Lucene search
+L

321 matches found

Vulnrichment
Vulnrichment
added 2024/01/26 9:7 a.m.5 views

CVE-2024-23864 Cross-Site Scripting (XSS) vulnerability in Cups Easy

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/countrylist.php, in the description parameter. Exploitation of this vulnerability...

8.2CVSS7.1AI score0.00437EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/01/26 9:5 a.m.2 views

CVE-2024-23859 Cross-Site Scripting (XSS) vulnerability in Cups Easy

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/taxstructurelinecreate.php, in the flatamount parameter. Exploitation of this...

8.2CVSS5.8AI score0.00437EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/01/25 2:9 p.m.4 views

CVE-2024-23855 Cross-Site Scripting (XSS) vulnerability in Cups Easy

A vulnerability has been reported in Cups Easy Purchase & Inventory, version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via /cupseasylive/taxcodemodify.php, in multiple parameters. Exploitation of this vulnerability coul...

8.2CVSS7.1AI score0.00399EPSS
Exploits0References1
Prion
Prion
added 2024/01/09 2:15 a.m.23 views

Cross site scripting

SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation...

4.9CVSS6.1AI score0.00298EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/12/22 12:0 a.m.63 views

CentOS 7 : open-vm-tools (RHSA-2023:7279)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7279 advisory. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges...

7.5CVSS6.5AI score0.00672EPSS
Exploits0References3
NVD
NVD
added 2023/12/21 1:15 a.m.31 views

CVE-2023-28025

Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed a...

6.6CVSS0.00313EPSS
Exploits0References1
Prion
Prion
added 2023/12/21 1:15 a.m.18 views

Cross site scripting

Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed a...

4.3CVSS6AI score0.00313EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/21 12:32 a.m.31 views

CVE-2023-28025 An HTML injection vulnerability can affect HCL BigFix Mobile / Modern Client Management

Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed a...

6.6CVSS6.3AI score0.00313EPSS
Exploits0References1
Veracode
Veracode
added 2023/12/19 2:43 a.m.13 views

Cross-Site Scripting (XSS)

SPS Commerce is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to improper serialization of user inputs which allows an attacker to inject and execute malicious scripts...

6.5AI score
Exploits0
Veracode
Veracode
added 2023/12/13 2:12 p.m.15 views

Cross-site Scripting (XSS)

com.jfinal, jfinal is vulnerable to Cross Site Scripting. The vulnerability exists due to improper validation or sanitization of user inputs which allows attackers to inject malicious JS payloads into the system...

5.4CVSS6.7AI score0.00416EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/12/08 5:15 a.m.12 views

Design/Logic Flaw

All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend function due to missing check if the attribute resolves to the object prototype. By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, o...

6.4CVSS6.9AI score0.00801EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2023/11/28 12:17 a.m.17 views

SQL Injection

hoteldruid is vulnerable to SQL Injection. The vulnerability is due to there is no sanitization of user inputs in idutentelog POST parameter. This allows an attacker to inject malicious SQL commands, and potentially leads to unauthorized data access...

9.8CVSS7.2AI score0.03272EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2023/11/28 12:17 a.m.10 views

SQL Injection

hoteldruid is vulnerable to SQL Injection. The vulnerability is due to there is no sanitization of user inputs in annonascita, annoscaddoc, giornonascita, giornoscaddoc, linguacli, mesenascita, and mesescaddoc parameters. This allows an attacker to inject malicious SQL commands, and potentially...

9.8CVSS7.2AI score0.00607EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2023/11/28 12:17 a.m.16 views

SQL Injection

hoteldruid is vulnerable to SQL injection. The vulnerability is due to there is no sanitization of user inputs in numcaselle POST parameter. This allows an attacker to inject malicious SQL commands, and potentially leads to unauthorized data access...

9.8CVSS7.6AI score0.0091EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2023/11/28 12:17 a.m.22 views

SQL Injection

hoteldruid is vulnerable to SQL Injection. The vulnerability is due to there is no sanitization of user inputs in nutenteagg POST parameter. This allows an attacker to inject malicious SQL commands, and potentially leads to unauthorized data access...

9.8CVSS7.2AI score0.03753EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2023/11/28 12:17 a.m.15 views

Cross-Site Scripting (XSS)

hoteldruid is vulnerable to Cross-Site Scripting. The vulnerability due to insufficient validation or sanitization of user inputs, in the destinatarioemail1 POST parameter. This allows attackers to inject and execute malicious scripts within the application...

5.4CVSS7.1AI score0.00423EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/11/15 12:0 a.m.38 views

RHEL 8 : open-vm-tools (RHSA-2023:7261)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7261 advisory. The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualizati...

7.5CVSS6.7AI score0.00672EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/11/15 12:0 a.m.23 views

RHEL 8 : open-vm-tools (RHSA-2023:7262)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7262 advisory. The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualizati...

7.5CVSS6.7AI score0.00672EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/11/15 12:0 a.m.26 views

RHEL 9 : open-vm-tools (RHSA-2023:7277)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7277 advisory. The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualizati...

7.5CVSS6.7AI score0.00672EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2023/11/14 11:4 a.m.8 views

CVE-2023-46097

A vulnerability has been identified in SIMATIC PCS neo All versions V4.1. The PUD Manager of affected products does not properly neutralize user provided inputs. This could allow an authenticated adjacent attacker to execute SQL statements in the underlying database...

6.3CVSS7.9AI score0.00432EPSS
Exploits0References1
Rows per page
Query Builder