Lucene search
K

795 matches found

Cvelist
Cvelist
added 2024/02/16 12:8 a.m.28 views

CVE-2023-40122

In applyCustomDescription of SaveUi.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

6.1AI score0.0029EPSS
Exploits0References2
Prion
Prion
added 2024/02/09 3:15 p.m.13 views

Cross site request forgery (csrf)

Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message...

3.5CVSS7.2AI score0.00245EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/02/09 2:42 p.m.12 views

CVE-2024-23319 CSRF issue allows disconnecting a user's Jira connection through a simple post message (Jira Plugin)

Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message...

3.5CVSS6AI score0.00245EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/02/01 4:42 p.m.45 views

CVE-2024-24570 Statamic account takeover via XSS and password reset link

Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel...

8.2CVSS8.4AI score0.00734EPSS
Exploits1References3
Prion
Prion
added 2024/01/23 1:15 a.m.22 views

Information disclosure

This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to view a user's phone number in system logs...

1.9CVSS5.5AI score0.00326EPSS
Exploits0References8Affected Software5
NVD
NVD
added 2024/01/22 7:15 p.m.18 views

CVE-2024-0606

An attacker could execute unauthorized script on a legitimate site through UXSS using window.open by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS 122...

6.1CVSS5.9AI score0.00283EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/01/22 6:23 p.m.21 views

CVE-2024-0606

An attacker could execute unauthorized script on a legitimate site through UXSS using window.open by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS 122...

6.3AI score0.00283EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/01/03 6:30 p.m.23 views

Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE plugins

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5h9g-x5rv-25wg. This link is maintained to preserve external references. Original Description TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated...

6.1CVSS6.7AI score0.00956EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2024/01/03 4:15 p.m.45 views

CVE-2024-21908

TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser...

6.1CVSS6AI score0.01066EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2024/01/03 3:55 p.m.22 views

CVE-2024-21910

Removed by vendor...

6.1CVSS6.2AI score0.00956EPSS
Exploits1
Cvelist
Cvelist
added 2023/12/29 4:53 p.m.40 views

CVE-2023-51663 Hail authentication can be bypassed by changing email address

Hail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Hail relies on OpenID Connect OIDC email addresses from ID tokens to verify the validity of a user's domain, but because users have the ability to change...

5.3CVSS5.3AI score0.00367EPSS
Exploits0References1
CNVD
CNVD
added 2023/12/15 12:0 a.m.29 views

Adobe Illustrator Resource Management Error Vulnerability (CNVD-2024-12467)

Adobe Illustrator is a set of vector-based image creation software from the American company Audobee Adobe. A security vulnerability exists in Adobe Illustrator that can be exploited by an attacker to cause arbitrary code to be executed in the current user's context...

7.8CVSS7.5AI score0.00462EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/12/04 10:40 p.m.9 views

CVE-2023-45774

In fixUpIncomingShortcutInfo of ShortcutService.java, there is a possible way to view another user's image due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.1AI score0.00124EPSS
Exploits0References2
Prion
Prion
added 2023/12/01 9:15 p.m.15 views

Cross site scripting

dpaste is an open source pastebin application written in Python using the Django framework. A security vulnerability has been identified in the expires parameter of the dpaste API, allowing for a POST Reflected XSS attack. This vulnerability can be exploited by an attacker to execute arbitrary...

5.8CVSS7AI score0.00517EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/11/16 9:15 p.m.17 views

Design/Logic Flaw

In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser...

4.3CVSS7.4AI score0.00475EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2023/11/16 3:30 p.m.32 views

GHSA-HXJC-9J8V-V9PR Duplicate Advisory: CKEditor Cross-site Scripting vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wh5w-82f3-wrxh. This link is maintained to preserve external references. Original Description A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An...

6.1CVSS6.2AI score0.00878EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2023/11/16 2:8 p.m.50 views

CVE-2023-4771

A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user's information...

6.1CVSS6.1AI score0.00878EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2023/11/15 3:35 a.m.13 views

CVE-2023-5985

A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability exists that could cause compromise of a user’s browser when an attacker with admin privileges has modified system values...

4.8CVSS6.8AI score0.00399EPSS
Exploits0References1
NVD
NVD
added 2023/11/13 1:15 p.m.22 views

CVE-2023-6098

An XSS vulnerability has been discovered in ICS Business Manager affecting version 7.06.0028.7066. A remote attacker could send a specially crafted string exploiting the obddact parameter, allowing the attacker to steal an authenticated user's session, and perform actions within the application...

6.3CVSS0.0049EPSS
Exploits0References1
Prion
Prion
added 2023/11/13 1:15 p.m.21 views

Cross site scripting

An XSS vulnerability has been discovered in ICS Business Manager affecting version 7.06.0028.7066. A remote attacker could send a specially crafted string exploiting the obddact parameter, allowing the attacker to steal an authenticated user's session, and perform actions within the application...

5.8CVSS6.1AI score0.0049EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder