Lucene search
+L

321 matches found

veracode
veracode
added 2022/09/28 4:50 a.m.19 views

Remote Code Execution

compositec1.core is vulnerable to remote code execution. Improper deserialization of untrusted user inputs in CompositeJsonSerializer.cs allows an authenticated attacker to upload and execute malicious code on the system under attack...

9CVSS8.2AI score0.01233EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2022/09/23 7:15 p.m.27 views

CVE-2022-32229

A information disclosure vulnerability exists in Rockert.Chat v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection...

4.3CVSS0.00693EPSS
Exploits1References1
prion
prion
added 2022/09/23 7:15 p.m.23 views

Information disclosure

A information disclosure vulnerability exists in Rockert.Chat v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection...

4CVSS4.7AI score0.00693EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2022/09/23 6:28 p.m.22 views

CVE-2022-32229

A information disclosure vulnerability exists in Rockert.Chat v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection...

5AI score0.00693EPSS
Exploits1References1
veracode
veracode
added 2022/09/21 7:14 a.m.19 views

Cross-site Scripting (XSS)

github.com/drakkan/sftpgo is vulnerable to cross-site scriptingXSS attacks. The library does not properly escape the user inputs into several methods in WebClient component, allowing an attacker to inject and execute malicious javascript...

6.1CVSS6.2AI score0.00521EPSS
Exploits0References3Affected Software1
github
github
added 2022/09/16 5:21 p.m.89 views

XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection

Impact The tags document Main.Tags in XWiki didn't sanitize user inputs properly, allowing users with view rights on the document default in a public wiki or for authenticated users on private wikis to execute arbitrary Groovy, Python and Velocity code with programming rights. This allows bypassi...

9.9CVSS8.8AI score0.73608EPSS
Exploits1References5Affected Software2
prion
prion
added 2022/09/08 9:15 p.m.21 views

Design/Logic Flaw

XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document Main.Tags in XWiki didn't sanitize user inputs...

6.5CVSS8.1AI score0.73608EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2022/09/08 9:10 p.m.47 views

CVE-2022-36100 XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection

XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document Main.Tags in XWiki didn't sanitize user inputs...

9.9CVSS8.9AI score0.73608EPSS
Exploits1References3
nvd
nvd
added 2022/08/25 8:15 p.m.22 views

CVE-2021-3914

It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks...

6.1CVSS0.00442EPSS
Exploits0References2
veracode
veracode
added 2022/08/25 7:3 a.m.26 views

Cross-Site Scripting (XSS)

exceedone/exment and exceedone/laravel-admin are vulnerable to cross-site scripting. The vulnerability exists because the user inputs are not properly escaped in multiple functions which allows an attacker to inject and execute arbitrary java and SQL scripts...

5.4CVSS6.9AI score0.00756EPSS
Exploits0References8Affected Software2
prion
prion
added 2022/07/12 9:15 p.m.13 views

Design/Logic Flaw

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modif...

4.3CVSS6.3AI score0.00794EPSS
Exploits0References2Affected Software1
veracode
veracode
added 2022/06/01 7:20 a.m.13 views

Path Traversal

CureKit is vulnerable to path traversal. The vulnerability exists in isFileOutsideDir function in FileSecurityUtils.java because it doesn't properly sanitize the user inputs which allows an attacker to gain access to the files in the system...

7.5CVSS7.4AI score0.01244EPSS
Exploits0References3Affected Software1
veracode
veracode
added 2022/05/09 5:19 a.m.23 views

Cross-site Scripting (XSS)

contao/core-bundle is vulnerable to cross-site scriptingXSS attacks. The library does not properly sanitize the user inputs through the canonical tag, allowing an attacker to inject and execute malicious javascript...

7.2CVSS3.1AI score0.04396EPSS
Exploits0References4Affected Software1
nessus
nessus
added 2022/04/15 12:0 a.m.41 views

SAP BusinessObjects Business Intelligence Platform Stored XSS (3150845)

The version of SAP BusinessObjects Business Intelligence Platform installed on the remote Windows host is affected by a stored cross-site scripting XSS vulnerability. An unauthenticated attacker can exploit this to access certain reports causing an limited impact on the confidentiality of the...

6.1CVSS6.8AI score0.00802EPSS
Exploits0References2
cvelist
cvelist
added 2022/04/12 4:11 p.m.24 views

CVE-2022-26105

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modif...

6.5AI score0.00855EPSS
Exploits0References2
veracode
veracode
added 2022/04/02 8:56 a.m.27 views

Denial Of Service (DoS)

podman is vulnerable to denial of service. The vulnerability exists due to lack of sanitization of user inputs allowing an attacker to crash the system...

7.5CVSS3.9AI score0.01441EPSS
Exploits0References10Affected Software1
veracode
veracode
added 2022/02/28 10:11 a.m.20 views

Cross-site Scripting (XSS)

weblate is vulnerable to cross-site scripting. An attacker is able to inject malicious script via user name and language parameters because user inputs were not escaped...

5.4CVSS3.8AI score0.00741EPSS
Exploits0References5Affected Software1
veracode
veracode
added 2022/02/07 1:50 p.m.21 views

Cross-site Scripting (XSS)

ptrofimov/beanstalkconsole is vulnerable to cross-site scripting. The vulnerability exists in include.php due to improper sanitizing of user inputs which allows an attacker to insert and execute arbitrary Javascript...

6.1CVSS3AI score0.0087EPSS
Exploits1References5Affected Software1
veracode
veracode
added 2022/01/21 8:4 a.m.21 views

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to cross-site scripting XSS attacks. The library does not properly escape user inputs in thumbnailTreeAction and videoThumbnailTreeAction functions in SettingsController.php, allowing a malicious user to inject and execute arbitrary javascript...

5.4CVSS3.8AI score0.01456EPSS
Exploits1References3Affected Software1
veracode
veracode
added 2021/12/28 7:45 a.m.14 views

Cross-site Scripting (XSS)

netgen/tagsbundle is vulnerable to cross-site scripting XSS attacks. Tags Admin interface does not properly escape user inputs, allowing a malicious user to bypass the filters to inject and execute arbitrary javascript...

6.1CVSS4.9AI score0.00677EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder