 · Forma Lms · Forma Lms

Name of the Vulnerable Software and Affected Versions: Forma LMS versions 3.1.0 and earlier Description: The issue allows a remote attacker to inject javascript code on the back url parameter in the "appLms/index.php?modname=faq&op=play" function, potentially leading to the theft of user cookies...

6.1CVSS6.4AI score0.00454EPSS
Exploits0References3
veracode
veracode
added 2022/08/22 4:57 p.m.12 views

Unauthorized Password Change

Octoprint does not prevent unauthenticated password changes. The vulnerability is due to the API not requiring the previous user password during the reset. An attacker with access to the user cookie can reset the password without knowledge of the current password...

7.8CVSS7.5AI score0.00334EPSS
Exploits1References4Affected Software1
huntr
huntr
added 2022/08/19 9:53 p.m.9 views

XSS on URL recorder

Description Hi Team , I found XSS vulnerability in url recorder https://conifer.rhizome.org/"USERNAME"/default-collection/ Proof of Concept Image : https://ibb.co/dBr0QQr...

0.4AI score
Exploits0
cnvd
cnvd
added 2022/06/22 12:0 a.m.16 views

XSS Vulnerability in Wanfang Database App and Wanfang Database PC

Wanfang Database is a large-scale network database developed by Wanfang Data Corporation, covering journals, conference proceedings, theses, academic achievements, academic conference papers, and is also a professional academic database in China, which is on a par with China Knowledge Network...

6.1AI score
Exploits0
nvd
nvd
added 2022/04/24 3:15 p.m.19 views

CVE-2022-1445

Stored Cross Site Scripting vulnerability in the checkedoutto parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie...

9CVSS0.00765EPSS
Exploits1References2
prion
prion
added 2022/04/24 3:15 p.m.14 views

Cross site scripting

Stored Cross Site Scripting vulnerability in the checkedoutto parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie...

3.5CVSS5.3AI score0.00765EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2022/04/24 2:30 p.m.18 views

CVE-2022-1445 Stored Cross Site Scripting vulnerability in the checked_out_to parameter in snipe/snipe-it

Stored Cross Site Scripting vulnerability in the checkedoutto parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie...

9CVSS5.6AI score0.00765EPSS
Exploits1References2
osv
osv
added 2022/04/17 12:0 a.m.15 views

GHSA-P885-PRV3-M4XV Cross-site Scripting in snipe-it

Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie...

5.4CVSS5.2AI score0.00834EPSS
Exploits1References4
github
github
added 2022/04/17 12:0 a.m.17 views

Cross-site Scripting in snipe-it

Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie...

9.1CVSS1.2AI score0.00834EPSS
Exploits1References4Affected Software1
prion
prion
added 2022/04/16 12:15 p.m.12 views

Cross site scripting

Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie...

3.5CVSS5.3AI score0.00834EPSS
Exploits1References2Affected Software1
osv
osv
added 2022/04/16 11:30 a.m.21 views

CVE-2022-1380 Stored Cross Site Scripting vulnerability in Item name parameter in snipe/snipe-it

Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie...

9.1CVSS7.1AI score0.00834EPSS
Exploits1References4
veracode
veracode
added 2022/03/17 9:18 a.m.26 views

Cross-site Scripting (XSS)

pimcore is vulnerable to cross-site scripting. The vulnerability exists due to a lack of content security policy allowing an attacker to exposing the user cookie...

5.4CVSS2.4AI score0.01277EPSS
Exploits1References2Affected Software1
huntr
huntr
added 2022/02/07 8:22 a.m.36 views

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description Cross site scripting vulnerability in pimcore,pimcore field, it is fixed in this commit 832c34 , but still it is executing xss .Icon field in events and news Proof of Concept 1 . Login to the demo account https://10.x-dev.pimcore.fun/admin/ 2. Go to settings --data objects -- classes ...

3.5CVSS0.1AI score0.01277EPSS
Exploits1
huntr
huntr
added 2022/01/27 3:42 p.m.19 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description Livehelperchat is vulnerable to stored cross site scripting. Proof of Concept 1 . Login to the demo account 2 . Go to settings -- Live help configuration --Visual settings for the visitor -- widget theme --new -- name field 3 . Add payload in name field and click save 4 . Go to settin...

3.5CVSS0.1AI score0.00547EPSS
Exploits1
huntr
huntr
added 2022/01/21 8:59 a.m.16 views

Cross-site Scripting (XSS) - Reflected in pimcore/pimcore

Description Reflected cross site scripting vulnerability in pimpore/pimcore , it is in group field in Field collections and objectbricks in settings module. Proof of Concept 1 .Login to demo account 2 . Go to settings module --data objects --object bricks or Field collection -- edit any one and a...

3.5CVSS0.9AI score0.00718EPSS
Exploits1
Rows per page
Query Builder